Tag Archives: mountain view

Better Way to Assess Cyber Risks?

As the saying goes, there are two kinds of motorcyclists: Those who have fallen off their bikes and those who will.

The insurance industry assesses the corporate world’s cybersecurity risk much the same way. Everyone is equally at risk, and, therefore, everyone pays the price for higher insurance premiums.

Not a day seems to go by without news of a high-profile security breach. It’s no surprise, then, that the cybersecurity insurance market is expected to rise to $7.5 billion by 2020, according to PwC. Even worse, the industry does not have effective actuarial models for corporate cybersecurity, say Mike Baukes and Alan Sharp-Paul, the co-founders and co-CEOs of UpGuard.

The two audacious Australians have developed what they say is a better way to assess the risk for cybersecurity breaches.

peep

Alan Sharp-Paul (L) and Mike Baukes (R), Co-Founders and CO-CEOs, UpGuard

The pair’s company recently unveiled its Cybersecurity Threat Assessment Rating (CSTAR), the industry’s first cybersecurity preparedness score for businesses. UpGuard’s CSTAR ranking is a FICO-like score that allows businesses to measurably understand the risk of data breaches and unplanned outages because of misconfigurations and software vulnerabilities, while also offering insurance carriers a new standard by which to more effectively assess risk and compliance profiles.

According to Baukes and Sharp-Paul, many companies forego available policies due to perceived high cost and uncertainty that their organizations will suffer an attack. With countless patches and endpoint fixes slapped onto IT infrastructure to hastily remediate breaches, companies have found themselves with less visibility into their core systems than ever before and, as a result, no way to understand how at-risk they are for hacks. With CSTAR, businesses are able to regain transparency into their own stack and take the appropriate steps to bolster their cybersecurity. Insurance carriers, meanwhile, can make smarter underwriting decisions while accelerating the availability of comprehensive and cost-effective cybersecurity insurance policies for businesses. It’s a win-win for both the insurance industry and for businesses.

After spending years in financial services in Australia and the U.K. and witnessing the disarray of corporate IT, Up-Guard’s two co-founders decided they could make a difference by developing a better way for corporations to understand their software portfolios and their associated potential risk for security breaches. Baukes says, “Our experience showed that that there were thousands of applications and thousands of machines powering all of this critical infrastructure. And the thing that we learned throughout all this was just how hard it is for an IT organization to understand and get a handle on what they’ve got.”

“Today, everything is out in the cloud,” Sharp-Paul says. “We’re all more connected. Employees are connected 24 hours a day, seven days a week. Now what keeps CIOs and CEOs up at night is, ‘If we get breached, I could get thrown in jail. I could get sued.’ It’s a very, very different world we live in today. We built a system to help companies understand and prevent downtime, and helping them save on project costs is just as relevant today from a security perspective.”

The two initially started a consulting company to help companies catalogue and manage their software platforms and applications. According to Sharp-Paul, “We realized the biggest problem companies have from an IT perspective is that they don’t really have appropriate visibility into what they’ve got and how it’s changing because so many things are changing daily in these environments that it’s really hard for them to know what ‘good’ looks like.”

Sharp-Paul and Baukes’s consulting led them to develop software to automate the process, providing the means to quickly and effectively crawl every server and software application to present a profile of what needed to be updated or patched and to identify the system holes that allowed for security breaches.

As Baukes tells it, “Getting that all to mix well and be safe, secure and capable of pinpointing where problems go wrong really quickly is an incredibly difficult task. So, we built up the first commercial version of the product—a very rudimentary version—and we shopped it around, and people were very excited at the time.”

From there, the pair realized their software had commercial potential and implications more far-reaching than what they had first thought. “We started with that very simple version with a few sales and no sales force—just Alan and [me] at the time—growing to the point now where we now have 3,000-plus customers, and the team is steadily being built,” Baukes says.

Now, the company has nearly 50 employees and is growing fast. The Mountain View, CA–based company attracted early seed funding from the likes of Peter Thiel, Dave McClure and Scott Petry, leading to a near $9 million Series A funding underwritten by August Capital.

The co-CEOs admit the co-managing arrangement is unconventional and would be challenging to make work under different circumstances. However, Baukes and Sharp-Paul feel their skills and temperament complement each other.

“To be honest, when people ask us about it, my first response is always that it’s a terrible idea,” Sharp-Paul says. “And that’s not because it’s been a horrible experience for us. It’s because I kind of think we’re really the exception. And the only reason I say that is that I know the unique things we went through and the type of people we are that makes this work. I can’t imagine that being a common thing at all.”

Baukes is generally a more aggressive and strategic thinker, while Sharp-Paul describes himself as more pragmatic and conservative.

Sharp-Paul and Baukes first worked together at the Colonial First State Investment firm back in Sydney, where the two lived the DevOps experience before DevOps became the buzzy concept that it is today. There, Sharp-Paul was a web developer, and Baukes was a systems administrator, and they talked a lot about things like continuous integration and continuous delivery.

“Now these are all fantastic things,” Sharp-Paul says. “But you need a foundation or a basis of understanding what you have. I mean, we like to say you can’t automate what you don’t understand. Or you can’t secure or fix what you don’t understand. And that’s always missing. Everyone’s trying to rush to this goal of DevOps or moving to the cloud. Everyone wanted to be there, but companies and vendors in particular weren’t helping businesses on the journey there.”

Baukes says, “Once you have that base understanding of what you have, then that opens everything else up. You can think about DevOps. You can think about automation. At the time, we were thinking, ‘Why hasn’t anyone thought to do this before?’ It seemed like such a foundational, basic thing. It was almost like it was so foundational that everyone just moved past it, and they were looking at the next shiny thing down the road. I think that was the white space. That was our opportunity. We jumped on it.”

As it turns out, in the world of corporate IT, applications never get retired. Even worse, the people who manage them move on because the life cycle of an employee at a company is short. As as result, the institutional knowledge about these applications is lost.

“Corporate memory is so short typically,” Sharp-Paul says. “They often get to this point five years down the track where they rediscover this server or this application, and everyone’s too scared to touch it because they don’t know what it does. They don’t know how it works. The people with the knowledge just left with it all in their heads. We come across that all the time.”

Sharp-Paul and Baukes had always seemed destined to do something on their own.

“I always had a healthy disrespect for authority. Throughout my corporate life, I was looking outside to see what else is [WAS?] out there,” Sharp-Paul says. “I actually started the first step of creating a business on my own—with something as mundane as a French language website that I used when I moved overseas for a couple of years. … It taught me that I can actually build something myself that makes money.”

Baukes agrees.

“The big difference is that I grew up in an immigrant family in the middle of nowhere, effectively. I won’t say the Australian Outback, but really rural,” he says. “We built everything ourselves. My father was a great wheeler and dealer. So, I learned a lot of from him. I fell into all of this by playing computer games and was really good at it, frankly. For me, that was a springboard into an accidental corporate life. I always knew that I would do something else.”

Now, for the future?

Baukes says, “It makes good business sense to quantify the risk in your company’s IT systems and report it effectively. And I think that for us, we could continue growing our business with that in mind—giving people visibility, helping them get to the truth of what they’ve got, teaching them how to configure it, and showing them if they’re vulnerable. That is beginning to accelerate for us, and we’re incredibly proud of that.

“We truly believe that, over time, CSTAR will be adopted as an industry standard that companies and carriers alike can rely on to make critical coverage and cybersecurity decisions.”

Unlocking the Gate to Open Innovation

Many of the innovations fueling economies in our information age did not require new technologies or scientific feats, but rather depended on arranging and manipulating in a novel manner existing technologies, as well as devising new business methods or applying established ones with an ingenious twist.

These sorts of innovations are in most cases extremely efficient. They are less expensive to benefit from, and the duration between awareness and implementation is relatively short.

Coming up with such innovative ideas and detailed product descriptions relating to the Internet and mobile market does not require any special training or education, and most of the information that is needed for a potential innovator is available in plain sight for all of us.

That doesn’t mean it’s easy to achieve such innovations and creative insights. But It does suggest that the chances of being enlightened with the same innovative concept are similar for both a bright Google employee and a bright and curious Indian or Chinese teenager or an adult with a smartphone.

Of course, when comparing the chances of being enlightened with a true and disruptive innovation on a specific issue, the group of 60,000 Googlers has slim chances of getting there ahead of the billions of teenagers and adults in the world.

You would think that applying open innovation, which gets 3.3 million search results on Google, would direct companies to take advantage of those billions of potential innovators out there. That’s definitely not the case, and I’m guessing that for most companies open innovation involves mainly following and cooperating with external companies and start-ups as well as with relevant academic institutions and individuals.

In fact, most companies discourage potential innovators in the general population from sending anything valuable to them. Have a look at Apple’s policy. The company covers all (contradicting) bases, starting with:

“Apple or any of its employees do not accept or consider unsolicited ideas”

And ending with:

“your submissions will automatically become the property of Apple, without any compensation to you. Apple may use or redistribute the submissions and their contents for any purpose and in any way”

Google appears to be more polite and logical, and so does Amazon, but the bottom line is the same: There are no incentives and only risks for potential innovators from the public to send anything valuable to such companies.

There are certainly legal risks in soliciting detailed concepts and product designs from the public, so I don’t blame companies for being cautious. I do think they can be creative in seriously mitigating those risks.

What can be done?

To start with, companies need to realize they are far less innovative in many areas of their business than they could be. And even hiring thousands of additional geniuses and cooperating with established third parties can’t do much to improve their improbable odds against a competitor that solicits innovation from the general population.

One way to go forward would be to engage trusted third-party professionals (maybe a new company consisting of former executives and employees) that would act as an “innovation firewall” between the public and the company itself (the “trustee”). The rules should be simple. All detailed product description and innovation concepts would be transferred only to the trustee, which would have an obligation of confidentiality both to the claimed innovator and to the company (regarding information the trustee possesses or receives from the company itself).

The trustee would have the hard job of screening the input received from the public, finding the innovation jewels and then verifying as best he can that such innovation does not already exist within the company. Once a true innovation is found, the trustee would make the direct connection between the innovator and the company. A standard nondisclosure agreement would then be executed.

The public should also be educated on how to present concepts, replacing the innovation-suffocating legal text existing in the links provided above.

Lack of Enthusiasm for Driverless Cars?

Automakers will have to focus on women if they hope to make driverless cars mainstream, according to a NerdWallet survey that shows men are far more likely to express interest in the new technology. The survey of more than 1,000 Americans nationwide also exposes a sharp divide in views on self-driving vehicles between Millennials and older Americans.

Only 37% of women surveyed by NerdWallet expressed any interest in owning a self-driving car, whereas half of men expressed interest.

The survey also found that 53% of respondents ages 18 to 29 were “very interested” or “somewhat interested” in owning a self-driving car, compared with just 41% of those 30 and older.

Consumers Are Skeptical About Driverless Cars

Among key findings of the survey:

  • Most women expressed concern about the safety of self-driving cars, with 55% citing safety as among the biggest drawbacks of the new technology. Only 37% of men were worried about safety.
  • 44% of men were concerned that driverless cars will take the fun out of driving; only 23% of women felt that way.
  • Consumers have a limited amount of trust in autonomous car technology. When asked whether they would put a child alone in a driverless car to go to school or a friend’s house, only 6% of those surveyed would close the door and wave goodbye.
  • While consumers are not yet ready to embrace a driverless world, they are interested in safety technologies that are paving the way for fully autonomous vehicles. Blind-spot detection was by far the most popular new technology, with 42% citing it as the most appealing feature of semi-autonomous cars, followed by emergency braking to prevent crashes, favored by 30%.

Self-driving cars are here

Self-driving cars, also known as autonomous vehicles, once seemed the stuff of science fiction, but they are already testing on the highway and seem certain to end up in dealer showrooms before long. Yet our survey of more than 1,000 Americans found a distinct lack of enthusiasm toward the prospect of driverless cars, with only a small minority “very interested” in buying one and nearly twice as many saying they were “not at all interested.”

Nevertheless, a transition to autonomous cars seems inevitable.

Google recently announced that it will begin putting its self-driving cars on public roads in Mountain View, CA, this summer. Over six years of testing, Google says its cars have been involved in only 11 accidents – none of which was the fault of the Google car. In most cases, the cars were rear-ended.

A self-driving Audi recently completed a trip from San Francisco to New York in nine days, driving in automated mode 99% of the time, according to Delphi Automotive, which made the technology.

Tesla CEO Elon Musk recently announced a software upgrade for some of the maker’s electric cars that will make it possible for the cars to drive from San Francisco to Seattle without human input – “from parking lot to parking lot,” as he put it at a news conference. However, the full autopilot feature will not be enabled, at least initially, he said.

While our survey found Americans as a whole relatively unenthusiastic about driverless cars, men were far more likely than women to express interest.

Interest in Owning a Driverless Car

Self-driving cars use GPS and a variety of sensors (cameras, radar and lasers) to scan and identify the environment around the car. A computer in the car processes data from the sensors to decide on driving actions such as steering, braking and turning. Cars would be networked, using vehicle-to-vehicle (V2V) communication to talk to one another. Ultimately, a human driver becomes just another passenger and would be able to sit back and do other things while en route.

The potential for reducing car accidents could be significant. After all, the computer never takes its “eyes” off the road, never gets distracted, never gets tired.

On May 13, Transportation Secretary Anthony Fox announced that the U.S. Department of Transportation will fast-track rules to require V2V communication in future cars.

Still, many people are firm in their resistance to driverless vehicles: 28% vow they will never purchase a driverless car. Only a very small contingent (3%) is ready to buy a self-driving car right now. The majority of those surveyed (51%) would wait three years or longer after such cars became available before considering buying one.

When People Would Buy a Driverless Car

NerdWallet also wanted to find out what would be appealing about driverless cars that could potentially win over customers. While more than one-third of consumers (36%) did not find anything appealing about driverless cars, about the same percentage liked the ideas of saving on car insurance and letting the car handle routine driving tasks.

What People Like About Driverless Cars

Notably, fewer than one-third of people found the potential for improved safety to be a compelling reason to own a driverless car.

The older the age group, the more likely respondents were to say they couldn’t find anything appealing about driverless cars, from a low of 26% among those ages 18 to 29, to 44% among those age 60 and older.

Safety and cost are top worries

Safety concerns are a major drawback of self-driving cars, according to 46% of respondents, but cost was the biggest worry.

What People Don't Like About Driverless Cars

Concern about safety also bubbled up when we asked about car insurance rates. Typically, cars that crash less are rewarded with lower auto insurance rates. But only 41% of people think owners of self-driving cars should pay less for insurance.

As another measure of trust in autonomous car technology, we asked whether people would put a child in a self-driving car alone to go to school or a friend’s house. Only 6% gave a thumbs-up to that idea. Most people (76%) said no, and the rest were unsure.

However, people did show interest in safety technologies such as collision avoidance, suggesting the possibility that they will eventually come around to self-driving cars if they can be sold on the cars’ safety promises (and if men can still have a little fun). Only 9% of people said they had no interest in any of the technologies we asked about.

Most Desired Advanced Technology Features

A few are ready to spend today

There’s a very small, enthusiastic contingent of people who are ready to embrace driverless cars today: 3% of respondents say they would purchase a driverless car today if they could, and 6% say they’d be willing to pay more than $10,000 extra for a fully autonomous car over a regular car.

Another 15% say they would pay $5,001 to $10,000 more. (Experts generally predict that self-driving cars will cost about $7,000 to $10,000 more than regular cars when they are introduced, with the price differential decreasing in subsequent years.) But pessimism about the value of autonomous cars still prevails: 50% of people say they wouldn’t pay a dime more.

Methodology

NerdWallet conducted a national, online survey of 1,028 randomly selected Americans ages 18 and older on May 12-13, 2015, via SurveyMonkey. Respondents were 52% female and 48% male. By age, 22% were under 30, and 26% were over 60. Margin of error: four percentage points.

For the full study, click here.

A Misguided Decision on Driverless Cars

On first glance, the California Department of Motor Vehicles’ recent proposal to ban the testing and deployment of driverless cars seems to err on the side of caution.

On closer inspection, however, the DMV’s draft rules on autonomous vehicles rest on flawed assumptions and threaten to slow innovation that might otherwise bring enormous, time-critical societal benefits.

At issue is the requirement that DMV-certified “autonomous vehicle operators” are “required to be present inside the vehicle and be capable of taking control in the event of a technology failure or other emergency.” In other words, driverless cars will not be allowed on California roads for the foreseeable future.

One problem with the human operator requirement is that it mandates a faulty design constraint. As Donald Norman, the technology usability design expert, has noted, decades of scientific research and experience demonstrate “people are incapable of monitoring something for long periods and then taking control when an emergency arises.”

This has been Google’s direct experience with its self-driving car prototypes, too. As Astro Teller, head of Google[x], told a SXSW audience in early 2015: “Even though people had sworn up and down, ‘I”m going to pay so much attention,’ people do really stupid stuff when they’re driving. The assumption that humans could be a reliable back up for the system was a total fallacy!”

The ramifications are more than just theoretical or technical. The lives and quality of life of millions hang in the balance.

Americans were in more than six million car crashes last year, injuring 2.3 million people and killing 32,675. Worldwide, more than 50 million people were injured, and more than one million were killed. Human error caused more than 90% of those crashes.

It remains unclear whether semi-autonomous or driverless cars would better reduce human error and lower this carnage. Thus, it is important to encourage multiple approaches toward safer cars — as quickly as possible. Instead, California has slammed the brakes on the driverless approach.

Another major problem with the human-operator mandate is that it slows testing and development of systems aimed at providing affordable transportation to the elderly, handicapped or economically disadvantaged. Millions of Americans either cannot drive or cannot afford a car. This hurts their quality of life and livelihood.

Driverless cars could enable Uber-like, door-to-door mobility-on-demand services at a fraction of today’s transportation cost. This will require, however, efficient, low-cost vehicles that do not need (nor need to accommodate) relatively expensive human drivers. It also requires empty driverless cars to shuttle between passengers. The California DMV rules, as proposed, would not allow the testing or deployment of such vehicles or fleet services.

The immediate victim of California’s proposed rules is Google. Google’s self-driving car program is the furthest along in the driverless design approach that the new rules would rein in, and its current efforts are located around its headquarters in Mountain View, CA. Google’s attempt to field a fleet of prototype driverless cars (without steering wheels) would certainly be dashed.

Other companies’ efforts might be affected, too. Will Tesla owners, for example, need to get separate DMV certification to use enhanced versions of Tesla’s autopilot feature? How about GM owners with Super Cruise-equipped cars? How will these rules affect Apple’s car aspirations?

The longer-term victim is California.

Silicon Valley is becoming the epicenter of autonomous vehicle research. Not only are native companies like Google, Tesla and, reportedly, Apple investing heavily in this arena, but the race to develop the technology has compelled numerous traditional automakers to build their own Silicon Valley research centers.

If California regulators limit on-road testing and deployment, companies stretching the boundaries of driverless technology will inevitably shift their investments to more innovation-friendly states (or countries).

The proposed rules must now go through several months of public comment and review before they are finalized. California needs to take that opportunity to reconsider its course on driverless cars.