Adobe 2014 Annual Report Download - page 21

Download and view the complete annual report

Please find page 21 of the 2014 Adobe annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 121

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121

21
problems, bugs, viruses, worms, malicious software programs and security vulnerabilities are significant, and our efforts to address
these problems may not be successful and could result in interruptions, delays, cessation of service and loss of existing or potential
customers that may impede our sales, manufacturing, distribution or other critical functions, as well as potential liability to the
company.
Outside parties have in the past and may in the future attempt to fraudulently induce our employees or users of our services
to disclose sensitive information via illegal electronic spamming, phishing or other tactics. Unauthorized parties may also attempt
to gain physical access to one of our facilities in order to infiltrate our information systems. These actual and potential breaches
of our security measures and the accidental loss, inadvertent disclosure or unauthorized dissemination of proprietary information
or sensitive, personal or confidential data about us, our employees or our customers, including the potential loss or disclosure of
such information or data as a result of hacking, fraud, trickery or other forms of deception, could expose us, our employees, our
customers or the individuals affected to a risk of loss or misuse of this information. This may result in litigation and potential
liability or fines for us, or governmental inquiry and oversight, any of which could damage our brand and reputation, possibly
impeding our present and future success in retaining and attracting new customers and thereby requiring time and resources to
repair our brand image.
These problems affect our products and services in particular because cyber-attackers tend to focus their efforts on the most
popular offerings (such as those with large bases of users), and we expect them to continue to do so. Critical vulnerabilities may
be identified in certain of our applications. These vulnerabilities could cause such applications to crash and could allow an attacker
to take control of the affected system, which could result in liability to us or limit our ability to conduct our business and deliver
our products and services to customers. We devote significant resources to address security vulnerabilities through engineering
more secure products, enhancing security and reliability features in our products and systems, code hardening, conducting rigorous
penetration tests, deploying security updates to address security vulnerabilities and improving our incident response time, but these
security vulnerabilities cannot be totally eliminated. The cost of these steps could reduce our operating margins, and we may be
unable to implement these measures quickly enough to prevent cyber-attackers from gaining unauthorized access into our systems
and products. Despite our preventative efforts, actual or perceived security vulnerabilities in our products and systems may harm
our reputation or lead to claims against us (and have in the past lead to such claims), and could lead some customers to seek to
return products, to stop using certain services, to reduce or delay future purchases of products or services, or to use competing
products or services. If we do not make the appropriate level of investment in our technology systems or if our systems become
out-of-date or obsolete and we are not able to deliver the quality of data security customers require, our business could be adversely
affected. Customers may also increase their expenditures on security measures designed to protect their existing computer systems
from attack, which could delay adoption of new technologies. Further, if we or our customers are subject to a future attack, or our
technology is utilized in a third-party attack, it may be necessary for us to take additional extraordinary measures and make
additional expenditures to take appropriate responsive and preventative steps. Any of these events could adversely affect our
revenues or margins. Moreover, delayed sales, lower margins or lost customers resulting from the disruptions of cyber-attacks or
preventative measures could adversely affect our financial results, stock price and reputation.
Some of our lines of business rely on us or our third-party service providers to host and deliver services and data, and any
interruptions or delays in these hosted services, security or privacy breaches, or failures in data collection could expose us to
liability and harm our business and reputation.
Some of our lines of business and services, including our online store at adobe.com, Creative Cloud, other hosted Digital
Media offerings and our Adobe Marketing Cloud solutions, rely on hardware and services hosted and controlled directly by us or
by our third-party service providers. We do not have redundancy for all of our systems, many of our critical applications reside in
only one of our data centers, and our disaster recovery planning may not account for all eventualities. If our business relationship
with a third-party provider of hosting or content delivery services is negatively affected, or if one of our content delivery suppliers
were to terminate their agreement with us, we might not be able to deliver the corresponding hosted offerings to our customers,
which could subject us to reputational harm and cause us to lose customers and future business, reducing our revenues.
We hold large amounts of customer data, some of which is hosted in third-party facilities. A security incident at those
facilities or ours may compromise the confidentiality, integrity or availability of customer data. Unauthorized access to customer
data stored on our computers or networks may be obtained through break-ins, breach of our secure network by an unauthorized
party, employee theft or misuse, or other misconduct. It is also possible that unauthorized access to customer data may be obtained
through inadequate use of security controls by customers. While our products and services provide and support strong password
controls, IP restriction and account controls, their use is controlled by the customer. Accounts created with weak passwords could
allow cyber-attackers to gain access to customer data. Additionally, failure by customers to remove accounts of their own employees,
or granting of accounts by the customer in an uncontrolled manner, may allow for access by former or unauthorized customer
representatives. If there were an inadvertent disclosure of personal information, or if a third party were to gain unauthorized access
to the personal information we possess on behalf of our customers, our operations could be disrupted, our reputation could be
damaged and we could be subject to claims or other liabilities. In addition, such perceived or actual unauthorized disclosure of