Fri Mar-22-2024: NIST Delays, Microsoft Suspends Cloud in Russia, Enforcing Software Agreements

[00:00:00] It's Friday, March 22nd, 2024, and I'm Dave Sobel.

[00:00:05] Three things to note today.

[00:00:08] NIST's national vulnerability database facing delays, compromising security efforts.

[00:00:13] Microsoft faults cloud services in Russia citing European sanctions and urging data back

[00:00:19] up and enforcing software agreements through resellers, vividly port decision with industry

[00:00:26] wide applications.

[00:00:28] NIST is the Business of Tech.

[00:00:31] Today's episode is supported by CoreView, your customers need your Microsoft 365 expertise

[00:00:38] and CoreView has the only M365 management platform designed for MSPs.

[00:00:44] Manage hundreds of tenants, automated manual tasks, and monitor compliance all while intelligently

[00:00:49] comparing to the baseline.

[00:00:51] With a no-code control approach, CoreView revolutionizes your Microsoft 365 administration.

[00:00:57] This powerful platform enables automatic reporting and remediation, ensuring optimal

[00:01:02] performance and security.

[00:01:04] The best part?

[00:01:05] You achieve this high level of service without the need for a large workforce, allowing

[00:01:10] you to focus on growing your business through efficiency.

[00:01:14] Want to know more?

[00:01:15] Visit coreview.com slash MSP and find out more.

[00:01:22] I spotted this in dark reading and I wanted to highlight it.

[00:01:25] The National Vulnerability Database, operated by NIST, has experienced a significant slowdown,

[00:01:31] leaving many vulnerabilities without essential metadata.

[00:01:34] This is written concerns among security experts and enterprise security managers who rely

[00:01:39] on the NVD for threat information.

[00:01:41] Miter that contractor responsible for CVE collection has also placed criticism for not addressing

[00:01:47] the issue.

[00:01:48] The NVD freeze poses challenges, patching vulnerabilities, and may give bad actors more

[00:01:54] time to exploit enterprise networks.

[00:01:57] To repair that with coverage about SIS's budget requests, the cybersecurity and infrastructure

[00:02:02] security agency is planning to increase staff and implement technology upgrades to support

[00:02:07] the new cyber-incident reporting needs.

[00:02:11] The agency is requesting a budget of $116 million in fiscal 2025 for the Cyber Incident

[00:02:17] reporting for critical infrastructure act program or SORC-SEA, which includes hiring

[00:02:23] 122 full-time employees.

[00:02:26] TISA also aims to roll out significant technology enhancements such as an unclassified ticketing

[00:02:31] system and an incident reporting web app.

[00:02:34] SORC-SEA aims to provide earlier insights in the cyber-attacks on critical infrastructure

[00:02:39] entities and coordinate responses.

[00:02:42] The regulations require critical infrastructure operators to report cyber incidents to SISA

[00:02:47] within 72 hours.

[00:02:48] While uncovering these moves, the general services administration or GSA has issued a new

[00:02:54] position letter to make buying cloud services more accessible for agencies.

[00:02:59] The letter allows contracting officers to use upfront payments for software as a service

[00:03:04] without violating federal procurement law.

[00:03:08] The GSA's changes aim to enhance competition and drive better pricing, mainly benefiting small

[00:03:13] businesses.

[00:03:14] However, an amendment to the Anti-Deficiency Act is still needed to allow industry billing

[00:03:19] and arrears for cloud services on a consumption basis.

[00:03:24] Why do we care?

[00:03:25] There's a lot about funding here, and if you value your capabilities, SISA needs to be

[00:03:31] funded.

[00:03:32] Both of these services are bedrock services or delivering cybersecurity.

[00:03:38] And that's why you care.

[00:03:42] I have a collection of stories and didn't want to miss.

[00:03:45] Microsoft will suspend access to its cloud services for Russian users due to European

[00:03:50] sanctions imposed on Russia after the invasion of Ukraine.

[00:03:54] Softline, a major distributor of Microsoft products in Russia, confirmed the suspension

[00:03:59] and recommended backing up data associated with foreign cloud services.

[00:04:04] This move follows other tech companies exiting the Russian market or suspending services

[00:04:08] due to sanctions.

[00:04:10] The users are urged to consider domestic alternatives like Yandex 360, SAS BK and softline

[00:04:17] universe.

[00:04:19] This story you couldn't miss.

[00:04:21] The US Department of Justice along with 16 state and district attorney general has filed

[00:04:26] an antitrust lawsuit against Apple, accusing the company of operating an illegal monopoly

[00:04:31] in the smartphone market.

[00:04:33] The lawsuit alleges Apple imposes contractual restrictions on developers and withholds

[00:04:38] pretty cool access to prevent competition.

[00:04:41] The government points to various ways that Apple has allegedly maintained its monopoly,

[00:04:46] including disrupting super apps, blocking cloud streaming apps, suppressing messaging

[00:04:50] quality, limiting the functionality of third party smartwatches and blocking competing digital

[00:04:56] wallets.

[00:04:57] Apple plans to dismiss the case and disagrees with the defined market.

[00:05:01] The DOJ seeks to stop Apple from undermining cross-platform technologies and obtain relief

[00:05:06] to restore competition.

[00:05:09] Also in stories that made noise this week, OpenAI is expected to release GPT-5, a significant

[00:05:14] improvement over GPT-4 as early as this summer.

[00:05:17] GPT-5 is described as materially better and will offer impressive improvements, including

[00:05:23] the ability to interact with other AI programs.

[00:05:26] OpenAI is training the model and conducting red team testing for its public release.

[00:05:32] Why do we care?

[00:05:34] I didn't want to miss the tech consequences of geopolitics, as well as note the impact

[00:05:39] of the Russian market.

[00:05:40] No, I don't have a lot of listeners there, but it's not zero either.

[00:05:44] Broadly however my interest is in the downstream effects and impacts.

[00:05:50] That's why I noted it.

[00:05:51] The Apple case is newsworthy but not yet relevant to IT services, that's going to take ages

[00:05:57] to become relevant.

[00:05:59] But I also didn't want to ignore it either, so now you're in form.

[00:06:05] One reason I added the Friday Big Ideas section was to include PowerPoints to my own,

[00:06:10] and with some really good ones today.

[00:06:12] The Harvard Business Review tackles loneliness, moat teams, remote work and lead to feeling

[00:06:18] some isolation and loneliness impacting job performance.

[00:06:21] The article provides more evidence-based strategies for leaders and managers to build

[00:06:26] community and remote teams, including reflecting upon team dynamics, recognizing team members,

[00:06:33] reporting career development, and communicating as whole individuals.

[00:06:37] The piece highlights how addressing loneliness and building community and remote environments

[00:06:41] requires innovation and intention.

[00:06:45] Also from HBR is your AI first strategy causing more problems than it's solving.

[00:06:51] An AI first strategy can cause problems if it prioritizes AI over the true purpose

[00:06:56] of technology which is to serve and enhance human endeavors.

[00:07:00] Oguz a ACAR recommends a problem-centric people first and principal-driven approach

[00:07:06] to AI transformation.

[00:07:08] Over at MIT, return to office mandates can lead to a loss of best performers.

[00:07:14] While CEOs argue that productivity is a reason for these mandates, there's evidence that

[00:07:19] they damage employee engagement and increase attrition, especially among high-performing

[00:07:24] employees with caregiving responsibilities.

[00:07:27] Using on outcomes, trust and flexibility and where and when work is done allows individuals

[00:07:32] and organizations to thrive.

[00:07:35] Mandates and monitoring de-free employee satisfaction and trust while companies that build trust,

[00:07:40] focus on outcomes, outperform their peers financially.

[00:07:46] This one I didn't want to miss.

[00:07:48] Federal News Network covers the issue of who can enforce in-use or license agreements

[00:07:54] when software is sold through a reseller, which was recently discussed in Federal's

[00:07:58] circuit here.

[00:08:00] The case involved the software company, a VU Technologies, software of sale to the FDA

[00:08:06] through a reseller, Carersoft.

[00:08:09] A VU claimed that the FDA breached their intellectual property rights by violating the end user

[00:08:14] agreement.

[00:08:15] The civilian board of contract appeals upheld the FDA's position that the contract was directly

[00:08:21] with carsoft, not a VU.

[00:08:23] However, the Federal Circuit reversed the decision stating that a VU had the right to allege

[00:08:28] the existence of a contract and pursued a case.

[00:08:32] The outcome of this case could have implications for software companies selling through resellers

[00:08:37] and their ability to enforce in-use or license agreement.

[00:08:41] And I'll end with one that was just a great read.

[00:08:44] Guardian profiles Orangeburg County and South Carolina challenging commercial broadband

[00:08:49] providers that have neglected rural areas in the US.

[00:08:53] The absence of service from major companies has prompted counties in small towns to

[00:08:58] consider building their own broadband networks.

[00:09:01] Orangeburg County has been the forefront of the fight for rural broadband access, aided

[00:09:06] by federal grants and exemptions from state regulations.

[00:09:09] The provision in the Infrastructure Act allows local leaders to propose manipul-sold

[00:09:14] broadband projects and receive funding overriding state laws that restrict competition.

[00:09:19] However, large telecom corporations have successfully lobbied to block municipalities

[00:09:24] from competing.

[00:09:26] This article is that story.

[00:09:30] Why do we care?

[00:09:31] I'm going to focus on that reseller story, or all interested in this one because of

[00:09:35] the implications and responsibility of being a reseller.

[00:09:39] Imagine for a moment that software companies could not enforce in-use or license agreements

[00:09:43] sold through resellers.

[00:09:46] Now you know why we care.

[00:09:47] No outcome yet.

[00:09:49] We're distinctly interested.

[00:09:53] Looking to reach an audience of thousands of MSPs and IT service providers, put your

[00:09:57] ad right here on the business of tech and be on the show that 64% of MSPs report having

[00:10:04] listened to.

[00:10:05] A recurring top 50 tech news podcast, there are affordable options for you to reach our

[00:10:11] audience and we can support any budget.

[00:10:14] Most listeners are more engaged, have a higher level of brand retention and are more willing

[00:10:20] to listen to ads here than any other avenues.

[00:10:24] Want to know more?

[00:10:26] There's information at mspradio.com slash engage including a button to book a time to talk.

[00:10:33] I'm looking forward to that discussion.

[00:10:37] Thanks for listening.

[00:10:38] It's National Youth Loss Day.

[00:10:41] Yeah, that one seems good right on a weekend.

[00:10:44] Have a question you want answered?

[00:10:45] We take lists or questions.

[00:10:47] Send them.

[00:10:48] Ideally as a voice member or video to question at mspradio.com.

[00:10:51] I answer those list or questions live each week on our Wednesday live show next week 3pm

[00:10:56] on YouTube and LinkedIn.

[00:10:58] This weekend there'll be a bonus episode an interview with Fred Carrey discussing cash

[00:11:03] flow and why putting that over profits.

[00:11:05] I'll be back again on Monday.

[00:11:09] The Business of Tech is written and produced by me Dave Sobel under ethics guidelines

[00:11:14] posted at businessof.tech.

[00:11:16] If you like the content, please make sure to hit that like button, follow or subscribe.

[00:11:22] It's free and easy and the best way to support the show and help us grow.

[00:11:27] You can also check out our Patreon where you can join the business of tech community

[00:11:31] at patreon.com slash mspradio or by our why do we care merch at businessof.tech.

[00:11:39] Finally if you're interested in advertising on this show, visit mspradio.com slash engage.

[00:11:46] Once again thanks for listening to me and I will talk to you again on our next episode

[00:11:51] of the Business of Tech.

[00:11:55] Part of the mspradio network