Did you know the TNW Conference has a track fully dedicated to exploring the latest work culture trends and the future of work this year? Check out the full program here.
The most exciting breakthroughs of the twenty-first century will not occur because of technology, but because of an expanding concept of what it means to be human. — John Naisbitt
Before we dive into why more women should lead AI teams, I want to share a fascinating story I heard from Tania Biland, a 3rd-year student of Lucerne University of Applied Sciences and Arts.
The story as narrated by Tania:
Last semester, our class got split into three different groups in order to develop a safety technology solution for Swiss or German brands:
Group 1:Only women (my group)
Group 2:Only men
Group 3:Four women and one man
After 4 weeks of work, each team had to present their work.
Group 1, composed of only women, developed a safety solution for women in the dark. As the jury was only male we decided to tell a story using a persona, music, and videos in order to make them feel what women are experiencing on a daily basis. We also put emphasis on the fact that everyone has a mother, sister, or wife in their life and that they probably don’t want her/them to suffer. In the end, our solution was rather simple, technologically: using light to provide safety but connected to the audience emotionally.
Group 2, mostly composed of men, presented a more high-tech solution using AI, GPS, and video conferences. They based their arguments on facts and numbers and pointed out their competitive advantages.
In Group 3,with 4 women and 1 man, the outcome didn’t seem finished. The only man in the group could not agree to be led by women and they, therefore, spend too much time discussing group dynamics instead of working.
The groups not only had different outputs but also approached the problem differently. My group (group 1) decided to start by defining each other’s work preferences and styles in order to distribute some responsibilities and keeping a hierarchy as flat as possible.
On the other hand, the two other groups elected a leader for the team. It turned out that these “leaders” were more perceived as dictators, which lead to heavy conflicts where the teams spent hours discussing and arguing while our group was just working and productive.
What science tells us about gender differences
The science landscape with regards to gender differences and effects on behavior is still evolving and has not come up with a clear set of scientific explanations for different behaviors yet. By compiling most of the research, there are two main factors that influence behaviors:
Potential physiological differences between men and women
Social norms and pressures forming different behaviors
In the above story, as told by Tania, women developed the solution in a Collaborative Leadership Style (adhocracy culture),adapting the leading position based on the tasks with an almost flat hierarchy. They derived their argumentation by involving all stakeholders (in this case the mothers and wives = users), showing empathy for their problems. They saw the bigger picture and also built a simpler solution that was actually finished.
Through the story, I was able to connect the dots on why most AI projects never end up moving out from the prototype phase to a real-world application.
Why AI products are not adopted?
Based on my experience, there are three main reasons why most AI and Machine Learning (ML) solutions do not move from the prototyping phase to the real-world:
Lack of trust:One of the biggest difficulty for AI or ML products is lack of trust. Millions of dollars have been spent on prototyping but with very little success in the real-world launches. Essentially, one of the most fundamental values of doing business and providing value to customers is trust, and Artificial Intelligence is the most-heavily debated technology when it comes to ethical concerns and related trust issues. Trust comes from involving different options and parties in the entire development phase, which is not done in the prototype phase.
The complexity of a launch:Building a prototype is easy, but there are tens of other external entities that need to be considered when moving into the real world. Besides technical challenges, there are other areas of focus that need to be integrated with the prototyping (such as marketing, design, and sales).
AI products often do not take into account all stakeholders:I heard the story that Alexa and Google Home are being used by men to lock out their spouses in instances of domestic violence. They are turning up the music really loud, or they are locking them out of their homes. It is possible that in an environment with mostly male engineers building these products, no one is thinking about these kinds of scenarios. Additionally, there are many instances about how artificial intelligence and data sensors can be biased, sexist and racist [1].
Interestingly, none of the three points relate to the technical challenges, and all of them can be overcome by creating the right team.
How to make AI more successfully adopted?
In order to solve the above challenges and build more successful AI products, we need to focus on a more collaborative and community-driven approach.
This takes into account opinions from different stakeholders, especially those who are under-represented. Below are steps to achieve that:
Step 1. Involve different groups esp. women from the middle of the talent pyramid
In technology, most companies focus on hiring people at the top of the talent pyramid, where for primarily historical reasons, are fewer women. For example, most Computer Science classes have less than 10 percent of women. However, many talented women are hidden in the middle of the pyramid, educating themselves through online courses but lack opportunities and encouragement.
Talent Pyramid
To give an example, I was talking with the president of Geek Girls Carrot, which is an organization promoting women in tech. They are organizing an AI workshop where over 125 women applied but they had only 25 seats, so naturally, they have to leave behind more than 100 talented women.
Imagine, if we can involve most of the other 100 women instead of only at the top. This would give a lot more women the opportunity to work in new technologies like AI.
Step 2. Build a communal and collaborative bottom-up team with different stakeholders
Next, we need more collaboration between men and women as well as different stakeholders to launch products successfully in the real market. This can be achieved through forming inclusive project communities that build AI products based on common values, beliefs, and often a bigger vision.
Proving the point, in the past six months, we brought together a group of more than 50 male and female students to build an ML model. Within a short time, members started collaborating and helping each other to build the models. Four subgroups got formed, and one of them was driven by two women and supported by two men (data taggers). The other groups were all men. In 4 months, the group with the two women and two male built the most accurate model. From the beginning, the women were much more willing to collaborate than men. However, more interestingly, I saw that men in the group also ended up behaving more collaboratively because of the other women in the group. This was fascinating!!
Step 3. Create the right Organizational Structure for collaboration
What if we could create organizational structures and practices that don’t need empowerment because, by design, everybody is powerful and no one powerless? I have seen that this can be achieved by connecting intrinsic and extrinsic motivations (which is not related to money) and creating an incentive structure that is not competitive.
In my case, I built the community where the mentor was at the top of the pyramid, followed by the community manager, then engineers working on building models and finally data taggers. Members from each team were striving to move up the ladder to reach the next level, which created an extrinsic motivation. However, the monetary compensation for people on the same level was the same. This fostered collaboration.
In this context, the role of a leader is not to be a boss but to foster Collaborative Leadership. Such an organizational structure will decrease the need to control people and will give opportunities to learn and grow together[2].
Why women should lead AI teams
In the story from the beginning, the female group followed a more Collaborative Leadership Style by showing more customer empathy and willingness to collaborate.
Considering the limited experiment in the solar project, we saw that the approach to use the community to build products helped as well to foster collaboration and build trust among community members.
While none of the mentioned qualities can be generalized, the following graphic aims to summarize some of the reasons why many women are a great fit for Collaborative Leadership.
In conclusion, I am arguing that we should think more holistically and do our best to create the right environment where we look beyond gender, race, and cultural background and focus on how we can collaborate as humans to build a better future.
This article was originally published on Towards Data Science by Rudradeb Mitra. He started his career as an AI researcher and published 10 research papers. After graduating from University of Cambridge, he was part of building various startups in US, UK, Belgium, and Poland. His current focus is driving innovation bottom-up and solving various social problems around the world using AI through global collaboration of changemakers from over 75 countries. He also wrote a book on AI and have been invited to speak at over 100 events. Besides that he has no phone, meditates a couple of hours a day, and lives life with no goals in life and in a state of Wu wei.’
One follow-on to the story of Crypto AG being owned by the CIA: this interview with a Washington Post reporter. The whole thing is worth reading or listening to, but I was struck by these two quotes at the end:
…in South America, for instance, many of the governments that were using Crypto machines were engaged in assassination campaigns. Thousands of people were being disappeared, killed. And I mean, they’re using Crypto machines, which suggests that the United States intelligence had a lot of insight into what was happening. And it’s hard to look back at that history now and see a lot of evidence of the United States going to any real effort to stop it or at least or even expose it.
[…]
To me, the history of the Crypto operation helps to explain how U.S. spy agencies became accustomed to, if not addicted to, global surveillance. This program went on for more than 50 years, monitoring the communications of more than 100 countries. I mean, the United States came to expect that kind of penetration, that kind of global surveillance capability. And as Crypto became less able to deliver it, the United States turned to other ways to replace that. And the Snowden documents tell us a lot about how they did that.
*** This is a Security Bloggers Network syndicated blog from Schneier on Security authored by Bruce Schneier. Read the original post at: https://www.schneier.com/blog/archives/2020/03/more_on_crypto_.html
MGM RESORTS SAYS THERE WAS A DATA BREACH IN JULY 2019 — Morgan & Morgan has filed a lawsuit against MGM Resorts International over a data breach that has exposed the personal information of millions of people. The lawsuit was filed February 21, 2020 and states that in July of 2019, MGM’s computer network system was hacked. The stolen information was then posted on a closed Internet forum.
Related: Attorney files lawsuit against MGM Resorts over recent data breach
The report states more than 10.6 million MGM guests were impacted, but one of the lead attorneys said it could be much more.
“We absolutely have heard that we could be talking upwards of 200 million plus,” said Attorney Jean Martin.
She said one of their main concerns is what information was stolen. She said initially, MGM reached out to impacted customers in September of 2019, saying only names and maybe addresses had been posted online, but that information had been taken down. However in February, the lawsuit says even more personal information had been posted on an internet hacking forum, leading to prolonged risk of that stolen information spreading. Some of the information stolen included names, addresses, driver’s license numbers, passport numbers, military ID numbers, phone numbers, emails and birthdays.
“That’s what happens when your information is compromised. You never know when it’s going to go up on the web and on the dark web, when it’s going to be sold and when it’s going to be used, so now the people that have had their information compromised face this risk for the rest of their lives,” said Martin.
MGM Resorts released a statement prior to the lawsuit’s filing, and declined to give any updated information.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws. Upon discovering the issue, the Company retained two leading cybersecurity forensics firms to assist with its internal investigation, review and remediation of the issue. At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”
Shira Rubinoff is the President and Co-Founder of Prime Tech Partners, which is a unique incubator in NYC. She is also the President of SecureMySocial, which warns people of social media problems in real time.
In Shira’s new book “Cyber Minds,” we see a unique mix of cutting-edge perspectives on blockchain and where it is going, insights on several hot technologies like AI and the Internet of Things (IoT) as well as solid cybersecurity advice for technology and business leaders.
Cutting right to the core, this book offers the best practical content l I have seen regarding blockchain’s potential, future and cybersecurity opportunities and drawbacks. The materials on blockchain, which includes interviews with thought-leaders in the area, are simply ground-breaking.
Here’s an excerpt from page 52 regarding blockchain:
“If you look into the financial services space, we’ve blueprinted the financial architecture and sort of overlaid it with the crypto industry. When you look at that, you realize that within five year, something amazing has been built. We’ve got exchanges, wallets, mining, interfaces, and so on. It’s all moving towards institutional grade infrastructure.
Logistics is another example. In the past few weeks, we’ve heard the news of the biggest competitors in logistics coming together. I believe it was DHL, UPS, and FedEx coming together to think about how they can use blockchain to reduce and merge the burden of governance in the system. We’ll get more efficient Internet safety from that.
Blockchain is being used by farmers for cattle feeding and in Switzerland, it’s starting to be used in the watch industry and the butter industry among others. …”
Here’s one other excerpt that I like from page 60 (quoting Sally Eaves) on the leading blockchain sectors:
“Yes, I would say two sectors (are leading) – financial (Read more…)
Washington state could be next in line to pass a state-wide consumer privacy law in the absence of a federal mandate.
In January, a bipartisan group of legislators introduced the Washington Privacy Act (WPA) and Senator Reuven Carlyle, who sponsored the bill, discussed why the senators believe the bill is important: “It has never been more important for state governments to take bold and meaningful action in the arena of consumer data privacy. That’s what this legislation does.”
The WPA is, in some ways, similar to some of the most recognizable privacy acts, such as CCPA and GDPR. In fact, the bill borrows many practices from those same bills. However, it differs in some significant ways, and, if it passes, it will be the most comprehensive privacy law in the US.
What’s notable about the WPA is the ripple effects it could create down businesses’ supply chains: The WPA not only stipulates data protection responsibilities for organizations which determine the purposes and means of data processing (“controller”), it also requires these organizations to verify that their vendors (“data processor”) have sufficient data protection mechanisms in place to process personal data safely.
Regardless of whether or not this particular piece of legislation passes, it’s important for businesses to understand the WPA and what it represents: individual states are thinking about and passing legislation requiring businesses to address consumer privacy and data protection. As more states pass these kinds of laws, the burden on businesses to comply with them will continue to grow.
What businesses would need to be WPA compliant?
As it is written currently, the WPA would apply to two categories of companies that conduct business in or target consumers in Washington:
Businesses that control or process personal data of 100,000 or more consumers.
Businesses that derive greater than 50% of gross revenue from the sale of personal data and processes, and control or process the personal data of 25,000 or more consumers.
Notably, this means that the WPA would apply to some of the biggest businesses in the country, such as Amazon and Microsoft. But it would also apply to little known data brokers and retail stores.
The WPA focuses on two groups: The first is controllers — businesses or individuals who decide how and for what purposes personal data is processed. For example, a business that collects data and uses it to send targeted ads or email marketing would be a controller.
The other group is processors — businesses or individuals that do not make decisions about how data is used and only process it as directed by the controller. A credit card processing company is a good example of a processor; they don’t collect or make decisions about the data, they just process it for the controller.
What rights does the WPA give consumers?
Under the WPA, consumers have certain rights when it comes to their personal data. These rights include:
Right of access: The right of a consumer to know if a controller is processing their personal data and to access that personal data.
Right to correction: The right of a consumer to correct their personal data.
Right to deletion: The right of a consumer to request that their data be deleted.
Right to data portability: The right of a consumer to obtain their personal data in a portable and, as much as technically feasible, readily usable format.
Right to opt out: The right of a consumer to opt out of having their personal data processed for targeted advertising, the sale of their personal data, or profiling in furtherance of decisions that produce legal or significant effects on the consumer.
Individuals would not be able to bring lawsuits against companies for breaking the law, but the state Attorney General’s Office would be able to pursue violations under the state’s Consumer privacy Act.
Controller requirements under the WPA
In short, the WPA requires controllers to be more transparent about their data use and to only use consumer data for the purposes they specified when collecting the data. There are a few other specific requirements, but many of them flow into those core purposes.
The WPA creates these specific controller responsibilities:
Transparency: This would require controllers to provide a privacy notice to consumers that includes what personal data is being processed, why it is being processed, how they can exercise their rights, what data is shared with third parties, and what categories of third parties controllers share their data with. Additionally, if the controller sells personal data, they have to “clearly and conspicuously” disclose this and explain how consumers can opt out.
Purpose Specification: Controllers are limited to collecting data that is reasonably necessary for the express purpose the data is being processed for.
Data Minimization: Data collection must be adequate, relevant, and limited to what the controller actually needs to collect for the specified purpose.
Avoid Secondary Use: Processing personal data is prohibited for any purpose that isn’t necessary or compatible with the specified purpose of collecting or processing the data — unless the controller has the consumer’s consent.
Security: Controllers are required to put administrative, technical, and physical data security policies and processes in place to protect the confidentiality, integrity, and accessibility of the consumer data they are collecting or processing.
Nondiscrimination: Controllers are disallowed from processing personal data in a way that breaks anti-discrimination laws. It also forbids them from using data to discriminate against consumers for exercising their rights by denying them — or providing a different quality of — goods and services.
Sensitive Data: Processing sensitive data without a consumer’s consent is forbidden.
Minors and Children: Processing personal data of a child without obtaining consent from their parent or legal guardian is prohibited.
Non-waiver of Consumer Rights: Any contract or agreement that waived or limited a consumer’s WPA right is null and void.
Data Protection Assessments: Companies would also be required under the WPA to conduct confidential Data Protection Assessments for all processing activities involving personal data, and repeat the assessments any time there are processing changes that materially increase risks to consumers.
Data controllers must weigh the benefits of data processing against the risks. If the potential risks for privacy harm to consumers are substantial and outweigh the interests, then the controller would only be able to engage in processing with the explicit consent of the consumer.
Processor requirements under the WPA
Processors’ responsibilities are different than the controllers’ responsibilities, and while the bulk of the WPA is currently on the controller, it does require that processors have the following items in place:
Technical and organizational processes for fulfilling controllers’ obligations to respond to consumer rights requests
Breach notification requirements
Reasonable processes and policies for protecting consumers’ personal data
Confidentiality
Controller ability to object to subcontractors
The ability for controllers to conduct audits
Additionally, processors and controllers must have contracts in place with provisions regarding personal data processing. The required provisions are similar to the GDPR’s data processing requirements.
How does the WPA differ from the CCPA?
While the WPA borrowed heavily from the CCPA in some areas, there are some key differences that make the WPA more comprehensive.
For example, the WPA requires businesses to weigh the risks and benefits posed to the consumer before they process their data. Specifically, covered businesses must conduct data protection assessments for all processing activities involving personal data.
The WPA also prohibits businesses from exclusively relying on automated data processing to make decisions that could have a significant impact on consumers, which is not included in the CCPA.
Another significant difference is how the WPA addresses facial recognition software. The CCPA treats facial recognition and other biometric data the same as all other personal data, while the WPA has more specific requirements for how controllers and processors must treat facial recognition data.
Namely, the WPA specifies that, among other things, facial recognition technology must be tested for accuracy and potential bias, controllers must obtain consent for adding a consumer’s face to a database, consumers must be notified in public places where it is happening, and results must be verified by humans when making critical decisions utilizing facial recognition technology.
What are the consequences of non-compliance?
The cost of non-compliance with the WPA
While the CCPA allows individuals to bring action against companies that are noncompliant, the WPA doesn’t have this provision. However, it does give the Washington Attorney General authority to take legal action and enforce penalties of up to $7,500 per violation. This will add up quickly for businesses that have data breaches or are found to be out of compliance with the WPA.
Preparing for the WPA and beyond
Many businesses are already thinking about WPA compliance, and the most forward-thinking businesses are also considering what this means for the future of privacy laws. The WPA is receiving praise from advocate groups such as Consumer Reports as well as tech giants like Microsoft, and many are even calling for further improvements to the bill.
Even if the WPA does not come to pass, it is likely for other states to pass similar legislations around consumer data privacy. Either way, your organization needs to be prepared to operate in a world where data privacy issues will be continue to be legislated and litigated.
Companies with already mature infosec and privacy practices will have a big head start when implementing WPA-compliant practices.
To prepare for the WPA and future privacy laws, start by understanding what’s required by the existing industry-agnostic data privacy regulations (e.g., CCPA, GDPR). You’ll need to ensure that your privacy policy, data handling practices, security protocols and vendor contracts are compliant with these regulations. Doing so will help your organization be well prepared when new legislation like the WPA goes into effect.
To learn more about what your organization can do to readily meet common data privacy legislations, check out this article Understanding Data Privacy and Why It Needs to Be a Priority for Your Business.
Additionally, to help organizations strengthen their security posture and meet regulatory requirements, Hyperproof has published a suite of articles on cybersecurity controls, best practices and standards. Here are a few of the most popular resources on our website:
Hyperproof’s compliance operations software comes with pre-built frameworks to help you implement common cybersecurity and data privacy standards (e.g., GDPR, CCPA, SOC 2, ISO 27001) — so you can improve your data protection mechanisms and business processes to readily meet data privacy and data security regulations. Hyperproof not only provides guidance when you implement these compliance standards, it also automates many compliance activities to save you time when adhering to multiple regulations and industry standards.
If you’d like to learn more about how Hyperproof can help you prepare to meet the WPA as well as existing data privacy laws, please contact us for a personalized demo.
Banner photo by Felipe Galvan on Unsplash
The post The Washington State Privacy Act Could Be More Comprehensive Than the CCPA appeared first on Hyperproof.
*** This is a Security Bloggers Network syndicated blog from Hyperproof authored by Jingcong Zhao. Read the original post at: https://hyperproof.io/washington-state-privacy-act/
Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates.
If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle will help you ace nine of the most important exams. You can pick up the training now for only $39 via THN Deals.
Over the next few years, the areas of greatest demand in IT will be networking, cloud computing, and cybersecurity. This bundle covers all three topics, with over 100 hours of training.
The courses on cloud computing focus on AWS and Microsoft Azure, which are the two biggest platforms right now. You get full prep for four Azure exams and one AWS exam.
The bundle also helps you pass three Cisco CCNA exams. If you plan to work with networks at any time, these certifications will serve you well.
The final course works towards CompTIA Security+, which covers all the fundamentals of cybersecurity. Many companies now expect IT professionals to have this certification to prove they are security-conscious. Each course comes with lifetime access, so you can study at your own pace.
Normally priced at $1,800, the training is now only $39 with the bundle.
The oft-attacked city of Baltimore not only uses mind-bogglingly bad data storage. Its home state, Maryland, also knows how to swiftly propose mind-bogglingly bad legislation that would outlaw possession of ransomware and put researchers in jeopardy of prosecution.
It is, of course, already a crime to use the data/systems-paralyzing malware in a way that costs victims money, but proposed legislation, Senate Bill 30, would criminalize mere possession.
It’s not supposed to keep researchers from responsibly researching or disclosing vulnerabilities, but like other, similar “let’s make malware more illegal” bills before it, SB 30’s attempts to protect researchers could “use a little more work,” as pointed out by Ars Technica‘s Sean Gallagher.
It covers much of the same ground as does Federal law, but SB 30 would take it a step further by labelling the mere possession of ransomware as a misdemeanor that would carry a penalty of up to 10 years imprisonment and/or a fine of up to $10,000.
The draft could get yet more draconian still: Earlier this month, members of the Maryland Senate Judicial Proceedings Committee said they’d actually prefer to make the crime a felony, according to Capital News Service.
The problematic outlawing of “unauthorized access”
Besides mere possession of ransomware, the bill would outlaw unauthorized, intentional access or attempts to access…
…all or part of a computer network, computer control language, computer, computer software, computer system, computer service, or computer database; or copy, attempt to copy, possess, or attempt to possess the contents of all or part of a computer database accessed.
It would also criminalize acts intended to “cause the malfunction or interrupt the operation of all or any part” of a computer, the network it’s running on, and their software/operating system/data. Also verboten: intentional, willful, unauthorized possession or attempts to identify a valid access code, or publication or distribution of valid access codes to unauthorized people.
Where does that leave researchers? Partially protected by a thin blanket that doesn’t protect them from liability, experts say.
The bill does holler out an exemption for researchers, rendered in full caps in the draft:
THIS PARAGRAPH DOES NOT APPLY TO THE USE OF RANSOMWARE FOR RESEARCH PURPOSES.
But that doesn’t cover any of the extensive list of “thou shalt not touch without authorization” aspects of the bill that could spell trouble for researchers and keep them from reporting vulnerabilities. Well-known vulnerability disclosure policy expert Katie Moussouris – the founder and CEO of Luta Security and creator of Microsoft’s bug-bounty program – told Ars that as it’s now worded, the bill would…
…prohibit vulnerability disclosure unless the specific systems or data accessed by the helpful security researcher were explicitly authorized ahead of time and would prohibit public disclosure if the reports were ignored.
The truth is that organizations ignore responsible vulnerability reports all too often. That’s why responsible disclosure programs have reporting windows: once the clock ticks down, plenty of researchers give up on waiting for a response and go ahead and publish vulnerability details. The rationale: the longer a vulnerability exists, the higher the chance it will be exploited by hackers.
Maryland should follow Georgia’s lead and rethink this
SB 30 is currently still under review. Were it to pass in its current form, there is, of course, a chance that the governor might veto it. That’s what happened to the equally, similarly misguided hacking bill, SB 315, that was passed in Georgia in 2018.
From Governor Brian P. Kemp’s veto message:
Under the proposed legislation, it would be a crime to intentionally access a computer or computer network with knowledge that such access is without authority. However, certain components of the legislation have led to concerns regarding national security implications and other potential ramifications. Consequently, while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.
Hopefully, Maryland’s lawmakers will take a much closer look at the proposed bill and listen to experts like Moussouris. Hopefully, they’ll come to realize that the legislation may very well harm the very people who are working to protect the state.
Latest Naked Security podcast
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast.
Wireless communications infrastructure company SBA Communications knew it was likely going to remain one of the smaller of that industry’s “big three” (behind American Tower and Crown Castle), and CEO Jeffrey Stoops was perfectly OK with that. As long as SBA Communications continued to prize being relevant and innovative over being big, they would cement their reputation.
“We were never going to be the largest,” said Stoops in a conversation with Inside Towers managing Editor Jim Fryer on an episode of the “Tower Talks” podcast. “Instead, we focused on trying to build and acquire and operate the best quality assets that we could. Assets that would stand the test of time and that would always be relevant to our customers. Assets that could navigate not just where the industry was at the time, but where it was headed.”
When SBA Communications began using SaaS-based apps like Innotas, ExpenseWatch, and Yammer, they implemented Microsoft’s Active Directory Federation Service (AD FS) and although it met their needs at the time, AD FS proved challenging to integrate. The process was time-consuming and expensive, and slowed SBA’s digital evolution. As cloud-based apps began to become more and more vital to their operation, it was clear something had to change.
A Migration Impasse
When a new version of AD FS was released shortly after SBA Communications adopted the service, the company was faced with another arduous and expensive integration process. Instead, they decided on the slightly lesser of two evils – not integrating the new version, and instead running two live versions of AD FS. It was clearly not ideal. “Integration was so painful the first time around that we dreaded having to migrate those same apps into the new environment,” says SBA Communications Senior Vice President and Chief Information Officer Jorge Grau. “When resources are scarce, migrating a product that’s already working never becomes a priority.”
To tackle their unwieldy and inefficient system, SBA Communications began looking at IDaaS solutions. The decision would involve more than just the bottom line, as the company considered a number of factors. “In the end, it wasn’t just about dollars,” says Grau. “It came down to product functionality and which provider would best support us in integrating new apps. Company reputation, customer interviews, and existing integrations with SaaS providers also played a significant role. Mobile Device Management (MDM) capabilities were the icing on the cake.”
A Fix For Everything
SBA Communications prides itself on staying ahead of the curve, and they were being weighed down by inefficient systems. Idaptive allowed for simpler integration with cloud apps and mobile device flexibility. But more importantly, it allowed them to – in Stroop’s words – keep an eye on “where the industry was headed” by improving security measures in light of several high-profile data breaches in the communications industry. With Idaptive, SBA Communications could more easily enforce passwords on devices, encrypt mobile communications, and could even eliminate proprietary SBA Communications email from any mobile device at a moment’s notice.
Not only was Idaptive’s solution more efficient and empowering, it saved SBA Communications an estimated $50,000-$60,000 a year in AD FS costs and negated the need for a separate MDM solution entirely. Integrations take significantly less time, and there is no redundancy and fewer security vulnerabilities.
As it stands among the “big three,” SBA Communications was now poised to challenge size and scale with innovation, flexibility, and security. And they are perfectly OK with that.
Source: National Cyber Security – Produced By Gregory Evans Chrome is protecting and Sonos is disconnecting, but first: a cartoon about the new big screen. Here’s the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every weekday? Sign up here! Today’s News Don’t ignore […]
View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Twitter is shocking and Apple is balking, but first: a cartoon about posthumous photo sharing. Here’s the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every weekday? Sign up here! Today’s News Did Twitter help […]
View full post on AmIHackerProof.com
D5 Creation