People say that the last part in a trilogy is the perfect way to close out a movie series. But what happens when the last movie was actually the prequel?

Microsoft has remastered existing guidance in “Entra ID vision” as a series of documents under the banner “Microsoft 365 guidance for UK Government”.  Following the release of the Information Protection guidance and the update to External Collaboration guidance, we have also remastered the one that kicked it off: Secure Configuration Blueprint.

Microsoft 365 Guidance for UK Government

The three-piece collection provides a common baseline which UK Government departments, and their partners, can use to enable secure use of Microsoft 365.

The goal of the Secure Configuration Blueprint is to create a secure foundation for a Microsoft 365 tenancy. It provides guidance using the “Good, Better, Best” approach targeted on feature availability by licence, offering policies and settings that protect your Microsoft 365 tenancy from the most common attacks.  It includes:

• Securing identities that access services, including privileged users.
• Protecting devices that your users use to access services.
• Configuration of services to require use of the above when accessing data.

The updated Secure Configuration Blueprint guidance is the base upon which the other pieces of guidance are built. But how have we got to where we are today?

Securing user devices

It all started as a result of understanding that device trust was key to protecting the data stored locally and in datacentres.

In 2004, on the back of some high-profile worm viruses, SQL Slammer (January 2003) and Blaster (August 2003), Microsoft worked closely with Communications-Electronics Security Group (CESG), now a part of the NCSC. This joint effort developed a set of security controls to take advantage of the security improvements in SP2 for Windows XP, including Windows Firewall on by default, Software Restriction Policies, and Automatic Updates enabled by default.

The outcome of this work was known as the “Government Assurance Pack” or GAP for short. GAP was revised and updated for Vista and Windows 7 and added BitLocker device encryption and AppLocker when those features were released.

Moving forward to 2014, and CESG moved to a model that evaluated all end-user devices, PC and mobile, against a common set of principles, the End User Device Security Principles. Windows 8 (8.1), Windows 10 and Windows 11 have all had End User Device (EUD) security guidance developed with CESG initially and then the NCSC when that was formed in October 2016.

By following the latest guidance provided by NCSC, organisations (including Government departments) can be confident that the devices used by their users to access and handle data are secure against common attacks.

Figure 1. Timeline leading to the updated Secure Configuration Blueprint guidance.

Securing cloud services

The UK Government introduced a “Cloud First” policy in 2013 for all technology decisions with the NCSC, publishing 14 Cloud Security Principles (originally in December 2013) to support Government as it started to adopt cloud services.

Historically, the focus of the guidance was on securing devices but, with the UK Government adopting a Cloud First policy, data was no longer being stored in on-premises datacentres and networks. Instead, it would increasingly be stored in Public Cloud services like Microsoft 365.

To address this, Microsoft worked with the NCSC to produce guidance for Microsoft Azure in October 2017, and in July 2019 we released the initial version of Office 365 Blueprint and a supporting document detailing how Office 365 met the NCSC 14 Cloud Security Principles.

As a result, in parallel to releasing Office 365 guidance, we also worked with NCSC to produce the first MDM (Mobile Device Management) End User Device (EUD) guidance for cloud-managed Windows 10 EUDs using Microsoft Intune. This guidance formed the base for Microsoft’s first cloud-based Privileged Access Workstation (PAW), allowing organisations to manage their risk in Microsoft 365 management. Microsoft recommends using a PAW for administrative access and managed EUDs for standard user access, both using Entra ID to secure access to cloud services – please refer to Protect Microsoft 365 and Securing Privileged Access.

Once the foundational guidance was released, and on the back of the challenges that the COVID-19 pandemic brought to UK Government departments, we worked with NCSC and Government Security Group and released the first iteration of our BYOD guidance in June 2020.

The rest is history, as they say. Working with Central Digital & Data Office (CDDO) and NCSC, the Cross-Government Collaboration guidance was released in 2021 and updated in 2023, along with the release of the Purview Information Protection guidance.

With that, UK Government departments have at their disposal guidance for how to securely configure their Entra ID and Microsoft 365 tenant, classify and protect their data, and use it to securely collaborate with not only other government departments but also industry partners.

But remember, if you don’t pay attention to the film, the sequels might be confusing. So, ensure that you implement the guidance in the Secure Configuration Blueprint before looking to adopt the External Collaboration or External Collaboration guidance.

Find out more

Read the Secure Configuration Blueprint

Guidance on protecting government data using Microsoft Purview

About the author

James has spent his entire IT career of 27 years specialising in the security arena, the last 22 of which have been for Microsoft. Based in the UK, he works in the key areas of security and identity in the public sector as a Security Technical Specialist. He is a regular contributor to Microsoft docs for Securing Privileged Access and was the lead architect for the Microsoft 365, External Collaboration, Information Protection, and BYOD guidance produced for Cabinet Office and NCSC.

The post Updated Microsoft 365 security and compliance guidance for the UK public sector appeared first on Microsoft Industry Blogs - United Kingdom.

In this second of our four-blog series, we’ll see how prevention is truly the best defence. And as organisations continue to transition to the cloud, independent software vendors have been instrumental in building innovative cyber security solutions that appeal to customers in the fast-paced world of digital transformation.  

Darktrace, one of TIME magazine’s “Most Influential Companies” in 2021, is one such vendor. Currently protecting nearly 8,900 organisations around the world, including Royal Caribbean, City of Las Vegas, and McLaren, Darktrace works with companies of all sizes and in all verticals – from enterprises to governments, or small and medium businesses.  

Darktrace AI is designed to work with your security team across the entire attack lifecycle, providing clear analysis and context in ordinary language to drive understanding and efficiency. The solution integrates seamlessly with Microsoft Azure Sentinel and hosts its email service on Azure. Read on to discover how Darktrace’s AI-powered security products, available on the Microsoft marketplace, can help protect your organisation, building even greater confidence that your business, data and staff are safe.

On a mission to mitigate cyber-disruption  

As a global leader in cyber security AI, Darktrace is on a mission to tackle and minimise cyber-disruption. Breakthrough innovations in their Cambridge-based Cyber AI Research Centre have resulted in over 160 patents filed and research published to contribute to the cybersecurity community. That’s great news for stretched security teams, who are struggling with increasingly complex digital systems and an escalating threat landscape – from fending off ransomware attacks and data leaks, through to phishing and supply chain attacks.  

In fact, Darktrace research found that traditional email security tools, which rely on knowledge of past threats, take an average of 13 days from the launch of an attack to detection of it. (Source: Major Upgrade to Darktrace/Email™ Product Defends Organizations Against Evolving Cyber Threat Landscape.)

Darktrace has tackled the challenges of traditional cyber security efforts by turning the entire approach on its head. 

Responding to threats by knowing you

Rather than study attacks, Darktrace’s technology continuously learns and updates its knowledge of your business. Its distinction lies in the algorithms and data it uses, and how the two interact. Instead of training an AI on historical attacks – an approach that requires constant updating and maintenance – Darktrace takes their “Self-Learning AI” to your data. It’s plugged into your enterprise and learns in real time from everything that happens in your digital world – including email, cloud environments, manufacturing and operational systems, and physical locations.  

From this, the AI builds up a sense of “normal” for your organisation. This allows it to identify unusual patterns that indicate a cyber-threat – and then take targeted action to contain emerging attacks.  It then applies that understanding to optimise your unique state of cybersecurity.  

In effect, Darktrace is fuelling a continuous end-to-end security capability that can spot and respond to novel in-progress threats within seconds.  

In reality, that translates to increased threat detection accuracy and time savings – freeing you up to focus on what matters most: running your business. 

Bespoke solutions that build confidence 

According to Dan Fein, Director of Product at Darktrace, “Cyber-criminals will do whatever it takes. Daily, we see attackers impersonate CEOs or compromise vendors’ accounts to send out targeted, topical emails that look legitimate. Our security products align perfectly with Microsoft’s, allowing us to build even greater confidence among our mutual customers that their business, data and staff are protected.” 

What could that mean for your business? With Darktrace, you’ll be equipped to:  

• Detect and respond to cyber-attacks, including unknown and highly targeted attacks that evade traditional tools trained on historical attack data.   
• Stop phishing attacks with increasing accuracy, based on an understanding of “normal” user behaviour and communications.   
• Defend against threats across the entire digital enterprise – from cloud and email systems to networks, endpoints, and Operational Technology – with the same underlying AI technology.  
• Reduce triage and investigation time by automating tedious, repetitive tasks.   

Businesses are already seeing the benefits, with Darktrace customers reporting significant improvements in threat detection accuracy and time savings. One real estate enterprise reported a 95.83% reduction in time to identify potential threats. Another healthcare organisation reported a 90% reduction in triage time.  

Driving cognitive AI with Microsoft Security Copilot 

Helping to take cutting-edge cybersecurity to new levels, Darktrace is taking part in Microsoft’s Security Copilot Partner Private Preview.  

Security Copilot is Microsoft’s next-generation AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that’s informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals. 

Selected for their proven experience with Microsoft security technologies and their close relationship with Microsoft, Darktrace will give feedback on Security Copilot product development, helping to refine new scenarios and drive future product releases. 

Get added benefits of buying through the marketplace 

Trust, simplicity and efficiency all count for a lot. Buying from the Microsoft marketplace means all solutions are certified and optimised to run on Azure. You’re able to use private offers to get exactly what you need, including customised terms and conditions, negotiated pricing, prototypes for proof of concept, and tailor-made solutions. 

Better still, transact in a single, accessible place, reducing procurement complexity, saving time and simplifying billing. Apply eligible purchases to your organisation’s Azure cloud commitment by contributing 100% of the purchase off your Azure Marketplace invoice.  

All while enjoying the peace of mind that comes from buying and running solutions on a trusted cloud with industry-leading security.  

Start protecting the Darktrace way today  

See what Darktrace discovers in your environment. Visit the Microsoft marketplace to buy Darktrace/Email or DarktraceDetect now, or contact our team at ISVUK@Microsoft.com.  

Other blogs in this series

Blog 1: Driving your AI transformation with the Microsoft marketplace 

Blog 3: Optimising business operations through AI-powered solutions 

Blog 4: Deliver transformational employee experiences through AI-empowering solutions

About the author

James joined Microsoft 15 years ago and has held leadership positions across the Consumer, Enterprise, and the Partner teams at Microsoft. James is currently the ISV Ecosystem Lead and has a passion for people and technology coming together to drive customer success. James has been at the forefront of Cloud & Digital transformation for the last 10 years launching new business models and driving transformation through the Microsoft Partner ecosystem resulting in and contributing to exciting new revenue streams and significantly accelerated growth for Microsoft and Partners.

The post Safeguarding your business with AI-powered security solutions  appeared first on Microsoft Industry Blogs - United Kingdom.

Today, the pressures are different. The global workforce is shrinking as the population ages. Labour productivity is in the doldrums. And, with a more connected global population, security threats emerge and evolve faster than ever. While human ingenuity and expertise will always be needed to defend against these threats, 87% of leaders see AI as a market advantage.  

Whether you’re looking to improve agility and security in your SAP workloads, wanting to innovate without disrupting core business processes or looking for more control over your SAP migration, the cloud and AI offer a unique opportunity.

Here are five ways the Microsoft Cloud can help you harness the power of AI and extend your SAP capabilities. 

1. Create faster with AI-powered data insights

In a world of deadlines and labour-intensive tasks, innovation and creativity can suffer. By integrating Azure AI services to your SAP data, you can optimise your workflow and empower your employees to create ideas and content faster. Our AI-powered data platforms also help you complete time-consuming tasks with ease, offering instant and intelligent insights that propel your work forward. 

An example is the Microsoft Fabric platform. It delivers data analytics in a software-as-a-service model, with an open, lake-centric data architecture and deep integration with Microsoft 365. Its built-in AI Copilot helps you find out what you need to know using natural language. In addition, it’s built to work across clouds, so you can easily migrate elsewhere in the future. 

Part of the Microsoft Intelligent Data Platform is Power BI, relied on by the vast majority of Fortune 500 companies. With easy-to-use AI analysis capabilities and AI-powered data summarisation, it helps you find insights, make decisions and take appropriate action with ease.  

2. Improve collaboration and productivity

To get the most from your employees, they need to be freed from siloed technology, software and business processes. You can enhance employee productivity by integrating and giving access to SAP data in Microsoft 365. 

With Microsoft 365 Copilot, your AI assistant can help you keep work organised and your employees productive. It combines the power of large language models (LLMs) with your data in the Microsoft Graph – your calendar, emails, chats, documents, meetings, and more – and the Microsoft 365 apps to turn your words into the most powerful productivity tool on the planet. 

Copilot for Microsoft 365 works alongside your favourite day-to-day office apps. Just a few examples:

• You can be more creative in Microsoft Word, as Copilot writes, edits, summarises and creates alongside you. Rapidly find key information or get a head start by generating (and then re-generating) a full client brief.

• Copilot helps put all the rich capabilities of Microsoft Excel at your fingertips. It will review and edit data with simple prompts, make sheet-wide updates in seconds, and visualise key insights from large data-sets. 

• In Microsoft PowerPoint, you can now quickly summarise an entire presentation deck, or organise your deck into sections. Copilot also makes it easy to transform existing written documents into full decks, complete with speaker notes and sources – all with a few simple, spoken prompts. 

• With Microsoft Outlook and Teams, Copilot lightens the load and provides the gift of clarity. Summarising long email or message threads (with bullet points and all), pulling out different opinions expressed in meetings, and quickly drafting suggested replies and action items, all in real time. So you can unlock the magic of efficient and effective meetings. ​ 

Combining Microsoft Generative AI with SAP’s SuccessFactors and Joule enables new experiences for HR leaders, recruiters, hiring managers and employees. They can now create tailored job descriptions based on SAP SuccessFactors data and external data. Or rapidly generate interview questions based on an applicant’s CV. Using Microsoft Viva Copilot, employees will be able to curate their own learning paths. 

3. Simplify with automation and innovation

When great ideas or highly productive employees are held back by repetitive or labour-intensive business processes, it can stifle progress and creativity. Simplify your business process with AI-powered development and automation, using your SAP data. 

For over a decade, we’ve been progressively unifying the Microsoft Power Platform into a unique, fully integrated and cloud-powered suite. With solutions such as Power Apps, Power Automate, Power Virtual Agents and AI Builder, we’ve reinvented how all makers develop software, further democratising access to innovative business solutions.

Today, all employees have access to the tools they need to create applications, solve problems, automate workflows and analyse data more effectively. With Copilot working as your AI assistant in Power Apps, the development process is more accessible and less repetitive, so your development cycles don’t get slowed down.

Just describe your goal verbally, and Power Apps will use integrated AI to generate code, and even build complete apps. Check out the latest AI and other advances built into Power Apps.

You can also auto-generate working apps and data within seconds from images and design files. Save time, build more complex solutions, and reimagine business applications. Empower anyone across the business to create apps quickly and easily. 

4. Improve developer productivity with Copilot

Working faster and smarter can be crucial when it comes to business competitiveness and innovation. One of the most exciting new capabilities we’ve recently launched with GitHub is a new service we call GitHub Copilot. It can empower developers to save time and energy with AI-generated code, and helps easily integrate AI capabilities into SAP ABAP applications. 

GitHub Copilot provides an AI-pair programmer that works with all of the popular programming languages. This dramatically accelerates developer productivity. Up to 46% of all new code written by developers using Copilot is now fully AI-generated, with developers reporting a 55% productivity boost by using Copilot. 60% to 75% of developers who use GitHub Copilot also say it helps them focus on more satisfying work and enjoy their jobs more. 

5. Stay ahead with AI-powered security

Keeping protected against cyberthreats in today’s security landscape means being able to respond quickly and effectively. With Microsoft Security Copilot, you can do just that. 

Security Copilot combines the most advanced GPT4 model from OpenAI with a Microsoft-developed, security-specific model. It’s powered by Microsoft Security’s unique expertise and scale, sifting through 65 trillion signals daily. So whether you need to detect hidden patterns, harden defences or respond to incidents in your SAP systems, it’ll help you do it better and faster. 

As the first and only generative AI security product to help defend organisations at machine speed and scale, Security Copilot helps you be more effective and efficient while also supporting your teams to solve security challenges. It runs on our security and privacy-compliant hyperscale infrastructure, which is unique to Microsoft and brings the full benefit of being on the Azure cloud platform. And over time, it will work with a growing ecosystem of products from third-party vendors. 

With this comprehensive approach, and all your security capabilities in one place, you’ll benefit from unparalleled simplicity, visibility, automation, and intelligence.  

Extend SAP and innovate on Microsoft Cloud

Redefine what’s possible by integrating AI and Microsoft into your SAP data. It can help empower your employees, accelerate savings in your business, optimise your workload and enhance your productivity.  

To learn how AI can benefit your organisation and how we’ll support you through the change, please contact the authors, Sean Pilkington and Tom Payne, or your Microsoft representatives. 

Find out more

Microsoft Discovery Day: SAP on the Microsoft Cloud

Maximize SAP Investments by Migrating to the Microsoft Cloud: On-demand webinar

Innovate on Your SAP Data with Power Platform Integration: On-demand webinar

About the authors

Sean Pilkington

As the SAP on Azure UK Lead at Microsoft, Sean draws on over 20 years of experience in SAP design and solutioning to help clients visualise how their SAP solutions can be deployed into the Azure cloud. He thrives on demonstrating innovative technology that seamlessly blends with SAP to give customers the best experience, while enabling their business to drive down costs, increase ROI on technology and accelerate their digital transformation.

Tom Payne

As the SAP on Azure Sales Lead at Microsoft, Tom brings a wealth of experience to empowering SAP customers as they embrace cloud transformation with Microsoft Azure. He is adept at simplifying complex technology applications while optimising the customer journey.

The post Embrace the art of the possible: 5 ways Microsoft AI can enhance your SAP workload  appeared first on Microsoft Industry Blogs - United Kingdom.

The use of automated detection and response systems can help tip the scale in favour of defenders by using risk-based algorithms and anomalous activity detection to flag events that require human expertise to investigate further. This helps security analysts detect patterns and behaviours that are not obvious to the human eye, with more precision and speed than human defenders alone.

The background to “cognitive cyber”

As advances in dynamic and adaptive cyber defence systems become reality, what do organisations need to do to become ready for cognitive cyber, and what exactly is it?

Cognition refers to the mental processes involved in gaining knowledge and comprehension. Cognitive cyber attempts to simulate that process with the application of self-learning algorithms, natural language processing, and big-data mining techniques as applied to the cybersecurity domain. It uses cognitive system overlays to traditional artificial intelligence (AI)/machine learning (ML) models to achieve something greater than the sum of the parts. 

To recap:

• Classic/traditional AI and ML​ detects and classifies, and can work on vast amounts of data for use in real-time applications and automation of capabilities. ​Traditional AI is strong when it comes to looking at a large field of data and finding patterns or continuations (like making recommendations).
• Generative AI (GAI), often powered by generative pre-trained transformers (GPT), effectively understands and creates content. It works on relatively small chunks of data – text, images, sounds, videos. Large language models (LLMs) are a kind of GAI that work on text.​ LLMs are good at understanding language, summarising, and translating concepts, for example from language to code or vice-versa. ​

Clearly, linking these models makes for a much more powerful narrative. And, by using the compute power, scalability, and richness of the cloud, we can build entire systems of intelligence that can reason over vast amounts of information – structured and unstructured.​

Our name for this intelligence-based cognitive capability? Microsoft Copilots. These are experiences that use generative AI to help humans with complex cognitive tasks.

Introducing Microsoft Security Copilot

Built specifically to augment human security expertise, Microsoft Security Copilot is a combination of the most advanced GPT4 model from OpenAI, with a Microsoft expert-driven, security-specific LLM model.

Most LLMs are trained on corpuses of written human language. Security Copilot is trained on security logs, attack telemetry and threat intelligence, the outcome of which is the first AI/ML model trained specifically for security.

But the capability is much more than just the large language model. Built into the product are specific cyber skills and promptbooks informed by our global threat intelligence, which runs on Azure’s hyperscale infrastructure. This means that the models inherit Microsoft’s comprehensive approach to security, compliance, and privacy. When it comes to the data Copilot is reasoning across, your data remains your data.

Security Copilot democratises defender skills by allowing natural language for querying rather than having to learn complex querying languages like Kusto Query Language (KQL). This lowers the barrier to entry for new analysts, which helps address the cybersecurity skills shortage. We’ve launched an Early Access program for qualified candidates to explore the capabilities of Security Copilot. Reach out to your sales representative to get more details.

Use cases for Microsoft Security Copilot

Human ingenuity and expertise will always be an irreplaceable component of defence, so we need technology that can augment these unique capabilities to improve the analyst experience all-up. For this reason, initially we are focusing on security operations centre (SOC) use cases.

The three primary use cases are security posture management, incident response, and security reporting.​

• Security posture management: Security Copilot delivers information on anything that might expose an organisation to a known threat. It then gives prescriptive guidance on how to protect against those potential vulnerabilities.​ A query such as: ‘How can I improve my security posture?’ will return evidence-based recommendations.

• Incident response: Security Copilot can quickly surface an incident, enrich it with context from other data sources, assess its scale and impact, and provide information on what the source might be. Again, it will support the analyst through the response and remediation steps with guided recommendations.

• Security reporting: Security Copilot can deliver customisable reports that are ready to share and easy to consume to keep managers and other stakeholders in the loop. What this means tactically is you can ask Security Copilot in natural language: ‘Summarise this incident in a single PowerPoint slide’, and it will do just that.

Preparing for cognitive cyber defence: 3 steps

In the future, our vision with Security Copilot is to support use cases across security, identity, management, compliance and more, leveraging skillsets across Microsoft and third-party products. In the meantime, and whilst Security Copilot is not yet publicly available, there are things organisations can do to prepare for these cognitive cyber defence capabilities:

Step 1: Secure your identities, especially privileged identities, and SOC members. Attackers will frequently target these individuals to gain access to critical information and systems to elevate the impact of a successful compromise.

Step 2: The age of AI is also referred to as the age of platforms. Integrating your security signals into an observability platform brings huge security gains in terms of visibility and automation. 

Step 3: Initially, Security Copilot is integrated with Microsoft Defender for Endpoint, and for an even better experience, deploy Microsoft Sentinel and Intune. Going forward, Security Copilot will integrate with third-party products.  

Finally, prepare for the risks. As with any new technology, there are both risks and rewards. To help organisations navigate the risk/reward balance, we’ve released guidance, frameworks, and tooling. 

More information, including links to the risk assessment framework, the Counterfit tool and the Adversarial Threat Matrix (MITRE ATLAS) can be found in our Security blog post Best practices for AI security risk management. 

For information on our commitment to build trustworthy and responsible AI, please read Responsible and trusted AI and Building AI responsibly from research to practice.

Cognitive and AIML technologies are here to stay. While they have the power to bring immense potential for improving our defenders’ experience, securing our organisations, and protecting society, we must also be mindful of potential vulnerabilities on an equally large scale and defend against that risk.

Find out more

Introducing Microsoft Security Copilot

Microsoft Security Copilot Early Access Program

News Center: Microsoft brings the power of AI to cyberdefense

Microsoft Security Copilot: Empowering defenders at the speed of AI

About the author

Previously lead investigator for Microsoft’s detection and response team (DART), Lesley Kipling has spent more than 17 years responding to our customers’ largest and most impactful cybersecurity incidents. As Chief Cybersecurity Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning. She holds a Master of Science in Forensic Computing from Cranfield University in the United Kingdom.

The post Cyber defence in the age of AI appeared first on Microsoft Industry Blogs - United Kingdom.

The partnership, which will see us supply a variety of digital solutions to NHS organisations all over the country, is the latest step in a trusted relationship that has already spanned several decades. It will also be key to accelerating the ongoing digital transformation of the health service, one of the world’s greatest and most-loved public institutions.

Personally speaking, it is something of which I am extremely proud. Microsoft’s work with the NHS is genuinely helping to improve people’s lives. Since the start of the pandemic, for example, the roll out of Microsoft Teams across the organisation saved NHS employees around 17 million hours of productive time, allowing them to concentrate on dealing with the extraordinary levels of demand for healthcare instead.

Today’s partnership announcement could not be more timely. As we celebrate the NHS’s 75^th anniversary, it faces some of the greatest challenges in its history: record waiting lists; soaring inflation; an aging population; and chronic staff shortages. Microsoft’s digital technologies can – and must – contribute to easing these pressures by increasing productivity, supporting collaboration and mitigating security threats.

A lighter load

In short, we must help equip the NHS to thrive in a digital-first world, enabling it to deliver high quality services to patients more quickly, efficiently and equitably.

Using the Microsoft cloud to automate processes is a great place to start as the more we can do to lighten healthcare professionals’ administrative load and alleviate the pressures on their time, the more they can focus on doing what they do best: caring for patients.

As well as freeing up staff from repetitive tasks and unnecessary meetings, automation can also help streamline the process of onboarding for new clinicians, while cloud technologies reduce the need for capital investment in on-premises infrastructure, generating further savings for the NHS that can be redirected to patient care.

Collaboration empowered

The impact on patients’ experiences should be equally transformative. Whether it’s at their GP surgery, on the wards or in a specialist hospital, people want and expect their interactions with the NHS to be joined-up.

Microsoft’s digital technologies can help make that happen, giving staff from across different NHS departments and geographical locations the power to connect and collaborate on the delivery of truly integrated care services.

Imagine nurses overseeing bed and capacity management, for example. By using Teams, they can build a 360-degree view of patient requirements, share operational documents instantly and communicate any changes and updates with each other at speed.

A securer future

Microsoft technologies can also help solve another of the health service’s most pressing concerns: cybersecurity. The volume of data and personal information held by the NHS is greater than ever and the positive side of this is that it enables better, more connected treatment for patients.

However, it is also intensifies the security risk, especially with criminals becoming ever more sophisticated and frequent in their attacks. The financial, operational and societal costs of an NHS cyber breach could undoubtedly be significant and damaging.

In 2021, Microsoft committed to investing $20 billion in security over the next five years to continue protecting our customers around the world. Today’s agreement will enable Microsoft to continue to work with NHS England and Local NHS Organisations, developing the required access to a comprehensive suite of security solutions to protect their people, data and assets. These include threat protection, data governance and compliance solutions that will continue to bolster the health service’s cyber resilience going forward.

Proud history, ambitious future

Microsoft’s mission is to empower every person and every organisation on the planet to achieve more. And nowhere is this more important than in the world of healthcare. One of our company’s most important achievements was the assistance we gave to the NHS during the pandemic, ensuring GP practices, NHS organisations and national bodies could keep their systems running and their people working together at a time of unprecedented national need.

We have also worked closely with NHS IT staff to accelerate the digital transformation of its systems faster than was ever believed possible and continue to support the much-needed shift towards the remote delivery of key elements of the patient journey. Read more about the different elements of our longstanding NHS partnership.

Yet while we are proud of those achievements so far, what really matters is what’s next. The health service once again finds itself facing widespread transformation and reform alongside the ever-present challenge of improving outcomes while limiting costs. Now more than ever, we must look to technology as a way to maximise the time NHS staff have for care and to, ultimately, deliver better experiences for patients. On the path to a digital future, Microsoft is committed to helping the NHS every step of the way.

Find out more

Maximising time to care: accelerating NHS digital achievements, at scale

NHS makes data more discoverable using Azure Cognitive Search to save clinicians’ time

vCreate & Microsoft Azure connects patients with their families and clinical teams

About the author

Jacob leads Microsoft’s UK local government, healthcare and life sciences business.

A former adviser to two UK Prime Ministers, Jacob has worked in healthcare locally, nationally and internationally, in the NHS and overseas.

Jacob was the Harkness Fellow at the Harvard School of Public Health and is a Visiting Senior Research Fellow at King’s College London’s Public Policy Institute.

The post Maximising the time for care in the NHS appeared first on Microsoft Industry Blogs - United Kingdom.

Sophisticated cyberattacks are on the rise

According to the Microsoft Digital Defense Report 2022, over 100 million attacks against remote management devices were observed in May 2022, up 500 percent on the past year. Human-operated ransomware remains the most prevalent cybercrime, however. One-third of targets are successfully compromised by criminals using these attacks, and 5 percent of them are ransomed.

Old perimeter-guarding strategies are no match for these increasingly sophisticated threats. An organisation needs to embrace a modern, data-driven and people-centred approach to managing security risk. This can help to identify and tackle existing threats more effectively while learning to anticipate new ones.

What is a security culture?

An organisation’s security culture is built on shared values, attitudes and ways of acting. It’s therefore hard to change, and it takes time. Creating a culture of security needs colleagues to understand the potential costs of a security lapse. They must also understand how bad actors tend to operate, and why existing security strategies are no longer adequate.

In the current climate, digital communications and cloud data management provide multiple ways to access organisations that previously didn’t exist. Once inside your network, cybercriminals can move laterally, seeking out value.

Zero Trust relies on strong identity verification

Adopting strong identity verification is key to Microsoft’s Zero Trust approach. Real-time data provides information on the user, the device, and the location – which is crucial in a hybrid world of work. Connecting both cloud and legacy systems to a single identity solution provides end-to-end visibility of an organisation’s digital presence. This helps to protect against internal threats that old-fashioned firewalls would miss. Where there is doubt, a Zero Trust approach applies conditional access. Where there is risk, it is assumed a breach.

A security strategy that enhances overall performance

Adopting a Zero Trust approach brings immediate improvements to an existing security posture, and builds a path that continuously improves risk management. It simplifies security processes to enhance customer experience, and potentially lowers costs by eliminating the need for external security providers.

Adopting a best-in-class security strategy can also make an organisation more forward-focused and risk-responsive in general. Nurturing a security culture brings long term benefits to a company as a brand and to its overall effectiveness in the marketplace. Security is not just a cost; it drives trust and therefore adds value.

Security culture starts small and collaboratively

When implementing a new security protocol, take a step-by-step approach beginning with a small, controlled group and a security risk that qualifies as low-hanging fruit. Once new protocols have been validated, and teams have given feedback, it can be expanded to another part of the business, such as identities, infrastructure, devices, data, networks or apps.

As for implementing organisation-wide security culture change, this will benefit from full and visible support from your senior leadership team. Aim to implement your new strategy collaboratively, and through a phased programme of activities. Taking a creative approach to security skilling and education helps stimulate staff engagement. Microsoft for example produces a successful video series that follows the security-themed adventures of its protagonist, Nelson, which gets promoted internally.

Understand and work with colleagues who may express resistance to change. While moving to new day-to-day practices – for example, new ways of working with different classes of data – openness and empathy will be crucial in empowering all teams to own, understand and learn from their inevitable mistakes.

Data-driven monitoring spots emerging risks

In time, your security strategy can become more sophisticated. AI can be deployed to detect abnormal behaviour and protect your organisation’s most sensitive information from accidental exfiltration as well as bad actors. Microsoft Azure, Azure Sentinel and Microsoft 365 apps can document your compliance with regulations, monitor access, and apply data analytics to predict where the next security risk might emerge.  Data metrics can guide security strategy on the principle of maximising costs to the attacker and prioritising your most valuable data. Many of Microsoft’s UK customers and partners have benefited from this security-first approach.

LGL money managers find security on the cloud

LGL Group are a financial services company who were frustrated by the cost and complexity of enterprise-grade cybersecurity. Microsoft worked collaboratively with LGL to design a roadmap that modernised their security controls, enhanced their security posture and reduced their reliance on third-party application subscriptions, driving down costs. By migrating to the latest Microsoft 365 and Azure security stack, LGL also benefited from a more streamlined and simplified hybrid security system.

Meanwhile Microsoft continues to work with schools and colleges to close the cybersecurity skills gap, with targeted investments here in the UK. Salford City Council leveraged the skills and resources of the Microsoft Enterprise Skills Initiative to develop a cyber strategy and a security operations centre using Microsoft Sentinel. It now aims to share its best-in-class skills with other public sector organisations to proactively monitor, detect and respond across Greater Manchester.

Zero Trust is a journey

Zero Trust is a journey, not a destination. Visit the security hub at Microsoft Business Security Solutions and discover how Microsoft can help you implement an identity environment with cloud identity federation, strong authentication and conditional access at its core.

Find out more

Microsoft security blogs

Strong identity management provides Zero Trust security

Microsoft Sentinel strengthens Salford Council’s cybersecurity

The post What is a ‘security culture’? Best practices for implementing your security strategy appeared first on Microsoft Industry Blogs - United Kingdom.

In the current economic environment, banks and other financial services firms recognise the need to embrace digital transformation to get maximum value from their technology investments and do more with less. Leveraging technology also helps businesses to navigate emerging risks while driving sustainable and responsible business outcomes internally and with their customers. But how are they approaching these challenges? Last week I attended Sibos 2022 in Amsterdam, where business leaders, policy makers and technologists came together for deep dive debates and big picture outlooks on the future of the corporate banking market, including lending, trade and treasury solutions, and the related capital markets instruments. The energy and excitement on the pace of innovation was clear and I saw many themes that resonate with where we aim to lead the market in our Microsoft UK Financial Services business.  

Geopolitical tensions, the economic environment, evolving cyber threats, the race to Net Zero, the competitive landscape and ongoing reimagination of business models, modernising policy and regulation, and the continuous innovation of what is possible with people, process and digital technology are driving rapid change in the industry. When managed correctly, this change can unlock new opportunity. 

The industry is leading in many areas of technology, product and operating-model innovation, but a responsible business purpose and sustainable societal outcomes are now firmly embedded as objectives that banks are expected to deliver. “We should not seek innovation for innovation’s sake,” noted HM Queen Máxima of the Netherlands in the opening plenary. “With each new technology, we must always ask ‘What problems are we trying to solve?’” At the same time, we need to ensure any innovation is done securely and collaboratively while being additive to interoperability of data and platforms. The IMF predicts technological fragmentation can cut a country’s GDP by five percent; the benefit of collaborative industry approaches and ecosystem business models is clear. 

Through all the customer, partner, and colleague conversations at Sibos 2022, and while contributing and learning as much as we could about new ideas and technologies, the Microsoft UK Financial Services team took away four main action points: 

1.      Transform securely  

One of the key things that was highlighted by industry leaders was the importance of getting cyber security basics right to enable secure transformation. “The human firewall is the first line of defence,” said Nicolas Trimbour, Head of Fraud Prevention and Chief Data Officer for Cash Management at BNP Paribas. It’s important to educate employees and customers to recognise phishing, scams and ransomware attempts especially while the attach surface grows with increased digitisation and growing ecosystem business models. 

AI/ML solutions can work at high performance across large amounts of data to spot fraud or suspicious activity in transactions and endpoints. An industry-specific cloud solution that uses a completely private data model, while offering full data portability can help organisations as they shift from on-premise to hybrid or cloud-native architectures. At the same time, organisations can benefit from built-in security and compliance offerings that infuse healthy cyber hygiene. 

Our security experts have pulled together resources, training and more to help your teams empower and educate your employees and customers to be cyber aware. This is the right time to focus on this with October being Cyber Security Month. Check out our Cyber Security Awareness Month resources. 

2.      Build a talent and collaboration model that supports your digital ambitions   

Banks need access to the right engineering and digital skills at scale to drive industry digitisation and innovation. This is not just about attracting the talent, but re-skilling and up-skilling current resources and creating an empathetic, flexible culture. I’ve often heard it said that the number one headwind on many banks’ ability to execute on their digital transformation strategies is access to the right talent and skills. “We need to make sure we invest in our people and support them in their growth,” says Erika Irish Brown, Chief Diversity, Equity and Inclusion Officer and Global Head of Talent at Citi.  

At Microsoft, we’re helping financial services institutions give their employees the digital skills they need. Whether that’s showing how decentralised teams can work collaboratively while working remotely, using tools to securely automate processes and workflows, or empowering pro dev, citizen dev and fusion dev teams to develop new apps, processes and reporting to make their work simpler in their domains. With 53 percent of employees more likely to prioritise health and wellbeing over work, leaders must take an empathetic approach to building a hybrid workplace. A culture that embraces flexibility and prioritises wellbeing will build a thriving organisation and drive long-term sustainable growth. This webinar with my colleague Craig Wellman goes into the importance of planning, leadership and culture in transforming financial services. 

3.      Align your ESG objectives to your business value 

The banking industry has a societal obligation to direct funding, capital, investment and lending to businesses in the real economy that will move the needle positively on ESG measures and on carbon reduction. And not only do customers, stakeholders, investors, regulators and governments expect it, but it’s also good for business. “$97 trillion needs to be invested to get to net zero. That’s a massive opportunity. It’s the most strategic and important thing we can do as an industry,” says Marisa Drew, CSO at Standard Chartered. 

The best way to start building effective ESG strategies is to tie it into your business value. Some institutions are already including their sustainability results in their financial statements. However, the industry faces challenges. A lack of global standard around climate reporting, mixed with slow manual processes and siloed data can affect how quickly you can build an effective strategy. “We don’t have perfect data, but we have actionable data,” says Gill Lofts, Global Financial Services Sustainable Finance Leader at EY. 

A unified and resilient cloud infrastructure like Microsoft Cloud for Sustainability can help you gain visibility across your data, drive efficiency, track and minimise your environmental impact and create sustainable value chains. We also need to drive more cross-industry collaboration.

“This is a planet-scale problem that needs planet-scale innovation and collaboration,” says Bill Borden, Corporate Vice President of Worldwide Financial Services at Microsoft.

When we made our sustainability commitment in 2020, we also decided to share our learnings, results and practices, and increase our focus on supporting our customers drive their own ESG agendas. 

4.      Lead on innovation that can open new sources of value  

Recent innovations are increasingly moving from POC to production adoption across digital assets such as Central Bank Digital Currencies (CBDCs), Non-Fungible Tokens (NFTs), Artificial Intelligence (AI) and Distributed Ledger Technology (DLT). 

While AI has been leveraged in organisations for a long time to reduce risk and streamline operations, organisations need to take a novel approach to AI to create new avenues of growth. “People don’t think of AI as a way to get to a new digital business,” says Sameena Shah Managing Director, AI Research Executive, and Chief Transformation Officer for Client Onboarding at JP Morgan Chase. “You need to bring people with a business mindset together with people with AI knowledge.” These groups, known as fusion teams, can help organisations deploy solutions up to two and a half times faster than siloed teams. 

“Cash as a form of payment has been declining, but cash in circulation is growing. We have also seen over the past 10 years the rise of digital assets, including cryptocurrencies and CBDCs,” says Marion Laboure, Senior Economist at Deutsche Bank. 

One thing digitisation can do is help with financial inclusion. The 1.7 billion people who don’t have access to financial services can potentially use CBDC to start using financial services without a bank account. 

NFTs are currently used to tie ownership to a digital asset. However, as they evolve, it could allow the construction of the end asset to be more sophisticated. “That’s when it becomes more interesting to us in Finance. We can look at a new type of securitised asset, a new type of yield profile that may or may not be totally uncorrelated with traditional markets and assets,” said John Egan, CEO of L’Atelier at BNP Paribas. In fact, the US Securities and Exchange Commission are already looking into NFTs as a security. With no intermediaries, Decentralised Finance (DeFi) is less complex and more agile than the traditional central counterparty model. However, it is probably riskier. Experts suggest a hybrid model for DeFi, with the right regulatory guiderails to manage AML, fraud, conduct risk, and cybercrime. 

“Web3 and blockchain technologies are unique because they create a different, efficient way of executing processes. They can be best served to decrease complexity, increase security and transparency,” says Willayna Banner, Microsoft’s Head of Web3/Blockchain in Financial Services. Learn how organisations are using blockchain to transform functions such as trade finance and commercial specialty insurance. 

Collaborating for industry growth and responsible innovation 

As we shared these thoughts and ideas on the future of banking at Sibos 2022, a recurring theme was industry collaboration across the widest perimeter of stakeholders. To drive growth while being resilient, secure and compliant in our changing industry, our key priorities must be removing friction, increasing interoperability and improving the service experience for our customers, empowering our teams, and driving inclusive, sustainable innovation. 

Find out more 

Microsoft Cloud for Financial Services 

Microsoft Dynamics Customer Service Webinar for Financial Services: The changing role of the Digital Contact Centre

Rethinking the Customer Experience | Microsoft

About the author 

Niall is responsible for defining and leading Microsoft’s strategy for Financial Services in the UK. His focus is on helping Microsoft’s customers’ address industry-wide challenges, adapt to new regulatory frameworks and achieve business transformation through the adoption of Microsoft technology and partner solutions. He works to deliver on the cost, growth, risk and regulatory agenda front-to-back through the enterprise. 

Niall has experience in consulting, partner ecosystems, and large programme delivery in Financial Services. Niall has focused on operating model transformation and technology solutions for business challenges in Banking and Capital Markets, often in the regulatory change context. He has worked mostly with international banking groups and has lived in Hong Kong and London. 

The post The future of banking: How to stay innovative, collaborative and secure appeared first on Microsoft Industry Blogs - United Kingdom.

But a topic that seems to be top of mind in every meeting I’m in at the moment is supply chain risk. In particular, how we can balance it against the risks that come from concentration.

So, what do we mean by concentration risk? And where should organisations stand on the axis between that and the risks that come with multiple-vendor supply chains?

In this article, I want to unpack the debate with particular regard to FSI organisations, and offer some ideas for how CISOs can move forward securely and with confidence.

The risks of a multiple-vendor approach to security

Many of the customers I speak to face a dilemma: stitch together multiple security vendors from the top right of the Gartner Magic Quadrant, or go with a best-of-suite approach with a smaller number of vendors?

Both approaches have their benefits and drawbacks. Historically, the Magic Quadrant approach has been the most prevalent, because customers have felt that buying all the best-in-class products and services will give them the best level of security.

It’s an approach that’s been followed by lots of CISOs for years also because it’s been easy to justify to the board. But it’s one that comes with a number of risks.

Integrating multiple security vendors has always been a challenge for organisations. It’s complex and costly, and it can be difficult to keep the skills within the organisations to maintain it. But while these challenges have been known to organisations for some time, what’s become apparent more recently is the security risk a supply chain poses to an organisation.

Put simply, the more vendors you have in your environment, the higher your risk. This really came to light following the SolarWinds incident. One of SolarWinds’ products was compromised and it had an impact on a large number of SolarWinds’ partners. The hackers used the vulnerability in the SolarWinds software as a way to gain access to their customers environments.

And these types of attacks are growing. In fact, 45 percent of organisations worldwide will have experienced attacks on their software supply chains by the end of 2025, according to Gartner, a three-fold increase from 2021.

It’s something organisations are acutely aware of and was the focus of the City of London Innovation Challenge, which I presented at a few weeks ago. The event brought together FSI organisations such as Nationwide and Hiscox alongside tech companies to try and tackle the challenge of supply chain risk.

Managing supply chain risk

Companies try to stay on top of their supply chain risk by thoroughly auditing their suppliers. The challenge with this is that the answers the organisation gets back are only as good as the questions they ask. What’s more, the data from those audits quickly becomes out-of-date, because an audit isn’t a continuous process.

Some of the questions that organisations need to ask are:

• Does my risk of a breach increase as I increase the number of suppliers in my environment?
• Do I trust that my suppliers are dedicating the right level of investment and resources to their own security standards?
• How do I validate this on an ongoing basis?

Digital supply chain risks demand new mitigation approaches. Things like more deliberate risk-based vendor/partner segmentation and scoring, requests for evidence of security controls and secure best practices, and a shift to resilience-based thinking and efforts to get ahead of forthcoming regulations.

But another approach to reducing supply chain risk is to reduce the number of vendors you work with. However, this presents another type of perceived threat: concentration risk.

Balancing concentration risk for FSI organisations

The basic concept of concentration risk is simple: if you have too much of your environment that’s dependent on one vendor and something happens to that vendor, it can take down your whole environment.

Companies have typically addressed this by spreading their risk across multiple vendors, which means if something happens to one then they still have the majority of their environment running.

In the financial services industry, companies’ aversion to concentration risk is exacerbated by regulators who require you to have an exit plan in place to mitigate the impact if one of your systems is compromised; you need to be able to keep your services running. A lot of organisations see that as a reason to have multiple deployments. Because if something goes wrong with one, they have an exit strategy by moving things from one place to another.

This is really where the dilemma comes from for financial services organisations. How to balance the regulatory need to have an exit strategy if something goes wrong with the growing prevalence of supply chain attacks?

You might think that, as a Microsoft security professional, I would be advocating to move everything to our security infrastructure. But that’s not what I’m advocating for. In fact, I think it’s impossible to go all in on Microsoft from a security perspective, because we don’t play in every area of security.

What I believe is that you need to keep your supply chain at a level where it’s manageable from a supply chain risk perspective, manageable from a skills perspective, and also from a cost perspective.

You don’t need to put all your eggs into one basket, but try not to have so many baskets that it becomes a challenge in itself to carry them all.

The post How FSI organisations should balance supply chain and concentration risk appeared first on Microsoft Industry Blogs - United Kingdom.

At Microsoft, cybersecurity is one of our highest priorities. This goes back to Bill Gates’ Trustworthy Computing Initiative almost 20 years ago. It’s steered the company’s direction ever since. In the UK, security is at the heart of all we do. We recently expanded our security teams, doubled our investment in partners and created a new Security business group to further help our customers protect themselves against cyberthreats.   

It’s never been a better time to build cyber safety. Here’s some tips to build your security strategy:

Understand your security posture to build cyber safety

To understand where you are in your journey, it’s important to understand your organisation’s security posture – Microsoft Secure Score can help you find your next steps and priorities.

We also want to help you ensure your employees have the security skills to support your goals. That’s why we have a range of resources to help everyone build confidence:

• Get employee training
• Join a cybersecurity workshop
• Take a cybersecurity learning path

And what are we doing to help? Over the next five years, Microsoft has quadrupled its investment and has committed to a $20bn investment to help our customers become secure and trusted, enabling growth and innovation.

Find out more

3 ways Microsoft helps build cyber safety awareness for all

4 ways to build cyber resilience

About the author

Paul leads the Security, Compliance and Identity business for Microsoft UK and is passionate about helping organisations protect themselves from cyberthreats. The risk of financial loss, data exposure and reputational damage has never been higher. Paul and his team are dedicated to the role that Microsoft technologies can play in helping organisations protect themselves, their people and their data.  

The post 4 ways to build cyber safety in your organisation appeared first on Microsoft Industry Blogs - United Kingdom.