‘We should have done better’ – the feeble words of a CEO caught using real data in infosec product demos
The CEO of Tanium has admitted staff at his computer security biz logged into live hospital networks for product demos with potential customers.
Since 2014 Tanium sales executives have used production healthcare data to demonstrate their endpoint protection software. In doing so, staffers accessed systems at the El Camino Hospital in Mountain View, California, exposing identifying information. The hospital had not given its permission for the records to be used in this way.
“We take responsibility for mistakes in the use of this particular customer’s demo environment. We should have done better anonymizing that customer’s data,” said Tanium boss Orion Hindawi in a confessional blog post.
“Viewers didn’t connect the demo environment to that customer for years, and we do not believe we ever put our customer at risk with the data we showed. Looking at those demos, we see there are easy things we should have done to obscure and anonymize further.”
Hindawi said that since 2015, his biz has always explicitly asked its customers if it could use their data in demonstrations and has obtained written consent. Only a few customers are willing to do this, and Tanium – based in Emeryville, California – is fine with that, he said.
The errant CEO also took time, however, to savage some of the press coverage his organization has received over the past few weeks. There have been reports of turmoil in Tanium, with nine senior executives leaving in the last eight months; tales of staff being fired just before their stock options vested; and insulted staff being called stupid or fat.
“It is true that I personally can be hard-edged, and that I’ve had to apologize to people at Tanium when I’ve gotten too sharp at times,” he said.
“It is true that we fire people when they don’t meet our ethical or performance standards, and we understand that from the outside that may raise questions about the number of people leaving. What is not true is that we have a toxic culture. Mission-oriented, hard-charging, disciplined, even intense, but not toxic.”
It’s not clear what effect, if any, these allegations will have on Tanium’s plans for an IPO. The family-owned firm is VC funded and has a valuation of around $3.5bn, and that figure is unlikely to fall unless customers start fleeing. ®