Advertisements

If You Want to Grow Like Google, Make These Important Culture Moves at Your Office

Google might be a successful behemoth now, but at one time, it was a startup going through some serious growing pains. At one point in its aggressive development, co-founder Larry Page reportedly scrapped the company’s burgeoning middle management level. He quickly discovered that, despite his preferences, an additional supervisory layer was necessary to successfully scale operations without major hiccups.

Therein lies a major problem with scaling: It doesn’t just involve getting progressively bigger, like a blown-up balloon. Instead, its shape morphs as new needs arise, such as heightened employee responsibilities and changing customer expectations. And plenty of smart leaders ignore these red flags when they’re growing at breakneck speed.

What are some of those indicators of runaway growth? Team burnout might as well be a neon sign. Another problem is dwindling capital with no real profit sources in sight. Of course, unhappy customers are a sure side effect of unhinged expansion.

If you’re increasing revenue, you may be tempted to keep your foot on the pedal instead of tapping the brakes. Don’t halt your forward momentum, but remain open to addressing a few issues that will make scaling less challenging — and more rewarding — for all stakeholders.

Here are three ways you can help your office’s culture grow with the pace of your fast growing company:

1. Define and direct your team’s new cultural journey.

When you’re a 10-person shop, your culture may look and function like a big family. When you hit the 50- or 100-employee mark, complete with remote workers, you can’t sustain the same kind of atmosphere. That’s OK, but it means you need to rethink your team’s collective identity.

If you haven’t established your corporate purpose or vision, now’s the time. Choose a few main value points, and create robust statements around them. After you’ve run your ideas by trusted colleagues and tweaked them as necessary, release your vision so everyone’s on the same page.

Certainly, your culture will evolve as you get bigger. Google didn’t stay static; neither should your company. Nevertheless, establishing your corporate DNA before you get exceptionally large will help everyone remain true to your vision, even as changes naturally occur.

One of the biggest impacts I’ve seen on culture is to align everyone around shared values. The process of discussing the behaviors exhibiting each value has helped many of my clients create teams that work together toward a common goal.

2. Keep your head in the present moment.

Although you’ll need to project into the future, you can’t lose sight of your current growth stage. As a leader, your job is to be both a pragmatist and a visionary. Even as your world swirls with opportunities, you owe it to your workers to take the team’s capacity into account and establish a healthy baseline.

Are your people up to the challenges you’re about to face? Do they have the training and capabilities to handle emerging roles? Never make assumptions — they’ll always backfire. As you prepare for the next adventure, be open to upskilling staff and perhaps even shifting employees into different roles.

Experiment with new org charts, seeing which ones fit current and anticipated needs. Google’s Page quickly walked back his experiment in eliminating middle management, yet focusing on getting the right people in the right roles was crucial to Google’s success at that stage. Through trial and error, you can determine which employee, organization, revenue and profit restructures make the most sense to propel your business forward.

3. Discover and address operational bottlenecks.

When Page eliminated mid-level managers, he quickly realized that having one executive with 100 engineers reporting to him wouldn’t turn out well. Situations like that are bound to result in bottlenecks. Every fast-growing business experiences bottlenecks in areas like hiring, customer service and operations.

Some bottlenecks are relatively obvious, making them easier to fix. If an employee has so much paperwork to deal with that he’s become a living traffic jam, you need to streamline your processes — the problem is apparent, and you can intervene immediately.

Other issues may be buried deep within systems and supply chains, making them tough to pinpoint. For those situations, AI can provide critical insights. AI platforms can analyze thousands of data points at once, spotting problems that might take years to bubble to the surface.

You may or may not one day compete with the likes of Google. If you stick around, though, your organization will inevitably need to scale. The more you focus on thoughtfully navigating the experience, the better your outcome will be.

By: Gene Hammett

 

Source: If You Want to Grow Like Google, Make These Important Culture Moves at Your Office | Inc.com

@Ade Oshineye presents from the Google Developers Summit on how you as a developer can grow with Google+, namely highlighting: Reach, user acquisiton and conversion, user engagement and retention, and finally, when needed, re-engagement. #developer   #developers

Advertisements

Microsoft Confirms New Windows CPU Attack Vulnerability, Advises All Users To Update Now

A security vulnerability that affects Windows computers running on 64-bit Intel and AMD processors could give an attacker access to your passwords, private conversations, and any other information within the operating system kernel memory. Users are advised to update Windows in order to mitigate against this new CPU “SWAPGS attack” risk.

What is the SWAPGS attack?

“We call this the SWAPGS attack because the vulnerability leverages the SWAPGS instruction,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, says “an under-documented instruction that makes the switch between user-owned memory and kernel memory.” Botezatu also says that, at this point, “all Intel CPUs manufactured between 2012 and today are vulnerable to the SWAPGS attack.” Which means every Intel chip going back to the “Ivy Bridge” processor is vulnerable if inside a machine running Windows.

However, it appears it is not just Intel CPUs that are affected by the SWAPGS attack vulnerability. According to a Red Hat advisory published August 6th, the threat “applies to x86-64 systems using either Intel or AMD processors.” Something that AMD itself disputes.

An AMD spokesperson pointed me in the direction of a public statement online: “AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.”

That same Red Hat advisory stated that “based on industry feedback, we are not aware of any known way to exploit this vulnerability on Linux kernel-based systems.” During my briefing with Botezatu, he noted that “Linux machines are also impacted,” however, due to the operating system architecture they are “less prone to this type of attack, as it is less reliable.” Botezatu says that other operating system vendors are not impacted at this point, “but are still investigating similar attack avenues leveraging the SWAPGS attack.”

As already mentioned, Bitdefender researchers have been working with Intel for more than a year to address the risk from this new “side-channel” attack that, the company said, “bypasses all known mitigations implemented after the discovery of Spectre and Meltdown in early 2018.”

However, it has waited until now to disclose the information as Microsoft has issued a fix to address the vulnerability as part of the July 9 “Patch Tuesday” updates. Even so, despite the best efforts of everyone concerned, Bitdefender admitted that “it is possible that an attacker with knowledge of the vulnerability could have exploited it to steal confidential information.”

A Microsoft spokesperson provided me with the following statement: “We’re aware of this industry-wide issue and have been working closely with affected chip manufacturers and industry partners to develop and test mitigations to protect our customers. We released security updates in July, and customers who have Windows Update enabled and applied the security updates are protected automatically.”

I understand that as soon as Microsoft became aware of the issue, it worked quickly to address it and release an update as soon as possible. Microsoft works closely with both researchers and industry partners to make customers more secure, and as such did not publish details until August 6 as part of a coordinated vulnerability disclosure.

Red Hat has stated that “there is no known complete mitigation other than updating the kernel and rebooting the system. This kernel patch builds on existing Spectre mitigations from previous updates.”

So, to address the issue for Linux machines requires updates to the Linux kernel in combination with microcode updates. “Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available,” Red Hat advises, “customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.”

Meanwhile, an Intel spokesperson provided the following statement via email:

“On August 6th, researchers from Bitdefender published a paper entitled “Security Implications of Speculatively Executing Segmentation Related Instructions on Intel CPUs.” As stated in their paper, Intel expects that exploits described by the researchers are addressed through the use of existing mitigation techniques. We believe strongly in the value of coordinated disclosure and value our partnership with the research community. As a best practice, we continue to encourage everyone to keep their systems up-to-date.”

How is the SWAPGS attack related to Spectre?

Like the Spectre vulnerability which dominated the headlines for so long, this new side-channel exploit takes advantage of the speculative execution functionality of modern processors. Simply put, that functionality speeds up the CPU by enabling it to make a bunch of educated guesses as to the instructions that will come at it next. Thomas Brewster has a good primer on these side-channel attacks in this Forbes article from May 22, 2018.

Where SWAPGS differs is in the attack methodology as it combines that speculative execution of instructions with the use of that previously mentioned SWAPGS instruction by Windows operating systems within a gadget.

How easily can this attack be executed?

The chances of falling victim to a SWAPGS attack now that the details have been disclosed have increased, so users are advised to apply available updates as a matter of urgency if they have not already done so. However, it should be remembered that, as Botezatu admits, “this is not your run of the mill attack against regular computers, as running the SWAPGS attack is time-consuming.”

Your average threat actor would instead rely on lucrative, and easy to execute, attack methodologies such as phishing. “On the other side, exploiting this bug from a threat actor perspective brings significant advantages,” Botezatu warns “it circumvents anti-malware defenses and would leave no traces on the compromised system.”

The scary firmware attack surface explained

Ian Thornton Trump, head of cybersecurity at Amtrust International, knows what this “BIOS and firmware” attack surface looks like. “To understand why it’s so scary comes down to one simple concept,” Thornton-Trump tells me, “if the firmware, BIOS and microcode layers of a computer are insecure than it is impossible to put a secure operating system on top of that.”

Indeed, when the original Spectre threat story first broke, I recall Thornton-Trump speculating that the modern CPU is actually an operating system unto itself; concluding that architectural and procedural vulnerabilities will be aggressively explored by security researchers.

“Now we have a new development in this story,” Thornton-Trump says, “inserting code into speculative execution can yield an exploit for a component of the 64-bit Windows Kernel.” What does this mean? “It means the Operating System is no longer secure because the CPU is not secure,” and the result of that is a leak of user mode data.

Which users are at most real-world risk from SWAPGS?

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” Gavin Hill, vice-president for datacenter and network security products at Bitdefender warned.

“I don’t think this is going to be leveraged into a Wannacry or Notpetya level of attack,” Thornton-Trump says, “and I don’t think it will be adopted by cyber-criminals with financial motivations.” These are the sort of vulnerabilities that “Government Cloud” and “Military Mega-Cloud” projects should be aware of, according to Thornton-Trump.  “For people with sensitive data in virtual environments these sorts of exploits need to be considered in the threat model,” he concludes, “for the rest of us, we have far worse issues to deal with.”

Follow me on Twitter or LinkedIn. Check out my website.

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

Source: Microsoft Confirms New Windows CPU Attack Vulnerability, Advises All Users To Update Now

%d bloggers like this:
Skip to toolbar