Mar
18
2019
--

Slack hands over control of encryption keys to regulated customers

Slack announced today that it is launching Enterprise Key Management (EKM) for Slack, a new tool that enables customers to control their encryption keys in the enterprise version of the communications app. The keys are managed in the AWS KMS key management tool.

Geoff Belknap, chief security officer (CSO) at Slack, says the new tool should appeal to customers in regulated industries who might need tighter control over security. “Markets like financial services, healthcare and government are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs,” Belknap told TechCrunch.

Slack currently encrypts data in transit and at rest, but the new tool augments this by giving customers greater control over the encryption keys that Slack uses to encrypt messages and files being shared inside the app.

He said that regulated industries in particular have been requesting the ability to control their own encryption keys, including the ability to revoke them if it was required for security reasons. “EKM is a key requirement for growing enterprise companies of all sizes, and was a requested feature from many of our Enterprise Grid customers. We wanted to give these customers full control over their encryption keys, and when or if they want to revoke them,” he said.

Screenshot: Slack

Belknap says this is especially important when customers involve people outside the organization, such as contractors, partners or vendors in Slack communications. “A big benefit of EKM is that in the event of a security threat or if you ever experience suspicious activity, your security team can cut off access to the content at any time if necessary,” Belknap explained.

In addition to controlling the encryption keys, customers can gain greater visibility into activity inside of Slack via the Audit Logs API. “Detailed activity logs tell customers exactly when and where their data is being accessed, so they can be alerted of risks and anomalies immediately,” he said. If a customer finds suspicious activity, it can cut off access.

EKM for Slack is generally available today for Enterprise Grid customers for an additional fee. Slack, which announced plans to go public last month, has raised more than $1 billion on a $7 billion valuation.

Mar
15
2019
--

Suse is once again an independent company

Open-source infrastructure and application delivery vendor Suse — the company behind one of the oldest Linux distributions — today announced that it is once again an independent company. The company today finalized its $2.5 billion acquisition by growth investor EQT from Micro Focus, which itself had acquired it back in 2014.

Few companies have changed hands as often as Suse and yet remained strong players in their business. Suse was first acquired by Novell in 2004. Novell was then acquired by Attachmate in 2010, which Micro Focus acquired in 2014. The company then turned Suse into an independent division, only to then announce its sale to EQT in the middle of 2018.

It took a while for Micro Focus and EQT to finalize the acquisition, though, but now, for the first time since 2004, Suse stands on its own.

Micro Focus says that when it acquired Attachmate Group for $2.35 billion, Suse generated just 20 percent of the group’s total revenues. Since then, Suse has generated quite a bit more business as it expanded its product portfolio well beyond its core Linux offerings and into the more lucrative open-source infrastructure and application delivery business by, among other things, offering products and support around massive open-source projects like Cloud Foundry, OpenStack and Kubernetes.

Suse CEO Nils Brauckmann will remain at the helm of the company, but the company is shaking up its executive ranks a bit. Enrica Angelone, for example, has been named to the new post of CFO at Suse, and Sander Huyts is now the company’s COO. Former Suse CTO Thomas Di Giacomo is now president of Engineering, Product and Innovation. All three report directly to Brauckmann.

“Our genuinely open, open source solutions, flexible business practices, lack of enforced vendor lock-in and exceptional service are more critical to customer and partner organizations, and our independence coincides with our single-minded focus on delivering what is best for them,” said Brauckmann in today’s announcement. “Our ability to consistently meet these market demands creates a cycle of success, momentum and growth that allows SUSE to continue to deliver the innovation customers need to achieve their digital transformation goals and realize the hybrid and multi-cloud workload management they require to power their own continuous innovation, competitiveness and growth.”

Since IBM recently bought Red Hat for $34 billion, though, it remains to be seen how long Suse’s independent future will last. The market for open source is only heating up, after all.

Mar
14
2019
--

Microsoft open sources its data compression algorithm and hardware for the cloud

The amount of data that the big cloud computing providers now store is staggering, so it’s no surprise that most store all of this information as compressed data in some form or another — just like you used to zip your files back in the days of floppy disks, CD-ROMs and low-bandwidth connections. Typically, those systems are closely guarded secrets, but today, Microsoft open sourced the algorithm, hardware specification and Verilog source code for how it compresses data in its Azure cloud. The company is contributing all of this to the Open Compute Project (OCP).

Project Zipline, as Microsoft calls this project, can achieve 2x higher compression ratios compared to the standard Zlib-L4 64KB model. To do this, the algorithm — and its hardware implementation — were specifically tuned for the kind of large data sets Microsoft sees in its cloud. Because the system works at the systems level, there is virtually no overhead and Microsoft says that it is actually able to manage higher throughput rates and lower latency than other algorithms are currently able to achieve.

Microsoft stresses that it is also contributing the Verilog source code for register transfer language (RTL) — that is, the low-level code that makes this all work. “Contributing RTL at this level of detail as open source to OCP is industry leading,” Kushagra Vaid, the general manager for Azure hardware infrastructure, writes. “It sets a new precedent for driving frictionless collaboration in the OCP ecosystem for new technologies and opening the doors for hardware innovation at the silicon level.”

Microsoft is currently using this system in its own Azure cloud, but it is now also partnering with others in the Open Compute Project. Among these partners are Intel, AMD, Ampere, Arm, Marvell, SiFive, Broadcom, Fungible, Mellanox, NGD Systems, Pure Storage, Synopsys and Cadence.

“Over time, we anticipate Project Zipline compression technology will make its way into several market segments and usage models such as network data processing, smart SSDs, archival systems, cloud appliances, general purpose microprocessor, IoT, and edge devices,” writes Vaid.

Mar
14
2019
--

ProdPerfect gets $2.6 million to automate QA testing for web apps

ProdPerfect, a Boston-based startup focused on automating QA testing for web apps, has announced the close of a $2.6 million Seed round co-led by Eniac Ventures and Fika Ventures, with participation from Entrepreneurs Roundtable Accelerator.

ProdPerfect started when co-founder and CEO Dan Widing was VP of engineering at WeSpire, where he saw firsthand the pain points associated with web application QA testing. Whereas there were all kinds of product analytics tools for product engineers, the same data wasn’t there for the engineers building QA tests that are meant to replicate user behavior.

He imagined a platform that would use live data around real user behavior to formulate these QA tests. That’s how ProdPerfect was born. The platform sees user behavior, builds and delivers test scripts to the engineering team.

The service continues to build on what it knows about a product, and can then simulate new tests when new features are added based on aggregated flows of common user behavior. This data doesn’t track any information about the user, but rather anonymizes them and watches how they move through the web app. The hope is that ProdPerfect gives engineers the opportunity to keep building the product instead of spreading their resources across building a QA testing suite.

The new funding will go toward expanding the sales team and further building out the product. For now, ProdPerfect simply offers functional testing, which uses a single virtual user to test whether a product breaks or not. But president and co-founder Erik Fogg sees an opportunity to build more integrated testing, including performance, security and localization testing.

Fogg says the company is growing 40 percent month over month in booked revenue.

The company says it can deploy within two weeks of installing a data tracker, and provide more than 70 percent coverage of all user interactions with 95 percent+ test stability.

“The greatest challenge is going to be finding people who share our company’s core values and are of high enough talent, ambition and autonomy in part because our hiring road map is so steep,” said Fogg. “Growing pains catch up with businesses as a team expands quickly and we have to make sure that we’re picky and that we reinforce the values we have.”

Mar
13
2019
--

Determined AI nabs $11M Series A to democratize AI development

Deep learning involves a highly iterative process where data scientists build models and test them on GPU-powered systems until they get something they can work with. It can be expensive and time-consuming, often taking weeks to fashion the right model. New startup Determined AI wants to change that by making the process faster, cheaper and more efficient. It emerged from stealth today with $11 million in Series A funding.

The round was led by GV (formerly Google Ventures) with help from Amplify Partners, Haystack and SV Angel. The company also announced an earlier $2.6 million seed round from 2017, for a total $13.6 million raised to date.

Evan Sparks, co-founder and CEO at Determined AI, says that up until now, only the largest companies like Facebook, Google, Apple and Microsoft could set up the infrastructure and systems to produce sophisticated AI like self-driving cars and voice recognition technologies. “Our view is that a big reason why [these big companies] can do that is that they all have internal software infrastructure that enables their teams of machine learning engineers and data scientists to be effective and produce applications quickly,” Sparks told TechCrunch.

Determined’s idea is to create software to handle everything from managing cluster compute resources to automating workflows, thereby putting some of that big-company technology within reach of any organization. “What we exist to do is to build that software for everyone else,” he said. The target market is Fortune 500 and Global 2000 companies.

The company’s solution is based on research conducted over the last several years at AmpLab at the University of California, Berkeley (which is probably best known for developing Apache Spark). It used the knowledge generated in the lab to build sophisticated solutions that help make better use of a customer’s GPU resources.

“We are offering kind of a base layer that is scheduling and resource sharing for these highly expensive resources, and then on top of that we’ve layered some services around workflow automation.” Sparks said the team has generated state of the art results that are somewhere between five and 50 times faster than the results from tools that are available to most companies today.

For now, the startup is trying to help customers move away from generic kinds of solutions currently available to more customized approaches, using Determined AI tools to help speed up the AI production process. The money from today’s round should help fuel growth, add engineers and continue building the solution.

Mar
13
2019
--

Automation Hero picks up $14.5 million led by Atomico

Automation Hero, formerly SalesHero, has secured $14.5 million in new funding led by Atomico, with participation by Baidu Ventures and Cherry Ventures. As part of the deal, Atomico principal Ben Blume will join the company’s board of directors.

The automation startup launched in 2017 as SalesHero, giving sales orgs a simple way to automate back-office processes like filing an expense report or updating the CRM. It does this through an AI assistant called Robin — “Batman and Robin, it worked with the superhero theme, and it’s gender neutral,” co-founder and CEO Stefan Groschupf explained — that can be configured to go through the regular workflow and take care of repetitive tasks.

“We brought computers into the workplace because we believed they could make us more productive,” said Groschupf. “But in many companies, people spend a lot of time entering data and doing painful manual processes to make these machines happy.”

The idea was to give salespeople more time to actually do their job, which is selling to clients. If all the administrative and repetitive “paperwork” is done by a computer, human employees can become more productive and efficient at skilled tasks.

By weaving together click robots, Automation Hero users can build out their own workflows through a no-code interface, tying together a wide variety of both structured and unstructured data sources. Those workflows are then presented in the inbox each morning by Robin, the AI assistant, and are executed as soon as the user gives the go-ahead.

After launch, the team realized that other types of organizations, beyond sales departments, were building out automations. Insurance firms, in particular, were using the software to automate some of the repetitive tasks involved with filing and assessing claims.

This led to today’s rebrand to Automation Hero.

Groschupf said that by automating the process of filling out a single closing form, it saved one insurance firm’s 430 sales reps 18.46 years per year.

Automation Hero has now raised a total of $19 million.

“We’re really excited with Atomico to bring on a great VC and good people,” said Groschupf. “I’ve raised capital before and I’ve worked with some of the more questionable VCs, as it turns out. We’re super-excited we’ve found an investor that really bakes important things, like a diversity policy and a family leave policy, right into the company’s investment agreement.”

Though he didn’t confirm, it’s likely that Groschupf is referring to KPCB, which has run into its fair share of controversy over the past few years and was an investor in Groschupf’s previous startup, Datameer.

Mar
13
2019
--

Email app Spark adds delegation feature for teams

Email app Spark added collaboration features back in May 2018. And Readdle, the company behind the app, is going one step further with a new feature specifically designed to delegate an email to one of your colleagues.

While you can already collaborate with your team by sharing emails in Spark, the app is still not as powerful as a dedicated shared email client, such as Front. But delegation brings Spark one step closer to its competitor.

You can now treat emails as tasks with a deadline. If you’re a manager, you’re working with a personal assistant or you’re in charge of everyone’s workload, you can now assign a conversation to a person in particular and send a message to add some context.

On the other end, your colleague receives the conversation in their Spark account, in the “Assigned to Me” tab. They can then start working on that email together with other team members.

As a reminder, Spark lets you discuss email threads with your colleagues in a comment area, @-mention your colleague and add attachments and links. When you know what to say, you can create a draft, ask for feedback and collaborate like in Google Docs.

Delegation is a bit more powerful than simply sharing an email with a colleague. For instance, you can set a due date and mute the conversation. This way, you can hand-off some work and focus on something else.

Spark for Teams uses a software-as-a-service approach. It’s free for small teams and you have to pay $6.39 to $7.99 per user per month to unlock advanced features, such as unlimited email templates and unlimited delegations. Free teams are limited to 10 active delegations at any time.

Mar
12
2019
--

Creative agency Virtue introduces genderless voice Q to challenge biases in technology

Siri, Alexa, Google Assistant, Cortana and Bixby — almost all virtual assistants have something in common. Their default voices are women’s, though the role that plays in reinforcing gender stereotypes has been long documented, even inspiring the dystopian romance “Her.” Virtue, the creative agency owned by publisher Vice, wants to challenge the trend with a genderless voice called Q.

The project, done in collaboration with Copenhagen Pride, Equal AI, Koalition Interactive and thirtysoundsgood, wants technology companies to think outside the binary.

“Technology companies are continuing to gender their voice technology to fit scenarios in which they believe consumers will feel most comfortable adopting and using it,” says Q’s website. “A male voice is used in more authoritative roles, such as banking and insurance apps, and a female voice in more service-oriented roles, such as Alexa and Siri.”

To develop Q, Virtue worked with Anna Jørgensen, a linguist and researcher at the University of Copenhagen. They recorded the voices of five non-binary people, then used software to modulate the recordings to between 145-175 Hz, the range defined by researchers as gender neutral. The recordings were further refined after surveying 4,600 people and asking them to define the voices on a scale from 1 (male) to 5 (female).

Virtue is encouraging people to share Q with Apple, Amazon and Microsoft, noting that even when different options are given for voice assistants, they are still usually categorized as male or female. As the project’s mission statement puts it, “as society continues to break down the gender binary, recognizing those who neither identify as male nor female, the technology we create should follow.”

Mar
12
2019
--

Time is Ltd. uses data from Slack and other cloud software to help companies improve productivity

Time is Ltd., a Prague-based startup offering “productivity software analytics” to help companies gain insights from employees’ use of Slack, Office 365, G Suite and other enterprise software, has raised €3 million in funding.

Leading the round is Mike Chalfen — who previously co-founded London venture capital firm Mosaic Ventures but has since decided to operate as a solo investor — with participation from Accel. The investment will be used by Time is Ltd. to continue building the platform for large enterprises that want to better understand the patterns of behaviour hidden inside the various cloud software on which they run.

“Time is Ltd. was founded… to help large corporations and companies get a view into insights and productivity of teams,” co-founder and CEO Jan Rezab tells me. “Visualising insights around calendars, time and communication will help companies to understand real data behind their productivity.”

Powered by machine learning, the productivity software analytics platform plugs into the cloud software tools that enterprises typically use to collaborate across various departments. It then analyses various metadata pulled from these software tools, such as who is communicating with whom and time spent on Slack, or which teams are meeting, where and for how long as per various calendars. The idea is to enable managers to gain a better understanding of where productivity is lost or could be improved and to tie to business goals changes in these patterns.

Rezab cites the example of a large company undergoing “agile” transformation. “If you want to steer a massive company of 5,000 plus people, you really should understand the impact of your actions a bit more much earlier, not after the fact,” he says. “One of the hypothesis of an agile transformation is, for example, that managers really get involved a bit less and things work a bit more streamlined. You see from our data that this is or is not happening, and you can take corrective action.”

Or it could be something as simple as a large company with multiple offices that is conducting too many meetings. Time is Ltd. is able to show how the number of meetings held is increasing and which departments or teams are instigating them. “You can also show the inter-departmental video meeting efficiency, and if the people, for example, often need to travel to these meetings, how long does that takes versus digital meetings — so you can generally help and recommend the company take specific actions,” explains Rezab.

Sales is another area that could benefit from productivity analytics, with Time is Ltd. revealing that most sales teams actually spend the majority of their meeting time inside the company, not outside as you would think. “The structure of these internal meetings varies; planning for these events or just on-boarding and education,” says the Time is Ltd. CEO. “You can, so to speak, follow the time from revenue to different teams… and then see over time how it changes, and how it impacts sales productivity.”

Meanwhile, investor Mike Chalfen describes the young startup as a new breed of data-driven services that use “significant but under-utilised datasets.” “Productivity is one of the largest software markets globally, but lacks deep enterprise analytics to drive intelligent operational management for large businesses,” he says in a statement.

That’s not to say Time is Ltd. isn’t without competition, which includes Microsoft itself. “Our biggest competitor is Microsoft Workplace Analytics,” says Rezab. “However, Microsoft does not integrate other than MS products. Our advantage is that we are a productivity platform to integrate all of the cloud tools. Starting with Slack, SAP Success Factors, Zoom and countless others.”

Mar
11
2019
--

Dozens of companies leaked sensitive data thanks to misconfigured Box accounts

Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can easily be discovered.

The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found more than 90 companies with publicly accessible folders.

Not even Box’s own staff were immune from leaking data.

The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others.

Worse, some public folders were scraped and indexed by search engines, making the data found more easily.

In a blog post, Adversis said Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public.

Adversis said it found passport photos, bank account and Social Security numbers, passwords, employee lists, financial data like invoices and receipts and customer data among the data found. The company contacted Box to warn of the larger exposures of sensitive data, but noted that there was little overall improvement six months after its initial disclosure.

“There is simply too much out there and not enough time to resolve each individually,” he said.

Adversis provided TechCrunch with a list of known exposed Box accounts. We contacted several of the big companies named, as well as those known to have highly sensitive data, including:

  • Amadeus, the flight reservation system maker, which left a folder full of documents and application files associated with Singapore Airlines. Earlier this year, researchers found flaws that made it easy to change reservations booked with Amadeus.
  • Apple had several folders exposed, containing what appeared to be non-sensitive internal data, such as logs and regional price lists.
  • Television network Discovery had more than a dozen folders listed, including database dumps of millions of customers names and email addresses. The folders also contained some demographic information and developer project files, including casting contracts and notes and tax documents.
  • Edelman, the global public relations firm, had an entire project proposal for working with the New York City mass transit division, including detailed proposal plans and more than a dozen resumes of potential staff for the project — including their names, email addresses, and phone numbers.
  • Nutrition giant Herbalife left several folders exposed containing files and spreadsheets on about 100,000 customers, including their names, email addresses and phone numbers.
  • Opportunity International, a nonprofit aimed at ending global poverty, exposed in a massive spreadsheet a list of donor names, addresses and amount given.
  • Schneider Electric left dozens of customer orders accessible to anyone, including sludge works and pump stations for several towns and cities. Each folder had an installation “sequence of operation” document, which included both default passwords and in some cases “backdoor” access passwords in case of forgotten passwords.
  • PointCare, a medical insurance coverage management software company, had thousands of patient names and insurance information exposed. Some of the data included the last four digits of Social Security numbers.
  • United Tissue Network, a whole-body donation nonprofit, exposed body donor information and personal information of donors in a vast spreadsheet, including the prices of body parts.

Box, which initially had no comment when we reached out, had several folders exposed. The company exposed signed non-disclosure agreements on their clients, including several U.S. schools, as well as performance metrics of its own staff, the researchers said.

Box spokesperson Denis Roy said in a statement: “We take our customers’ security seriously and we provide controls that allow our customers to choose the right level of security based on the sensitivity of the content they are sharing. In some cases, users may want to share files or folders broadly and will set the permissions for a custom or shared link to public or ‘open’. We are taking steps to make these settings more clear, better help users understand how their files or folders can be shared, and reduce the potential for content to be shared unintentionally, including both improving admin policies and introducing additional controls for shared links.”

The cloud giant said it plans to reduce the unintended discovery of public files and folders.

Amadeus, Apple, Box, Discovery, Herbalife, Edelman and PointCare all reconfigured their enterprise accounts to prevent access to their leaking files after TechCrunch reached out.

Amadeus spokesperson Alba Redondo said the company decommissioned Box in October and blamed the exposure on an account that was “misconfigured in public mode,” which has now been corrected and external access to it is now closed. “We continue to investigate this issue and confirm there has been no unauthorized access of our system,” said the spokesperson, without explanation. “There is no evidence that confidential information or any information containing personal data was impacted by this issue,” the spokesperson added.

When we asked Amadeus how it concluded there was no improper access, another spokesperson, Ben Hunt, said: “We have the full audit trail for Box and access of these files — none of the files have been downloaded outside of either Amadeus or authorized customers.”

The spokesperson declined to explain its statement when told files were downloaded to verify their contents.

PointCare chief executive Everett Lebherz confirmed its leaking files had been “removed and Box settings adjusted.” Edelman’s global marketing chief Michael Bush said the company was “looking into this matter.”

Herbalife spokesperson Jennifer Butler said the company was “looking into it,” but we did not hear back after several follow-ups. (Butler declared her email “off the record,” which requires both parties agree to the terms in advance, but we are printing the reply as we were given no opportunity to reject the terms.)

When reached, an Apple spokesperson did not comment by the time of publication.

Discovery, Opportunity International, Schneider Electric and United Tissue Network did not return a request for comment.

Data “dumpster diving” is not a new hobby for the skilled, but it’s a necessary sub-industry to fix an emerging category of data breaches: leaking, public and exposed data that shouldn’t be. It’s a growing space that we predicted would grow as more security researchers look to find and report data leaks.

This year alone, we’ve reported data leaks at Dow Jones, Rubrik, NASA, AIESEC, Uber, the State Bank of India, two massive batches of Indian Aadhaar numbers, a huge leak of mortgage and loan data and several Chinese government surveillance systems.

Adversis has open-sourced and published its scanning tool.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com