PELOTON BACKPEDALS IN RIGHT DIRECTION

Peloton Interactive built its business to delight its customers. Now it must do the same for its shareholders.

Peloton said Tuesday that it will stop producing its own hardware, exiting all owned manufacturing operations and expanding its relationship with its Taiwanese manufacturer, Rexon Industrial Corp. The move comes as Peloton’s new Chief Executive Barry McCarthy works to right the company’s financials, unwinding big, and in hindsight naive, bets co-founder John Foley made during his tenure.

Peloton’s shares, which have lost 92% of their value over the past year, jumped by almost 5% after the market’s open. A shift to outsourced manufacturing came as a relief. The about-face highlights what Mr. Foley got spectacularly wrong: Peloton acquired Taiwan-based manufacturer Tonic Fitness Technology back in 2019—a move Mr. Foley said was meant to help Peloton own the supply chain in an effort to increase scale and capacity, as well as to “delight” its members.

But, as online retailer Stitch Fix, another business currently undergoing major restructuring and suffering a similar stock price implosion also is learning, it is very hard to own every piece of your customers’ experience and grow exponentially without losing your investors. The numbers simply don’t add up.

Customers probably won’t care where their exercise bike is made, and in fact Rexon and other contract manufacturers had already been building some of Peloton’s components and equipment. Apple, a company with a reputation for design and a loyal customer base, outsources its manufacturing, largely to China. That wasn’t always the case, but outsourcing went a long way toward making the company highly profitable, courtesy of current Chief Executive Tim Cook. In Peloton’s case, it is worth noting that Rexon builds the company’s Tread treadmill and built its recalled Tread+, the sales of which are still on hold. As long as there are no more recalls, Peloton users are there for the company’s content, with the pretty hardware just a means to the end.

Mr. Foley wanted Wall Street to see Peloton as a growth company, and that is how it was valued at its peak. Ultimately, though, there are only going to be so many people interested in sweating profusely on an expensive stationary bike alongside kindred endorphin seekers the world over. As BMO analyst Simeon Siegel put it, Peloton is a company with a phenomenal stable of existing users and right now, it should be focused on “bear hugging” those loyalists.

Data from UBS show that adoption levels of Peloton’s cheaper app, which the company views as a key customer acquisition tool toward its more expensive subscription, continued to decline in May and early June. It also showed active users declining since January. YipitData shows subscriber retention for fiscal 2022 has slightly underperformed historical averages and that churn increased in June year over year. More broadly, Similarweb data shows “home fitness” web traffic declining 24% year over year for the most recently tracked two-week period in late June—the largest annual declines logged by the firm this year.

Wall Street will have to wait for Peloton’s fiscal fourth-quarter report for more granular details on how exactly Tuesday’s announcement will impact the company’s cost structure. A Peloton spokesperson confirmed the company would cut about 570 employees in Taiwan, but that 100 employees would remain in that business unit focused on quality control, engineering and research and development. And Peloton will get a new chief financial officer in Liz Coddington—previously of Amazon.com and Netflix—after the company said Jill Woodworth, who had served in that role since 2018, will step down.

The company we once knew as aspirational is quickly becoming a commodity. It will try to prove to its investors that it can at least be a hot one.

As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.

Be familiar with how vendors develop, test and release their software

IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.

“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.

That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.

“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.

Re-evaluate how your firm accepts software updates from ‘trusted’ vendors

While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.

“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.

Automation, and maybe even artificial intelligence-based IT tools, can help.

“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”

Develop a disaster recovery plan

An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.

One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.

Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.

Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.

Review vendor and insurance contracts

For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.

“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.

If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.

The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.

This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.

Weigh the advantages and disadvantages of the various platforms

The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.

CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.

Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”