Enterprise Software News RoundUp (Adobe/Figma, Uber/Microsoft Hacks, Salesforce/ Snowflake)
What a Week in Software Land!!
The post US Labor Day activity has been freaking insane. It’s hard to write about anything else than all the stuff that is happening now so this will be a different post with quick sound bites on the major news events happening.
First up, unless you’ve lived under a rock, Adobe is buying Figma for $20B!!!
Scott Belsky is the Chief Product Officer at Adobe and former Founder of Behance which sold to Adobe in 2012. It’s hard to imagine Adobe committing to this acquisition at this price if it wasn’t for Scott driving the decision. Therefore, I highly recommend everyone read his thread to see how Adobe is thinking about the acquisition.
My take on the acquisition is simple. Every once in awhile, there comes along two things: 1) a founder that can change the trajectory of the company and 2) a competitive product that has the potential to take massive share. On the former, this is why Salesforce bought Quip for $750M in 2016 when the company had single digit ARR. Bret Taylor is now the CEO of Salesforce. On the latter, you have so many cases, Zappos with Amazon, Instagram with Facebook, Jet.com with Walmart, etc.
This is the backdrop for Adobe. Right now Adobe faces two major competitive threats from Canva and Figma. While Canva is definitely concerning, they are not as directly competitive as they are broadening the user base of creators to anyone who needs to design an invite or shirt. Meanwhile, Figma is taking share right at the heart of Adobe’s main business, professional creators.
This acquisition is squarely about defending Adobe’s core end user base and business. So yes 50x ARR is a crazy price ($400M reported ARR to end 2022)…but they also just bought out their biggest competitor and acquired key talent that I would hope, if done well, follow the Scott Belsky playbook of being kept around in key leadership positions. Adobe has the distribution engine to scale this massively so I find it hard to believe Figma will not be doing $2B+ ARR (10x multiple) in 4 years.
Sidenote but amazing to see how multi-player collaboration can completely upend an industry: why we’re so fired up about Liveblocks at boldstart as it’s enabling developers to do this with any application.
Uber has been hacked and still going through it!
In case we need more evidence that cybersecurity risks are growing exponentially daily, this thread is a fascinating read on how Uber was hacked.
TLDR
- Socially engineered phishing attacks are still by far the #1 entry point into enterprise environments
- Standard MFA solutions are better than nothing but still fall short of fully protecting users which is why FIDO2 (passwordless MFA) is being adopted so quickly (providers include companies like Hypr, a boldstart portfolio company)
- If the hacker can identify the right user, they can use compromised access to get into internal systems (just need the right credentials which in this case was someone with access to AWS admin priveleges)
- Centralized auth can have huge risks: “In this case, the attacker appears to have found an internal network share that contained scripts with privileged credentials, giving them the keys to the kingdom. They claim to have compromised Uber's Duo, OneLogin, AWS, and GSuite environments”
As if Uber hack wasn’t enough, a new type of phishing attack surfaced in Microsoft Teams
Great explainer of the "GIFshell attack" vulnerability found in Microsoft Teams $MSFT Incredible hack enabled by sending a GIF with commands executed upon being played!! h/t @recolabs_ai
“Known as GIFShell, the vulnerability utilizes seven different insecure design elements within Microsoft Teams to create the situation whereby an attacker can launch an exfiltration or malware attack against a victim – simply by sending them a GIF with embedded commands in a Teams chat.
The second blog then revealed how spoofed attachments with malicious deeplinks exploit a lack of permissions enforcement in Microsoft Teams to carry out remote code exploitation (RCE) via an NTLM relay attack, which would steal credentials information to facilitate the RCE.”
They’re sending freaking GIFs with embedded commands one you hit play that trigger access and compromised credentials!!!
Salesforce and Snowflake announce a deep integration to solve a major issue with extracting data easily from Salesforce to merge with other datasets and allow a company to perform deeper analysis
Huge if true. Salesforce -> Snowflake is one of core Reverse ETL use cases. Interesting that Salesforce is calling itself a CDP now too, not just a CRM.
From Reverse ETL companies, to data integration, to PLG CRMs, the number one use case for almost all companies is taking data from Salesforce and putting it a data store to join datasets, train ML models on it for insights, etc. By enabling this real time, “zero copy” sync between the two companies, it seems like getting this data may be easier than ever. Funnily enough though, that may actually lead to helping all the startups in the ecosystem as now the data will be more readily available in the data warehouse already meaning focus can be more on the transformation of that data and UI/UX in delivering insights to the end user.
Phew that’s a wrap! What a week in software land!
Crazy stuff is happening in regards to energy around the world and what we are marketed to as “green and renewable energy”. Read this thread about the insanity that is called “carbon neutral” between burning lumber in Europe from the US.
Always worth reading; thanks!