Yahoo CEO Mayer to Lose Compensation Due to Massive Data Breaches

Today's topics include Yahoo's decision to withhold the annual bonus from its CEO due to security lapses, Amazon Web Services' role in demonstrating a need for cloud redundancy, CloudBleed and TicketBleed vulnerabilities that prove that cloud services can fail significantly and Oracle's attempts to make its cloud services more appealing by including Exadata Analytics for its cloud customers.

Yahoo will be withholding a lot of bonus money—possibly as much as $2 million—from CEO Marissa Mayer because of her faulty supervision of two major security breaches in the last three years.

Those two well-chronicled security lapses exposed the personal information of more than 1 billion Yahoo users and cost the company $350 million in corporate value prior to its pending acquisition by Verizon Communications.

Mayer won't be paid her annual bonus nor will she receive a potentially lucrative stock award because an internal Yahoo investigation decided that her management team reacted too slowly to the first breach discovered in 2014.

If there was ever any question about Amazon Web Services' critical role in keeping commercial web sites running smoothly, that question was answered definitively on Feb. 28 when part of the company's S3 storage service went down.

That outage took out dozens of web services, but what frustrated many users is that Amazon's AWS dashboard, which is supposed to report the operational condition of its web services, was reporting that everything was operating normally even when it clearly wasn't.

The reason for that is because the dashboard relies on Amazon's S3 storage and was unable to receive updated information about the outage. Ideally, Amazon could offer redundant storage as a part of its S3 offering, so that if the service goes down as it did on Feb. 28, data requests would be automatically routed to another site.

The typical enterprise cloud service has its own security department, leading to better security on the whole than most companies can implement internally.

Cloud-related security incidents are considered Black Swans, events that—while they can affect a massive population of users—are rare. Yet, the number of users that rely on any particular cloud service is so large that the services invite attacks, and rare software flaws can lead to massive vulnerability.

Breaches such as the recent CloudBleed and TicketBleed incidents may result in data that is out in the public domain for a long time creating a long tail of exposure, Robert Vamosi, security strategist for security firm Synopsys, told eWEEK.

Oracle, doing everything in its power to transition its on-premises customers into buying cloud services, has moved its physical Exadata analytics server into the Oracle Cloud.

Oracle users now have a couple of other options to deploy Oracle Exadata Cloud Machine, which handles big data workloads at scale off-premises.

This includes deploying it as a cloud service inside a private data center cloud, in the Oracle Cloud or in a conventional on-premises environment. The Redwood City, Calif.-based database giant is calling its user-facing cloud the Oracle Cloud at Customer, a rather unusual name for a cloud service.

It is aiming the Exadata service, released Feb. 27, at organizations that want to move enterprise workloads into the public cloud as soon as possible to avoid continuous capital expense costs.

Thanks for watching. Follow the links on this page to learn more about the stories mentioned in this broadcast. And check back every weekday for another Daily Tech Briefing from