Facebook mistakenly leaked developer analytics reports to testers

Set the “days without a Facebook privacy problem” counter to zero. This week, an alarmed developer contacted TechCrunch, informing us that their Facebook App Analytics weekly summary email had been delivered to someone outside their company. It contains sensitive business information, including weekly average users, page views and new users.

Forty-three hours after we contacted Facebook about the issue, the social network now confirms to TechCrunch that 3 percent of apps using Facebook Analytics had their weekly summary reports sent to their app’s testers, instead of only the app’s developers, admins and analysts.

Testers are often people outside of a developer’s company. If the leaked info got to an app’s competitors, it could provide them an advantage. At least they weren’t allowed to click through to view more extensive historical analytics data on Facebook’s site.

Facebook tells us it has fixed the problem and no personally identifiable information or contact info was improperly disclosed. It plans to notify all impacted developers about the leak today and has already begun.

TechCrunch was provided with this statement from a Facebook spokesperson:

“Due to an error in our email delivery system, weekly business performance summaries we send to developers about their account were also sent to a small group of those developer’s app testers. No personal information about people on Facebook was shared. We’re sorry for the error and have updated our system to prevent it from happening again.”

Below you can find the email the company is sending:

Subject line: We recently resolved an error with your weekly summary email

We wanted to let you know about a recent error where a summary e-mail from Facebook Analytics about your app was sent to testers of your app ‘[APP NAME WILL BE DYNAMICALLY INSERTED HERE]’. As you know, we send weekly summary emails to keep you up to date with some of your top-level metrics — these emails go to people you’ve identified as Admins, Analysts and Developers. You can also add Testers to your account, people designated by you to help test your apps when they’re in development.

We mistakenly sent the last weekly email summary to your Testers, in addition to the usual group of Admins, Analysts and Developers who get updates. Testers were only able to see the high-level summary information in the email, and were not able to access any other account information; if they clicked “View Dashboard” they did not have access to any of your Facebook Analytics information.

We apologize for the error and have made updates to prevent this from happening again.

One affected developer told TechCrunch “Not sure why it would ever be appropriate to send business metrics to an app user. When I created my app (in beta) I added dozens of people as testers as it only meant they could login to the app…not access info!” They’re still waiting for the disclosure from Facebook.

Facebook wouldn’t disclose a ballpark number of apps impacted by the error. Last year it announced 1 million apps, sites and bots were on Facebook Analytics. However, this issue only affected apps, and only 3 percent of them.

The mistake comes just weeks after a bug caused 14 million users’ Facebook status update composers to change their default privacy setting to public. And Facebook has had problems with misdelivering business information before. In 2014, Facebook accidentally sent advertisers receipts for other business’ ad campaigns, causing significant confusion. The company has also misreported metrics about Page reach and more on several occasions. Though user data didn’t leak and today’s issue isn’t as severe as others Facebook has dealt with, developers still consider their business metrics to be private, making this a breach of that privacy.

While Facebook has been working diligently to patch app platform privacy holes since the Cambridge Analytica scandal, removing access to many APIs and strengthening human reviews of apps, issues like today’s make it hard to believe Facebook has a proper handle on the data of its 2 billion users.

Facebook prototypes tool to show how many minutes you spend on it

Are you ready for some scary numbers? After months of Mark Zuckerberg talking about how “Protecting our community is more important than maximizing our profits,” Facebook is preparing to turn that commitment into a Time Well Spent product.

Buried in Facebook’s Android app is an unreleased “Your Time on Facebook” feature. It shows the tally of how much time you spent on the Facebook app on your phone on each of the last seven days, and your average time spent per day. It lets you set a daily reminder that alerts you when you’ve reached your self-imposed limit, plus a shortcut to change your Facebook notification settings.

Facebook confirmed the feature development to TechCrunch, with a spokesperson telling us, “We’re always working on new ways to help make sure people’s time on Facebook is time well spent.”

The feature could help Facebook users stay mindful of how long they’re staring at the social network. This self-policing could be important since both iOS and Android are launching their own screen time monitoring dashboards that reveal which apps are dominating your attention and can alert you or lock you out of apps when you hit your time limit. When Apple demoed the feature at WWDC, it used Facebook as an example of an app you might use too much.

Images of Facebook’s digital wellbeing tool come courtesy of our favorite tipster and app investigator Jane Manchun Wong. She previously helped TechCrunch scoop the development of features like Facebook Avatars, Twitter encrypted DMs and Instagram Usage Insights — a Time Well Spent feature that looks very similar to this one on Facebook.

Our report on Instagram Usage Insights led the sub-company’s CEO Kevin Systrom to confirm the upcoming feature, saying “It’s true . . . We’re building tools that will help the IG community know more about the time they spend on Instagram – any time should be positive and intentional . . . Understanding how time online impacts people is important, and it’s the responsibility of all companies to be honest about this. We want to be part of the solution. I take that responsibility seriously.”

Facebook has already made changes to its News Feed algorithm designed to reduce the presence of low-quality but eye-catching viral videos. That led to Facebook’s first-ever usage decline in North America in Q4 2017, with a loss of 700,000 daily active users in the region. Zuckerberg said on an earnings call that this change “reduced time spent on Facebook by roughly 50 million hours every day.”

Zuckerberg has been adamant that all time spent on Facebook isn’t bad. Instead, as we argued in our piece “The difference between good and bad Facebooking,” its asocial, zombie-like passive browsing and video watching that’s harmful to people’s wellbeing, while active sharing, commenting and chatting can make users feel more connected and supported.

But that distinction isn’t visible in this prototype of the “Your Time on Facebook” tool, which appears to treat all time spent the same. If Facebook was able to measure our active versus passive time on its app and impress the health difference, it could start to encourage us to either put down the app or use it to communicate directly with friends when we find ourselves mindlessly scrolling the feed or enviously viewing people’s photos.

Fb Messenger auto-translation chips at US/Mexico language wall

Facebook’s been criticized for tearing America apart, but now it will try to help us forge bonds with our neighbors to the south. Facebook Messenger will now offer optional auto-translation of English to Spanish and vice-versa for all users in the United States and Mexico.

The feature could facilitate cross-border and cross-language friendships, business, and discussion that might show people in the two countries that deep down we’re all just human. It could be especially powerful for US companies looking to use Messenger for conversational commerce without having to self-translate everything.

Facebook tells me “we were pleased with the results” following a test using AI to translate the language pair in Messenger for US Facebook Marketplace users in April.

Now when users receive a message that is different from their default language, Messenger’s AI assistant M will ask if they want it translated. All future messages will in that thead will be auto-translated unless a user turns it off. Facebook plans to bring the feature to more language pairs and countries soon.

A Facebook spokesperson tells me “The goal with this launch is really to enable people to communicate with people they wouldn’t have been able to otherwise, in a way that is natural and seamless.”

Starting in 2011, Facebook began offering translation technology for News Feed posts and comments. For years it relied on Microsoft Bing’s translation technology, but Facebook switched to its own stack in mid-2016. By then it was translating 2 billion pieces of text a day for 800 million users.

Conversational translation is a lot tougher than social media posts, though. When we chat with friends, it’s more colloquial and full of slang. We’re also usually typing in more a hurry and can be less accurate. But if Facebook can reliably figure out what we’re saying, Messenger could become the modern day Babel Fish.

Facebook Messenger Expanding Chat Translation to All Users in United States and Mexico

Facebook today announced it is expanding chat translation within Messenger to all users in the United States and Mexico.



When you receive a message in a language that is different from your default language in Messenger, Facebook’s artificial intelligence assistant M will automatically offer a suggestion to translate the message. When you tap on the suggestion, you will be asked to enable auto-translation. Upon doing so, all future messages received that are not in your default language will be automatically translated.

“This is a meaningful milestone for M Suggestions and will enable people to connect with people they would not be able to communicate with otherwise in a way that is seamless and natural,” a Messenger spokesperson said.

Auto-translation is enabled on a per-conversation basis, and all messages are shown in both the original language and translated version. You can opt-out of the feature at any time via the M Settings menu in Messenger, accessible by tapping your profile picture in the top-left corner of the app.

At launch, M can translate from English to Spanish, and vice versa. Facebook plans to add other languages and countries in the future.

Facebook first launched chat translation via M for users of its Marketplace service in the United States in early May. M Suggestions as a whole launched in April 2017, and are now available in 11 countries and five languages.



At its F8 developer conference last month, Facebook previewed an upcoming redesign of Messenger, including a simplified user interface, a dark mode, and customizable chat bubbles. At the time, the company said the facelift will be available “very, very soon,” but as of now, the update has yet to be rolled out.

Apple is known to have looked at a similar implementation of Siri in iMessage as M in Messenger. A patent published in 2016 for a “virtual assistant in a communication session” depicts a scenario in which users can invoke Siri from within chat threads to get answers to relevant queries, complete scheduling tasks, and more.



Apple hasn’t moved forward with the idea, but it did introduce Siri Shortcuts in iOS 12, enabling users to connect certain third-party apps to Siri to greatly streamline voice controls with app-specific actions.

Discuss this article in our forums

Football matches land on your table thanks to augmented reality

It’s World Cup season, so that means that even articles about machine learning have to have a football angle. Today’s concession to the beautiful game is a system that takes 2D videos of matches and recreates them in 3D so you can watch them on your coffee table (assuming you have some kind of augmented reality setup, which you almost certainly don’t). It’s not as good as being there, but it might be better than watching it on TV.

The “Soccer On Your Tabletop” system takes as its input a video of a match and watches it carefully, tracking each player and their movements individually. The images of the players are then mapped onto 3D models “extracted from soccer video games,” and placed on a 3D representation of the field. Basically they cross FIFA 18 with real life and produce a sort of miniature hybrid.

Considering the source data — two-dimensional, low-resolution, and in motion — it’s a pretty serious accomplishment to reliably reconstruct a realistic and reasonably accurate 3D pose for each player.

Now, it’s far from perfect. One might even say it’s a bit useless. The characters’ positions are estimated, so they jump around a bit, and the ball doesn’t really appear much, so everyone appears to just be dancing around on a field. (That’s on the to-do list.)

But the idea is great, and this is a working if highly limited first shot at it. Assuming the system could ingest a whole game based on multiple angles (it could source the footage directly from the networks), you could have a 3D replay available just minutes after the actual match concluded.

Not only that, but wouldn’t it be cool to be able to gather round a central location and watch the game from multiple angles on it? I’ve always thought one of the worst things about watching sports on TVs is everyone is sitting there staring in one direction, seeing the exact same thing. Letting people spread out, pick sides, see things from different angles to analyze strategies — that would be fantastic.

All we need is for someone to invent a perfect, affordable holographic display that works from all angles and we’re set.

The research is being presented at the Computer Vision and Pattern Recognition conference in Salt Lake City, and it’s a collaboration between Facebook, Google, and the University of Washington.

Tech leaders condemn policy leading to family separations at the border

By now you’ve seen the photos and videos and probably heard the audio tape. The media coming out of the U.S./Mexico border over the past week has been truly heart-wrenching and horrifying, including, most shockingly, images of young children being housed in what amounts to human cages.

Many prominent politicians across the world (and in the G.O.P.) have called out the Trump administration’s policy of separating families at the border. A number of prominent executives from top tech companies have also begun to use their soapbox to address — and largely admonish — the policies that have led to this humanitarian crisis.

Here’s what those individuals are saying.

Microsoft

Microsoft was among the first tech giants to issue a statement about the situation. The official company line was both an admonishment of current administration policy and somewhat defensive after speculation arose that the company’s cloud computing platform Azure may have somehow been involved.

Here’s the full statement issued on Monday:

In response to questions we want to be clear: Microsoft is not working with U.S. Immigration and Customs Enforcement or U.S. Customs and Border Protection on any projects related to separating children from their families at the border, and contrary to some speculation, we are not aware of Azure or Azure services being used for this purpose. As a company, Microsoft is dismayed by the forcible separation of children from their families at the border. Family unification has been a fundamental tenet of American policy and law since the end of World War II. As a company Microsoft has worked for over 20 years to combine technology with the rule of law to ensure that children who are refugees and immigrants can remain with their parents. We need to continue to build on this noble tradition rather than change course now. We urge the administration to change its policy and Congress to pass legislation ensuring children are no longer separated from their families.

Apple

Rather than issuing a public statement, Tim Cook called the situation “inhumane” during a talk in Dublin this week. Apple’s CEO expounded upon that thought during an interview with The Irish Times, telling the paper, “It’s heartbreaking to see the images and hear the sounds of the kids. Kids are the most vulnerable people in any society. I think that what’s happening is inhumane, it needs to stop.”

As far as his own strained relationship with Trump, Cook added diplomatically, “I have spoken with him several times on several issues, and I have found him to listen. I haven’t found that he will agree on all things.”

Google

CEO Sundar Pichai took to Twitter to urge a more “humane” approach, writing, “The stories and images of families being separated at the border are gut-wrenching. Urging our government to work together to find a better, more humane way that is reflective of our values as a nation.”

Facebook

Organizations like Texas Civil Rights Project and RAICES are doing great work helping families at the US border get…

Posted by Mark Zuckerberg on Tuesday, June 19, 2018

Mark Zuckerberg, naturally, issued a call to action via Facebook. The post is largely a call to action asking followers to donate to nonprofit orgs Texas Civil Rights Project and RAICES, adding, “we need to stop this policy right now.”

Listening to the cries of children separated from their parents is unbearable. The practice of family separation on our…

Posted by Sheryl Sandberg on Tuesday, June 19, 2018

COO Sheryl Sandberg also encouraged users to donate to the two aforementioned charities, though her language was decidedly more pointed than Zuckerberg’s. “Listening to the cries of children separated from their parents is unbearable,” she wrote. “The practice of family separation on our border needs to end now. We can’t look away. How we treat those most vulnerable says a lot about who we are.”

YouTube

In a simple tweet, YouTube CEO Susan Wojcicki wrote, “Regardless of your politics, it’s heartbreaking to see what’s happening to families at the border,” while linking to a list of charities.

Tesla/SpaceX

Elon Musk’s own tweet was a bit less…verbose than the rest, simply writing, “I hope the kids are ok” and linking to a YouTube video of “Shelter” by xx.

Airbnb

Airbnb co-founders Brian Chesky, Joe Gebbia and Nathan Blecharczyk issued a joint statement on Twitter in both English and Spanish:

Ripping children from the arms of their parents is heartless, cruel, immoral and counter to American values of belonging. The U.S. government needs to stop this injustice and reunite these families. We are a better country than this.

Uber

CEO Dara Khosrowshahi cited his own experience as an immigrant to admonish the policy, writing, “As a father, a citizen and an immigrant myself, the stories coming from our border break my heart. Families are the backbone of society. A policy that pulls them apart rather than building them up is immoral and just plain wrong.”

Lyft

The cofounders of the country’s other major ride sharing service also issued a joint statement condemning the actions. They went a step further, as well, offering free rides to a dozen organizations providing help at the border.

Facebook launches Brand Collabs search engine for sponsoring creators

Facebook wants to help connect brands to creators so they can work out sponsored content and product placement deals, even if it won’t be taking a cut. Confirming our scoop from May, Facebook today launched its Brand Collabs Manager. It’s a search engine that brands can use to browse different web celebrities based on the demographics of their audience and portfolios of their past sponsored content.

Creators hoping to score sponsorship deals will be able to compile a portfolio connected to their Facebook Page that shows off how they can seamlessly work brands into their content. Brands will also be able to find them based on the top countries where they’re popular, and audience characteristics like interests, gender, education, relationship status, life events or home ownership.

Facebook also made a wide range of other creator monetization announcements today:

  • Facebook’s Creator app that launched on iOS in November rolled out globally on Android today (this link should be active soon once the app populates across Google Play). The Creator app lets content makers add intros and outros to Live broadcasts, cross-post content to Twitter and Instagram, see a unified inbox of their Facebook and Instagram comments plus Messenger chats, and more ways to connect with fans.

  • Ad Breaks, or mid-video commercials, are rolling out to more U.S. creators, starting with those that make longer and original content with loyal fans. Creators keep 55 percent of the ad revenue from the ads.
  • Patreon-Style Subscriptions are rolling out to more creators, letting them charge fans $4.99 per month for access to exclusive behind the scenes content plus a badge that highlights that they’re a patron. Facebook also offers microtransaction tipping of video creators through its new virtual currency called Stars.

  • Top Fan Badges that highlight a creator’s most engaged fans will now roll out more broadly after a strong initial reaction to tests in March.
  • Rights Manager, which lets content owners upload their videos so Facebook can fingerprint them and block others from uploading them, is now available for creators not just publishers.

Facebook also made a big announcement today about the launch of interactive video features and its first set of gameshows built with them. Creators can add quizzes, polls, gamification and more to their videos so users can play along instead of passively viewing. Facebook’s Watch hub for original content is also expanding to a wider range of show formats and creators.

Why Facebook wants sponsored content

Facebook needs the hottest new content from creators if it wants to prevent users’ attention from slipping to YouTube, Netflix, Twitch and elsewhere. But to keep creators loyal, it has to make sure they’re earning money off its platform. The problem is, injecting Ad Breaks that don’t scare off viewers can be difficult, especially on shorter videos.

But Vine proved that six seconds can be enough to convey a subtle marketing message. A startup called Niche rose to arrange deals between creators and brands who wanted a musician to make a song out of the windows and doors of their new Honda car, or a comedian to make a joke referencing Coca-Cola. Twitter eventually acquired Niche for a reported $50 million so it could earn money off Vine without having to insert traditional ads. [Disclosure: My cousin Darren Lachtman was a co-founder of Niche.]

Vine naturally attracted content makers in a way that Facebook has had some trouble with. YouTube’s sizable ad revenue shares, Patreon’s subscriptions and Twitch’s fan tipping are pulling creators away from Facebook.

So rather than immediately try to monetize this sponsored content, Facebook is launching the Brand Collabs Manager to prove to creators that it can get them paid indirectly. Facebook already offered a way for creators to tag their content with disclosure tags about brands they were working with. But now it’s going out of its way to facilitate the deals. Fan subscriptions and tipping come from the same motive: letting creators monetize through their audience rather than the platform itself.

Spinning up these initiatives to be more than third-rate knockoffs of Niche, YouTube, Patreon and Twitch will take some work. But hey, it’s cheaper for Facebook than paying these viral stars out of pocket.

After twenty years of Salesforce, what Marc Benioff got right and wrong about the cloud

As we enter the 20th year of Salesforce, there’s an interesting opportunity to reflect back on the change that Marc Benioff created with the software-as-a-service (SaaS) model for enterprise software with his launch of Salesforce.com.

This model has been validated by the annual revenue stream of SaaS companies, which is fast approaching $100 billion by most estimates, and it will likely continue to transform many slower-moving industries for years to come.

However, for the cornerstone market in IT — large enterprise-software deals — SaaS represents less than 25 percent of total revenue, according to most market estimates. This split is even evident in the most recent high profile “SaaS” acquisition of GitHub by Microsoft, with over 50 percent of GitHub’s revenue coming from the sale of their on-prem offering, GitHub Enterprise.  

Data privacy and security is also becoming a major issue, with Benioff himself even pushing for a U.S. privacy law on par with GDPR in the European Union. While consumer data is often the focus of such discussions, it’s worth remembering that SaaS providers store and process an incredible amount of personal data on behalf of their customers, and the content of that data goes well beyond email addresses for sales leads.

It’s time to reconsider the SaaS model in a modern context, integrating developments of the last nearly two decades so that enterprise software can reach its full potential. More specifically, we need to consider the impact of IaaS and “cloud-native computing” on enterprise software, and how they’re blurring the lines between SaaS and on-premises applications. As the world around enterprise software shifts and the tools for building it advance, do we really need such stark distinctions about what can run where?

Source: Getty Images/KTSDESIGN/SCIENCE PHOTO LIBRARY

The original cloud software thesis

In his book, Behind the Cloud, Benioff lays out four primary reasons for the introduction of the cloud-based SaaS model:

  1. Realigning vendor success with customer success by creating a subscription-based pricing model that grows with each customer’s usage (providing the opportunity to “land and expand”). Previously, software licenses often cost millions of dollars and were paid upfront, each year after which the customer was obligated to pay an additional 20 percent for support fees. This traditional pricing structure created significant financial barriers to adoption and made procurement painful and elongated.
  2. Putting software in the browser to kill the client-server enterprise software delivery experience. Benioff recognized that consumers were increasingly comfortable using websites to accomplish complex tasks. By utilizing the browser, Salesforce avoided the complex local client installation and allowed its software to be accessed anywhere, anytime and on any device.
  3. Sharing the cost of expensive compute resources across multiple customers by leveraging a multi-tenant architecture. This ensured that no individual customer needed to invest in expensive computing hardware required to run a given monolithic application. For context, in 1999 a gigabyte of RAM cost about $1,000 and a TB of disk storage was $30,000. Benioff cited a typical enterprise hardware purchase of $385,000 in order to run Siebel’s CRM product that might serve 200 end-users.
  4. Democratizing the availability of software by removing the installation, maintenance and upgrade challenges. Drawing from his background at Oracle, he cited experiences where it took 6-18 months to complete the installation process. Additionally, upgrades were notorious for their complexity and caused significant downtime for customers. Managing enterprise applications was a very manual process, generally with each IT org becoming the ops team executing a physical run-book for each application they purchased.

These arguments also happen to be, more or less, that same ones made by infrastructure-as-a-service (IaaS) providers such as Amazon Web Services during their early days in the mid-late ‘00s. However, IaaS adds value at a layer deeper than SaaS, providing the raw building blocks rather than the end product. The result of their success in renting cloud computing, storage and network capacity has been many more SaaS applications than ever would have been possible if everybody had to follow the model Salesforce did several years earlier.

Suddenly able to access computing resources by the hour—and free from large upfront capital investments or having to manage complex customer installations—startups forsook software for SaaS in the name of economics, simplicity and much faster user growth.

Source: Getty Images

It’s a different IT world in 2018

Fast-forward to today, and in some ways it’s clear just how prescient Benioff was in pushing the world toward SaaS. Of the four reasons laid out above, Benioff nailed the first two:

  • Subscription is the right pricing model: The subscription pricing model for software has proven to be the most effective way to create customer and vendor success. Years ago already, stalwart products like Microsoft Office and the Adobe Suite  successfully made the switch from the upfront model to thriving subscription businesses. Today, subscription pricing is the norm for many flavors of software and services.
  • Better user experience matters: Software accessed through the browser or thin, native mobile apps (leveraging the same APIs and delivered seamlessly through app stores) have long since become ubiquitous. The consumerization of IT was a real trend, and it has driven the habits from our personal lives into our business lives.

In other areas, however, things today look very different than they did back in 1999. In particular, Benioff’s other two primary reasons for embracing SaaS no longer seem so compelling. Ironically, IaaS economies of scale (especially once Google and Microsoft began competing with AWS in earnest) and software-development practices developed inside those “web scale” companies played major roles in spurring these changes:

  • Computing is now cheap: The cost of compute and storage have been driven down so dramatically that there are limited cost savings in shared resources. Today, a gigabyte of RAM is about $5 and a terabyte of disk storage is about $30 if you buy them directly. Cloud providers give away resources to small users and charge only pennies per hour for standard-sized instances. By comparison, at the same time that Salesforce was founded, Google was running on its first data center—with combined total compute and RAM comparable to that of a single iPhone X. That is not a joke.
  • Installing software is now much easier: The process of installing and upgrading modern software has become automated with the emergence of continuous integration and deployment (CI/CD) and configuration-management tools. With the rapid adoption of containers and microservices, cloud-native infrastructure has become the de facto standard for local development and is becoming the standard for far more reliable, resilient and scalable cloud deployment. Enterprise software packed as a set of Docker containers orchestrated by Kubernetes or Docker Swarm, for example, can be installed pretty much anywhere and be live in minutes.

Sourlce: Getty Images/ERHUI1979

What Benioff didn’t foresee

Several other factors have also emerged in the last few years that beg the question of whether the traditional definition of SaaS can really be the only one going forward. Here, too, there’s irony in the fact that many of the forces pushing software back toward self-hosting and management can be traced directly to the success of SaaS itself, and cloud computing in general:

  1. Cloud computing can now be “private”: Virtual private clouds (VPCs) in the IaaS world allow enterprises to maintain root control of the OS, while outsourcing the physical management of machines to providers like Google, DigitalOcean, Microsoft, Packet or AWS. This allows enterprises (like Capital One) to relinquish hardware management and the headache it often entails, but retain control over networks, software and data. It is also far easier for enterprises to get the necessary assurance for the security posture of Amazon, Microsoft and Google than it is to get the same level of assurance for each of the tens of thousands of possible SaaS vendors in the world.
  2. Regulations can penalize centralized services: One of the underappreciated consequences of Edward Snowden’s leaks, as well as an awakening to the sometimes questionable data-privacy practices of companies like Facebook, is an uptick in governments and enterprises trying to protect themselves and their citizens from prying eyes. Using applications hosted in another country or managed by a third party exposes enterprises to a litany of legal issues. The European Union’s GDPR law, for example, exposes SaaS companies to more potential liability with each piece of EU-citizen data they store, and puts enterprises on the hook for how their SaaS providers manage data.
  3. Data breach exposure is higher than ever: A corollary to the point above is the increased exposure to cybercrime that companies face as they build out their SaaS footprints. All it takes is one employee at a SaaS provider clicking on the wrong link or installing the wrong Chrome extension to expose that provider’s customers’ data to criminals. If the average large enterprise uses 1,000+ SaaS applications and each of those vendors averages 250 employees, that’s an additional 250,000 possible points of entry for an attacker.
  4. Applications are much more portable: The SaaS revolution has resulted in software vendors developing their applications to be cloud-first, but they’re now building those applications using technologies (such as containers) that can help replicate the deployment of those applications onto any infrastructure. This shift to what’s called cloud-native computing means that the same complex applications you can sign up to use in a multi-tenant cloud environment can also be deployed into a private data center or VPC much easier than previously possible. Companies like BigID, StackRox, Dashbase and others are taking a private cloud-native instance first approach to their application offerings. Meanwhile SaaS stalwarts like Atlassian, Box, Github and many others are transitioning over to Kubernetes driven, cloud-native architectures that provide this optionality in the future.  
  5. The script got flipped on CIOs: Individuals and small teams within large companies now drive software adoption by selecting the tools (e.g., GitHub, Slack, HipChat, Dropbox), often SaaS, that best meet their needs. Once they learn what’s being used and how it’s working, CIOs are faced with the decision to either restrict network access to shadow IT or pursue an enterprise license—or the nearest thing to one—for those services. This trend has been so impactful that it spawned an entirely new category called cloud access security brokers—another vendor that needs to be paid, an additional layer of complexity, and another avenue for potential problems. Managing local versions of these applications brings control back to the CIO and CISO.

Source: Getty Images/MIKIEKWOODS

The future of software is location agnostic

As the pace of technological disruption picks up, the previous generation of SaaS companies is facing a future similar to the legacy software providers they once displaced. From mainframes up through cloud-native (and even serverless) computing, the goal for CIOs has always been to strike the right balance between cost, capabilities, control and flexibility. Cloud-native computing, which encompasses a wide variety of IT facets and often emphasizes open source software, is poised to deliver on these benefits in a manner that can adapt to new trends as they emerge.

The problem for many of today’s largest SaaS vendors is that they were founded and scaled out during the pre-cloud-native era, meaning they’re burdened by some serious technical and cultural debt. If they fail to make the necessary transition, they’ll be disrupted by a new generation of SaaS companies (and possibly traditional software vendors) that are agnostic toward where their applications are deployed and who applies the pre-built automation that simplifies management. This next generation of vendors will more control in the hands of end customers (who crave control), while maintaining what vendors have come to love about cloud-native development and cloud-based resources.

So, yes, Marc Benioff and Salesforce were absolutely right to champion the “No Software” movement over the past two decades, because the model of enterprise software they targeted needed to be destroyed. In the process, however, Salesforce helped spur a cloud computing movement that would eventually rewrite the rules on enterprise IT and, now, SaaS itself.