State Bank of India
Auto Added by WPeMatico
Auto Added by WPeMatico
Salesforce, the global giant in CRM, said on Wednesday that former banker Arundhati Bhattacharya will be joining the company on April 20 as chairperson and chief executive of its India division.
The San Francisco-headquartered firm said Bhattacharya, who served as the chairperson of the state-run State Bank of India for nearly four decades and oversees financial services group SWIFT India, will be tasked with helping the global giant scale rapidly in India, one of its fastest growing overseas markets.
Arundhati will report to Ulrik Nehammer, General Manager of Salesforce in the APAC region. “Arundhati is an incredible business leader, and we are delighted to welcome her to Salesforce as chairperson and CEO India,” said Gavin Patterson, President and CEO of Salesforce International, in a statement.
“India is an important growth market for Salesforce and a world-class innovation and talent hub and Arundhati’s leadership will guide our next phase of growth, customer success and investment in the region,” he said.
Salesforce offers a range of cloud services to customers in India, where it has over 1 million developers and more Trailhead users than in any other market outside of the U.S. The company, which competes with local players Zoho and Freshworks, counts Indian firms redBus, Franklin Templeton and CEAT as some of its clients.
The company said it expects to add 3,000 jobs in India in the next three years and turn the nation into a “leading global talent and innovation hub” for the company. Sunil Jose, who joined the firm in 2017, oversaw some of the company’s India operations previously.
“I could not be more excited to join the Salesforce team to ensure we capture this tremendous opportunity and contribute to India’s development and growth story in a meaningful way,” said Bhattacharya in a statement.
According to research firm IDC, Salesforce and its ecosystem of customers and partners in India are expected to create over $67 billion in business revenues and create more than 540,000 jobs by 2024.
Powered by WPeMatico
Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can easily be discovered.
The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found more than 90 companies with publicly accessible folders.
Not even Box’s own staff were immune from leaking data.
The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others.
Worse, some public folders were scraped and indexed by search engines, making the data found more easily.
In a blog post, Adversis said Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public.
Adversis said it found passport photos, bank account and Social Security numbers, passwords, employee lists, financial data like invoices and receipts and customer data among the data found. The company contacted Box to warn of the larger exposures of sensitive data, but noted that there was little overall improvement six months after its initial disclosure.
“There is simply too much out there and not enough time to resolve each individually,” he said.
Adversis provided TechCrunch with a list of known exposed Box accounts. We contacted several of the big companies named, as well as those known to have highly sensitive data, including:
Box, which initially had no comment when we reached out, had several folders exposed. The company exposed signed non-disclosure agreements on their clients, including several U.S. schools, as well as performance metrics of its own staff, the researchers said.
Box spokesperson Denis Roy said in a statement: “We take our customers’ security seriously and we provide controls that allow our customers to choose the right level of security based on the sensitivity of the content they are sharing. In some cases, users may want to share files or folders broadly and will set the permissions for a custom or shared link to public or ‘open’. We are taking steps to make these settings more clear, better help users understand how their files or folders can be shared, and reduce the potential for content to be shared unintentionally, including both improving admin policies and introducing additional controls for shared links.”
The cloud giant said it plans to reduce the unintended discovery of public files and folders.
Amadeus, Apple, Box, Discovery, Herbalife, Edelman and PointCare all reconfigured their enterprise accounts to prevent access to their leaking files after TechCrunch reached out.
Amadeus spokesperson Alba Redondo said the company decommissioned Box in October and blamed the exposure on an account that was “misconfigured in public mode,” which has now been corrected and external access to it is now closed. “We continue to investigate this issue and confirm there has been no unauthorized access of our system,” said the spokesperson, without explanation. “There is no evidence that confidential information or any information containing personal data was impacted by this issue,” the spokesperson added.
When we asked Amadeus how it concluded there was no improper access, another spokesperson, Ben Hunt, said: “We have the full audit trail for Box and access of these files — none of the files have been downloaded outside of either Amadeus or authorized customers.”
The spokesperson declined to explain its statement when told files were downloaded to verify their contents.
PointCare chief executive Everett Lebherz confirmed its leaking files had been “removed and Box settings adjusted.” Edelman’s global marketing chief Michael Bush said the company was “looking into this matter.”
Herbalife spokesperson Jennifer Butler said the company was “looking into it,” but we did not hear back after several follow-ups. (Butler declared her email “off the record,” which requires both parties agree to the terms in advance, but we are printing the reply as we were given no opportunity to reject the terms.)
When reached, an Apple spokesperson did not comment by the time of publication.
Discovery, Opportunity International, Schneider Electric and United Tissue Network did not return a request for comment.
Data “dumpster diving” is not a new hobby for the skilled, but it’s a necessary sub-industry to fix an emerging category of data breaches: leaking, public and exposed data that shouldn’t be. It’s a growing space that we predicted would grow as more security researchers look to find and report data leaks.
This year alone, we’ve reported data leaks at Dow Jones, Rubrik, NASA, AIESEC, Uber, the State Bank of India, two massive batches of Indian Aadhaar numbers, a huge leak of mortgage and loan data and several Chinese government surveillance systems.
Adversis has open-sourced and published its scanning tool.
Powered by WPeMatico