The 250bn figure is one pushed by the private owners, trying to defend their high yields. It's likely inflated with bonuses and short term schemes to juice returns.
Meanwhile, they've extracted 85bn in dividends since privatization began.
Privatizing them cost approx 7.6bn - that's a 12x return over less then 40 years. Pretty nice if you can get it.
Sweden is part of the expanded 5 eyes (now 14 eyes). As a workaround for restrictions on domestic spying, they subcontract their dirty work to each other. Hence, you can expect the US to assist in pressuring them (ostensibly on behalf of Sweden)
No, that's not right. Public health insurance in the EU does not use that concept. Participating insurance companies are not allowed to set rates that way, since it doesn't serve the public good.
Only since the Affordable Care Act (“Obamacare”). Before that, it was common to not be able to get insurance with pre-existing conditions at all without being covered by your employer. And even sometimes your employer’s plan had a waiting period for pre-existing conditions. I got stuck without insurance for a long time after college (being able to stay on your parents’ plan after graduation is also an ACA provision) and still have nightmares about it.
You’re implying the situation is as stable as it is in other first-world countries. It’s not. It’s brand new, and Donald Trump has sworn it’s going away.
With respect to pre-existing conditions, it is equal treatment. I don't know what you mean by stability. I'm just reiterating the current state. Policy in other countries is also contingent on government policy and subject to change. Any alternative would be new too.
presumably it has a semantic model of sorts, defining intrinsic relationships between entities (parent-child, composed-of, sibling-of, and so on)
A bit similar how certain joins in SQL can be very straightforward with the "USING" clause, or when it can rely on extra information such as analytic views to derive materialized views (vendor specific)
No, that sounds about right. This is a new, agile, cloud-first company that grew very quickly and has faced significant turnover. You don't get such growth by doing everything right.
Looking at linked-in, the unlucky employee could be someone in a sales role, with only 7 months of tenure. Every company has a few sysadmins with a scary amount of reach, but that's not what happened here.
Edit: A ServiceNow access request flow with poor internal controls would explain it.
>> This is a new, agile, cloud-first company that grew very quickly and has faced significant turnover.
This is not really true of Snowflake, which is not some 2-person YOLO startup, and it's also pretty irrelevant as the weakest link is often a single employee regardless of the size or industry of the company. In my experience the support and security is way better than average - example: as a client of both Snowflake and Sisense, Snowflake reached out to me about the Sisense breach before Sisense did.
Its support and security posture could very well be better than average.
Looking a other breaches (Qlik Attunity, Microsoft AAD, ...) indicates that being better then average is not enough if you're a sufficiently attractive target.
It's not a new tiny company. It's about 12 years old with 7000 employees. They know they are dead if they are not hot on security, so at the moment I would take this story with a big pinch of salt. Quite possible certain customer configurations have been attacked, but that is a different thing.
(new) sales person with an uber account that has access to carte blanche customer data. This is not only a disaster, if true, but also violates probably every certification under the sun, if they had any at all. Reminder Snowflake is a couple of sales persons from Oracle and a techie.
I'm not sure it does, perhaps it violates the spirit but not the letter.
You need a way to give your employees access to customer data; for support cases.
So you build a "request access" form in your ITSM.
Now you can tick off every box related to certification: There is a process. Only authorized persons have access. Every aspect of it can be audited.
Later, perhaps sales people (the 1000's of new joiners) start using it as well for lead generation. It's a lot easier to sell if you know how your product is used by other companies in the same industry.
Much later, someone's account is compromised, makes the same requests and it gets waved through. Why wouldn't it ? It is a valid request made by a current employee of the company. What other criteria would apply ? This is not a bank.
Aside all things stated that are wrong from security perspective - how about limit the qty and rate any such support account has access to? Breaching an account shouldn't give you access to dump everything out the gate. Even if that is the case, where are other measures alerting there's a stream of egress going on? This sounds like systemic issue which most certs are all about.
3. A reversion to in-person interaction for anything important (exams, certifications, payments, loan applications, ...)
Society benefited from a productivity gain by moving everything online, in a (relatively) high-trust environment. That is now becoming more expensive (due to higher % of frauds), or even infeasible.
with features:
- ability to hide AI labeled replies (by default)
- assign lower weight when appropriate
- if a user is suspected to be AI-generated, retroactively label all their replies as "suspected AI"
- in addition to downvote/upvote, a "I think this is AI" counter