The 10 Most Controversial Companies Of 2019

Whether it was a security vendor hit by hackers, whistleblower accusations of hiding damaging figures or a major channel policy change that raised the ire of partners, 2019 was a year filled with controversial companies. Here’s our list of the top 10 most controversial.

Security Breaches, CEO Departures, Policy Change Backlash

Security breaches led to a 2019 filled with fear, uncertainty and doubt in the managed service provider market.

In fact, the breach of a major systems integrator shined the spotlight on the fact that hackers were entering the internal systems of solution providers as a jumping-off point to infiltrate customers.

Classifying the attacks as being both persistent and aggressive, the National Counterintelligence and Security Center warned the channel that it is a prime attack vector. “Know the Risk, Raise Your Shield” was the battle cry of an NCSC public campaign.

Security also was front and center in a number of controversial companies, including the breach of a cybersecurity company that resulted in the exit of the CEO, and a networking and cybersecurity vendor that admitted potential violations of U.S. Sanction programs with its products being used by entities designated as terrorists or narcotics traffickers by the U.S. Office of Foreign Assets Control.

Meanwhile, a policy change can sometimes unleash a channel firestorm. That was the case this year for one of the top software companies in the world, which ended up rescinding the policy change.

With these events and more as a backdrop, here are the 10 most controversial companies of 2019.

Get more of CRN's 2019 tech year in review.

10. Imperva

A security breach is never good news, but it is particularly troubling when the company being hit by hackers is a cybersecurity company.

That’s what happened when Imperva informed customers that a data breach revealed email addresses, hashed passwords, API keys and SSL certificates for some Web Application Firewall (WAF) users.

The Redwood Shores, Calif.-based cybersecurity vendor learned of the breach Aug. 20, 2019, and said it affected a portion of its Incapsula Cloud WAF customers who had accounts through Sept. 15, 2017.

A subset of Incapsula users through Sept. 15, 2017, had their API keys and customer-provided SSL certificates exposed, according to Imperva. In addition, Imperva said email addresses as well as hashed and salted passwords in the Incapsula customer database were also revealed

Imperva said it informed all affected customers directly and shared the steps the company was taking to safeguard their accounts and data. In addition, the company said it implemented forced password rotations and 90-day expirations for its Cloud WAF product.

Nine weeks after the breach, Imperva confirmed that CEO Chris Hylen had resigned. Hylen had joined Imperva as president and CEO in August 2017 following nearly four years overseeing Citrix Systems’ mobility practice, and spearheaded publicly traded Imperva’s $2.1 billion sale to private equity giant Thoma Bravo in January 2019.

9. Cloudflare

Cloudflare admitted that its products have been used by or for the benefit of individuals and entities that have been blacklisted by federal regulators.

The San Francisco-based networking and cybersecurity vendor said a small number of blacklisted parties made payments to Cloudflare in connection with their use of the company's platform, according to a regulatory filing.

Parties allowed to use Cloudflare's products include entities designated as terrorists or narcotics traffickers by the U.S. Office of Foreign Assets Control (OFAC), as well as groups affiliated with governments currently subject to comprehensive U.S. sanctions.

Cloudflare said in its filing with the U.S. Securities and Exchange Commission that it has implemented additional controls and screening tools to prevent similar activity from occurring in the future.

Cloudflare also indicated that it may have submitted incorrect information to the U.S. government in connection with certain hardware exports, according to the filing. As a result, Cloudflare said it submitted self-disclosures to the Commerce Department's Bureau of Industry and Security as well as to the Census Bureau regarding potential violations of Foreign Trade Regulations.

8. Cognizant

Cognizant Technology Solutions, which was caught in a Facebook content moderation controversy, said it was laying off 6,000 employees as it exited that business.

As part of a plan to exit the content monitoring business, the Teaneck, N.J.-based company said it will attempt to sell the business, and it set aside $5 million to invest in technologies to automate the monitoring of web content for clients, said Cognizant CEO Brian Humphries.

Cognizant, ranked No. 6 on the CRN 2019 Solution Provider 500 list, had reportedly signed a contract with Facebook worth $100 million per year to scrub violent, obscene and hateful content from the social media platform.

However, published reports from The Verge alleged that minimum-wage employees at Cognizant facilities in Arizona and Florida suffered from stress and long-term mental harm from watching obscene or otherwise sickening images and videos for hours at a time.

Humphries said the content operations business offers a wide range of business process services to clients across all industries. Projects including involve ensuring proper brand and business experiences such as integrating health-care patients or determining whether online maps are accurate.

"But within one subset of the content operations business, our work is largely focused on determining whether certain content violates client's standards and can involve objectionable materials," he said. "We've determined that this subset of work is not in line with our strategic vision for the company."

Humphries did not mention specific client names during the call. While Cognizant is planning to exit that business, Humphries said, the company does recognize the importance of cleansing the web of objectionable content and that businesses have a role to play in it.

"For this reason, we have decided to allocate $5 million to fund research aimed at increasing the level of sophistication of algorithms and automation, thereby reducing users’ exposure to objectionable content," he said.

7. Conduent

Conduent CEO Ashok Vemuri decided it was time to step down in May after the Florham Park, N.J.-based company posted a losing quarter that came amid a public spat with activist investor Carl Icahn.

Vemuri’s departure came after the Xerox spinoff saw a 39 percent drop in new business signings, lost a $140 million contract with the state of California, and saw its largest customer reduce volume, leading to lower revenue and prompting the company to point guidance lower for the year.

Vemuri also came under fire in April when resigning board member Michael Nevin—an Icahn employee—questioned Vemuri’s decision-making after the CEO was offered and accepted a seat on grocery store chain Kroger’s board of directors.

“Ashok, with (former Conduent board) Chairman (William) Parrett’s acquiescence, determined to take this board seat only a few short months after negative disclosures by Conduent resulted in the evaporation of almost half the company’s stock market valuation in a matter of weeks,” Nevin wrote in the letter.

Nevin also criticized company leadership for failing to resolve a Medicaid fraud lawsuit brought by the state of Texas that could have saddled the company with $2 billion in damages.

Icahn used the Nevin resignation as leverage to get board chairman Parrett to resign, offering to withhold the letter’s public release in exchange for Parrett’s departure, according to a Conduent SEC filing.

Conduent was spun off in 2017 from Xerox, which waged its own proxy war with Icahn.

Cliff Skeleton, who was appointed interim CEO in August, told investors in November that Conduent is going to turn a corner in 2020.

“Q4 is not going to be better in terms of new business signings … 2020 is going to be better,” Skelton told investors after the company posted a $16 million loss on a 15 percent decline in sales for its third quarter ended Sept. 30. “It has to be. You will start seeing a turn in 2020.”

In response to an analyst question about an upside, Skelton said the company has great relationships with its customers, which it plans to use to spur growth in the coming year.

“I don't think there's any surprises,” he said. “I read all the press; I knew what I was getting into.”

6. Infosys

Whistleblowers accused the CEO and CFO of India outsourcing behemoth Infosys of misleading the board as well as shareholders by withholding some figures in order to make the company’s performance appear better than it is, according to a report.

In a statement provided to CRN, Infosys did not address the claims leveled against CEO Salil Parekh and Chief Financial Officer Nilanjan Roy but said the company’s audit committee is reviewing the complaints.

In two letters published by the Economic Times of India, the whistleblowers said they were told not to report the cost of visas to improve the appearance of profits. This quarter, they said, they were told not to recognize reversals of $50 million in up-front payment in an “FDR contract.”

“As this will reduce profits for the quarter and negative (sic) for stock price, they are putting pressure not to take the charge,” the letter provided to the Economic Times reads. “Critical information is hidden from the auditors and Board. In large contracts like Verizon, Intel, and JVs in Japan, ABN Amro acquisition, revenue recognition matters are forced which are not as per accounting standards.”

The whistleblowers claim to have voice recordings and emails that prove their allegations, and said they have provided the information both to the U.S. Securities and Exchange Commission as well as to India-based Infosys.

“CEO is bypassing reviews and approvals and instructing sales not to send mails for approvals(sic),” the letter states. “He directs them to make wrong assumptions to show margins. CFO is compliant and he prevents us from showing in board presentations large deal issues … several billion dollar deals of last few quarters have nil margins.”

"The whistleblower complaint has been placed before the Audit Committee as per the Company’s practice and will be dealt with in accordance with the Company’s whistleblowers policy,” the company said in a statement.

The SEC would neither confirm nor deny that it was investigating.

5. Symantec

After the abrupt departure of its CEO, Greg Clark, earlier in the year, Symantec was split in two when it sold its enterprise security business to chip behemoth Broadcom in November for $10.7 billion.

Broadcom said it planned to enhance its investment around the Symantec enterprise security endpoint, web and data loss protection products, while scaling down investment in other areas. In fact, Broadcom said it expected to achieve $1 billion of cost synergies in the year after the close of the Symantec deal through cuts to sales, marketing, general and administrative functions.

The consumer business of Symantec remained as an independent, publicly traded entity and changed its name to NortonLifeLock.

NortonLifeLock CEO Vincent Pilette said the Tempe, Ariz.-based former consumer division of Symantec needs to eliminate $1.3 billion in costs, which the company has embarked upon by reducing its head count by 8 percent in the past quarter and putting four or five corporate campuses up for sale.

4. Xerox

Xerox made a hostile bid to take over rival HP Inc.—a PC and printer company six times bigger—even as the copier/printer maker itself grappled with declining revenue and earnings misses.

With a strong position in both printers and PCs, HP, Palo Alto, Calif., generated a total of $58.72 billion in revenue during its latest four quarters. That represented an increase of 2.9 percent from the prior four-quarter period, when HP's total revenue was $57.04 billion.

For Xerox's latest four quarters, the Norwalk, Conn.-based company generated revenue of $9.23 billion—down 8 percent from the prior four quarters, when revenue reached $10.04 billion.

Xerox's revenue decline "raises significant questions for us regarding the trajectory of your business and future prospects," HP's board said in its letter rejecting the Xerox takeover bid.

In a letter to HP shareholders posted to the Xerox website, Xerox CEO John Visentin made no apologies for the hostile bid.

"While you may not appreciate our 'aggressive' tactics, we will not apologize for them,” he wrote to HP’s board of directors. “The most efficient way to prove out the scope of this opportunity with certainty is through mutual due diligence, which you continue to refuse, and we are obligated to require. We plan to engage directly with HP shareholders to solicit their support in urging the HP Board to do the right thing and pursue this compelling opportunity."

3. Wipro

When India-based outsourcing behemoth Wipro’s internal IT systems were hacked and used to launch attacks against some of its customers, it set off panic in the MSP market.

Wipro's systems, in fact, were being used as a jumping-off point for exploits targeting at least a dozen client systems. The Wipro breach—first reported by KrebsOnSecurity—ended up being the first of many breaches through MSP systems.

Wipro was one of eight major solution providers targeted in an attempt to perpetrate gift card fraud, according to KrebsOnSecurity.

“It’s a scary time," said one East Coast MSP who didn't wish to be identified. "Some of the people on this list have the best security money can buy. I hope it’s working for them, because if it’s not, this problem got a lot bigger.”

The high-profile cyberattack on Wipro “did not impact the company’s ongoing critical business operations,” according to a letter the firm sent to managers of the stock exchanges where it’s traded.

“The Company has used its industry leading Cyber Security practices and partner ecosystem for remedial steps and has shared this intelligence with its partners to develop the AntiVirus signatures. The same has been applied to our enterprise systems,” Wipro said in its letter, published in a filing with the SEC. “We are collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing our security posture. We continue to monitor our enterprise infrastructure at heightened level of alertness.”

2. Microsoft

When Microsoft informed partners that it would no longer offer the internal use rights (IUR) benefit to partners as of July 1, 2020, there was an immediate channel backlash.

The benefit, a staple of Redmond, Wash.-based Microsoft’s partner program for decades, provides partners with free Microsoft products for internal business usage.

A petition criticizing the IUR move received more than 6,000 signatures. Among the partners who had been advocating for Microsoft to reconsider its decision was Miguel Zamarripa, CIO of Colorado Springs, Colo.-based Simpleworks IT, who shared his message for Microsoft with CRN: "You still have time to make a course correction on this before you lose a large percentage of our advocate base."

Making a course correction is exactly what Microsoft did just nine days after issuing the IUR change in a July 3 update to its Microsoft Partner Network Programs Guide.

Microsoft channel chief Gavriella Schuster, who had initially defended the move as financially necessary, informed partners in blog post on July 12 that the software giant was rescinding the IUR policy change.

"Your partnership and trust matters to us,” said Schuster. “Given your feedback, we have made the decision to roll back all planned changes related to internal use rights and competency timelines that were announced earlier this month. This means you will experience no material changes this coming fiscal year, and you will not be subject to reduced IUR licenses or increased costs related to those licenses next July as previously announced. We listened to you, and we have acted.”

Microsoft also found itself caught in the U.S. Department of Defense’s $10 billion Jedi cloud contract controversy. Microsoft was awarded the massive contract, but Amazon Web Services filed a protest, alleging political pressure from the White House.

“We’re going to protest the decision and push the government to shine a light on what really happened,” AWS CEO Andy Jassy was reported as saying at the meeting. “I think that if you do any thorough, apples-to-apples, objective comparison of AWS versus Microsoft, you don’t come out deciding that they’re comparable platforms. Most of our customers will tell us that we’re about 24 months ahead of Microsoft in functionality and maturity.”

1. DXC Technology

A new CEO, plans to unload businesses and lawsuits with wild accusations. That’s the kind of headlines that made systems integration giant DXC Technology the No. 1 most controversial company in 2019.

In November, new CEO Mike Salvino told investors during his first quarterly earnings call that the Tysons, Va., company was looking at divesting three businesses as part of a plan to restore growth.

The three businesses Salvino is looking to unload: U.S., state, and local health and human services business; its horizontal business process services business; and its workplace and mobility business. Those three businesses account for about 25 percent of annual sales.

Salvino, a 22-year Accenture veteran, stepped into the top job in September after former DXC CEO Mike Lawrie retired.

DXC also grappled with major lawsuits in 2019 including a federal civil lawsuit that alleged that an ex-general manager of DXC carried out a fraud scheme in which he put friends and family on the payroll, then submitted “fabricated” time sheets and expenses, according to the lawsuit. The DXC account manager has denied the charges.

The accusations are included in a suit filed in October by Atlas Communications Inc., a Plainsboro, N.J.-based staffing service provider, in U.S. District Court in New Jersey. A lawyer representing Atlas declined to answer questions about the accusations, telling CRN that “the suit speaks for itself.”

If that wasn’t enough, former DXC Executive Vice President, Head of Global Delivery Stephen Hilton, who was oversaw a $14 billion business with 120,000 employees, accused Lawrie of possessing a “toxic” management style that valued obedience above honest feedback, and of having no boundaries between personal and professional roles.

In its response, DXC denied Hilton’s claims about the “toxic” style, as well as that Lawrie had changed the vesting dates of Hilton’s stock “without legal authority.”

After months of back and forth, DXC and Hilton agreed to dismiss the suit in July, with each side opting to pay its own legal fees and court costs, a sign that typically means the parties have settled out of court.