Multi-factor authentication adds another layer of protection to the sign-in process. After all, if you only use a password to authenticate users, it leaves an insecure vector for attack. What if the password was weak? Or if it was exposed elsewhere? Are you sure that person signing in is really the user? When you require a second form of authentication that isn’t easy to obtain, you are building another layer of security.

Therefore, ensuring you use the right type of MFA service is of critical importance. Different MFA solutions can have a dramatic impact on cost, user experience and your resilience to service outages and attacks. In this post we’re going to look at some of these factors and make some recommendations to ensure your MFA solution enables your organisation, and your people, to be productive safely.

1.      Optimise security processes to bring down costs

A vulnerable entry point for cyber attackers is to use credential-based attacks to access networks and steal data or spread ransomware. However, multi-factor authentication stops 99.9 percent of credential-based attacks. That’s why MFA really is one of the most fundamental security measures. At Microsoft, we deploy MFA to protect our customers, our data, systems, and our business. Azure AD MFA is used across our consumer platforms like Outlook.com and Xbox, as well as thousands of other online services. In fact, its foundational to our five steps to secure your identity infrastructure.

Online retailer Asos uses Azure AD (including MFA) to protect identity as the new perimeter. By automating, provisioning and deprovisioning user accounts across its SaaS landscape, they have reduced costs and errors, all while improving productivity.

“Our service desk spends much less time setting up users and creating or deleting accounts, which gets our costs down,” says Mark Lewis, Infrastructure Architect at ASOS. “We made our lives easier by adopting Azure Active Directory—we’ve saved time and money, improved the employee experience, and enhanced the security of our entire SaaS ecosystem.”

Where cost may be a blocking factor, in Azure AD the options to use SMS and phone-based MFA are free. In the case where certain users might be specifically targeted, you can selectively upgrade people to P1 or P2 licensing models and nudge people towards using the Microsoft Authenticator app with a one-time-password or notification-based MFA.

These days, it’s easy to enable MFA for all with one click. However, you don’t have to take a single, big-bang approach. You can onboard users into MFA in batches that are digestible by your service desk. Typically, 10 percent of any given batch will need support, so the ability to onboard in batches has a dramatic impact on the cost of deploying MFA. For employees, using multi-factor authentication when paired with single sign-on can increase productivity as they can access everything they need without re-entering passwords.

And if there is still resistance, this is one of those measures which business leaders should by now expect. We’ve seen the reports of the cost and reputational damages that security breaches can have on organisations. Leaders should be challenging IT to ensure the safety of their customers, employees, systems and data. And MFA is one of the critical elements to delivering that.

2.      Balance security and productivity with multi-factor authentication

Pre-cloud, security was ring-fenced around the data centre and the physical office, with the network perimeter as the main defence. Often, these featured early methods of MFA – such as one-time passcode fobs or smart cards. However, on-premise environments can be open to attack through misconfigured web and VPN services, lack of patching, as well as credential hygiene issues.

As organisations move to hybrid cloud-based environments, they can take advantage of existing Zero Trust capabilities with the knowledge that we will be investing a further $20 billion in our security solutions over the next five years to help defend against ransomware and other threats. With MFA in Azure AD you are consolidating your identity services into a strong and highly trusted environment. You’re not only increasing your resilience to ransomware and supply chain attacks, but also other outages that can occur on-premises.

For Durham University, they used MFA and Azure AD to ensure their staff and students could keep learning remotely. They use single sign-on to access everything they need whilst keeping their intellectual property secure. “By migrating to Azure AD, we’ve moved the responsibility of high availability to Microsoft, who, let’s face it, are scaled to do a better job than we could. Our services are much more resilient.” Says Craig Churchward, Technical Specialist for Windows Platform.

You can also maximise your ability to take advantage of new features as they are delivered, without any concerns for integration and support across vendors. Additionally, older platforms often involve backend server infrastructure, physical tokens and the man-hours needed to issue, replace and troubleshoot those tokens. With Azure AD MFA, users no longer need physical tokens. Additionally, there’s no server infrastructure to maintain. Your IT and security teams can focus on high-value tasks.

3.      Multi-factor authentication empowers secure hybrid working

A core tenant of Zero Trust is to never trust – always verify. Regardless of where the request originates or what resource it accesses, it is always fully authenticated, authorised, and encrypted before granting access. This helps build secure hybrid working. It makes it easier for employees to connect from anywhere, on different devices while protecting organisational data.

MFA and Conditional Access are key to Rabobank’s mobility strategy. “We require multi-factor authentication for mobile access today and have Conditional Access policies set up to require new device enrollments to happen on the corporate network. Most importantly, people can enroll and get access quickly—which is good, because we didn’t want to create this digital workplace and slow people down with security,” says Abe Boersma, Global Head of Workplace Services.

Identity is now recognised as one of the core services we use to secure the enterprise. Your identity stack, including your MFA service, is a key component of Microsoft’s security control plane. You can discover more in the guidance found in the Microsoft Cybersecurity Reference Architectures (MCRA) and Enterprise Admin Model.

4.      Build a strong security culture

A human-first security culture will help employees stay productive and secure in the hybrid workplace. One factor of this to have a strong password policy. At Microsoft, we see over 10 million username/password pair attacks every day. Build your strategy on updated password policy guidance from NIST, NCSC and Microsoft. Using technology such as Windows Hello for Business, the Microsoft Authenticator app and FIDO2 tokens alongside MFA will help to reduce successful credential attacks You can find out more about passwordless tech from Microsoft Security Team member, Alex Weinert in his blog; Your Pa$$word doesn’t matter.

If passwords are going to be with you for the foreseeable future, Azure AD Password Protection helps users select passwords that are not commonly known and Azure AD Self-Service Password reset will minimise the operational cost of passwords.

5.      Close the door on insecure legacies

From our research, we’ve seen most opportunistic attacks target legacy authentication protocols that bypass MFA. But there is an effective control to prevent this. Disabling legacy authentication and enabling MFA is one of the most impactful things you can do to prevent credentials from being compromised. Microsoft provides the tools to you accomplish this. In new Azure tenants, legacy authentication protocols are disabled by default, but many existing tenants still have this enabled.

Building a secure hybrid workforce

Multi Factor Authentication is becoming increasing important for an organisation’s cybersecurity. To stay resilient, organisations need to ensure employees can securely and easily access their work across devices, no matter where they are. MFA helps achieve this. Also, by modernising MFA organisations can increase resilience to attacks and service outages. They can also improve agility in adopting new features while supporting legacy systems.

Find out more

Build a modern security strategy

Security and mobility

Discover MFA

Resources to empower your development team

Secure Azure Active Directory users with Multi Factor Authentication

Manage identity and access in Azure Active Directory 

How Multi Factor Authentication provides secure access to resources

About the author

Gavin works within the Customer Success team at Microsoft. His aim is to make customers more productive, more secure, and ultimately more successful through features like Azure AD. Having seen what modern ransomware attacks can do up close, Gavin is passionate about helping keep an organisation’s customers, staff, systems and data safe. He is also a keen cyclist (on and off road), husband and father to three young children. You can catch him on Twitter @gvnshtn and on LinkedIn.

The post How multi-factor authentication empowers secure hybrid working appeared first on Microsoft Industry Blogs - United Kingdom.

To build and maintain trust with citizens we – as a data community – have an obligation to address these ethical issues. Previously, I’ve talked about how to build and effective data strategy and culture. A critical aspect of both strategy and culture is to ensure the ethical and responsible use of AI and data. We need to empower organisations to use data with a sense of responsibility. The EU recently released their Artificial Intelligence Act, the first legal framework for AI. In it, they take a risk-based approach to protect EU citizen’s rights while ensuring they can still foster innovation. As we saw with GDPR, the AI Act includes fines for infringements of up to four percent of global annual turnover (or €20M, if greater). Therefore, it is more important than ever to focus on the responsible use of data and AI.

Build your responsible AI strategy with the right question

Are you using AI technology to do the right things? Is it answering the right problems in the right way? AI shouldn’t be implemented because it’s a shiny new piece of technology. It should be used to help solve a problem. And to work properly, it needs to reflect the community you serve. To do this you need to build your data and AI solutions on ethical principles that put people first.

At Microsoft, one of my focusses as Chief Data Officer (CDO) is to ensure our use of data and AI remains ethical and responsible. What I have found is this is just as much a culture shift as much as a technological process. In a recent webinar, when I spoke with other data leaders across the industry, they also agreed.

What was clear across the board is that organisations need to take a very practical approach to responsible data and AI principles. Below are six principles that organisations can use to build their own responsible AI governance.

1.      Fairness

Although our society is diverse, it is unfortunately unfair and bias. It is our role to ensure that the systems we develop and deploy reduce this unfairness. However, fairness doesn’t just relate to the technical components of the system. It also about the societal context in which it is used.

“Ensuring the biases are taken care of is important. We think about how data is being increasingly used across platforms and avoiding any disproportional impact as a result,” says Sudip Trivedi, Head of Data and Analytics at London Borough of Camden.

How can leaders ensure fairness? We need diverse teams that question the data and models we are using at every step along the journey. We need to think critically about the implications and unintended consequences more broadly. Having checklists to continually monitor data and AI processes is a great way to ensure we stay fair. Leverage tools and learnings to validate fairness regularly.

Fairness tools:

AI fairness checklist

Datasheet fairness checklist

Fairlearn open-source toolkit

2.      Inclusiveness

Our aim at Microsoft is to empower everyone to achieve more. We are intentionally inclusive and intentionally diverse in the paths we take. AI needs to be built with everyone in mind. Because when you design solutions that everyone can access, the data you collect will be fairer.

This is where your diverse organisation becomes a huge benefit to you. By ensuring that your data and AI teams are diverse you will be building for everyone. And don’t forget to include a diverse audience for your testing to ensure that your systems remain accessible for all.

“It takes having that diversity within your organisation or stakeholder group to spot issues,” says Nina Monckton, Head of Data Strategy, Advancing Analytics & Data Science at AXA Health.

Inclusive tools:

Inclusive design guidelines

Design with accessibility in mind

3.      Reliable and safe

Our data and AI processes need to be consistent with our values and principles. As owners of these models, we need to continuously check that they’re not causing harm to society. And if they are, we need to have processes to fix them. We’re also transparent with our users on these issues.

Building reliable and safe AI isn’t limited to just physical systems that affect human life. For example, self-driving cars or AI in healthcare. It’s also about ensuring that every model you create stays reliable and safe no matter how big it gets or how many people work on it.

Reliable and safe tools:

Accelerate the pace of machine learning while meeting governance and control objectives with MLOps

Preserve privacy with Project Laplace

4.      Transparency

Transparency can help us reduce unfairness in AI systems; it can help developers debug systems, and it helps us build trust with our customers.

Those who are creating the AI systems should be transparent about how and why they’re using AI. They should be open about the limitations of their systems. People should also be able to understand the behaviour of AI systems.

“Being transparent is critical to doing good data work. If you don’t have the transparency, it’s very difficult to know if it’s doing its job well,” says Daniel Gilbert, Director of Data at News UK.

To truly understand AI, we need to democratise through digital skilling. This is not just within your organisation, but within society too. We need to work together to help encourage skills growth across our communities with digital skilling programmes. This will help further increase diversity in our organisations as we introduce people to the opportunities of technology careers.

“A lot of the data we are collecting and using are from people who are digital literate. There’s a real hard question: Is the data we’re collecting really representative of the people we’re trying to provide services for?” says Nina.

Transparency tools:

Microsoft Learn

Improve digital skills

Bridging the digital divide

5.      Privacy and security

Privacy is a fundamental right, and it must be built in to all our systems and products. With AI, machine learning and the reliance on data, we add new complexities to those systems. This adds new requirements to keep systems secure and to ensure data is governed and protected.

You must think about where and how the data is coming from. Is it coming from a user or a public source? How can your organisation prevent corruption and keep the data secure?

Privacy and security tools:

Learn about confidential computing 

6.      Accountability

As leaders, we are accountable for how our systems impact the world. Let’s look at facial recognition. There’s a lot of good uses for it, but only if we stick to principles that guide on how we develop, sell, and advocate for regulation on facial recognition.

Accountability includes internal and external factors. We need to keep key stakeholders informed across the whole cycle of AI systems. And we need to ensure we stay accountable to society.

Mahesh Bharadhwaj, Head of Europe Analytics at Funding Circle talks about asking the right questions at the right time: “Are we using the AI to do the right things? Do we check the models are being built correctly? Are we making sure the model is being deployed on the context it is built?”

Accountability tools:

Explore interaction guidelines 

Responsible AI builds trust

To build trust, a balance between culture and data capabilities is key. We need to make sure we are encouraging people to leverage data in ethical and responsible ways. These six principles should help you build AI-systems while building a diverse and inclusive culture. By doing this, we will ensure we’re serving our community in the best way possible.

Find out more

Discover our approach to responsible and ethical AI

Build a modern data strategy

Resources to empower your development team

Register for Microsoft Build on 25-27 May 

About the author

As an advocate of data-driven decisions, Robin has spent over two decades at Microsoft ensuring organisations have the tools to leverage the zettabytes of data available today to achieve their digital transformation vision.

Microsoft has been on its own digital transformation journey for several years and data has been a central part of that journey. Robin focuses on creating a data-driven culture across the business at Microsoft. This includes ensuring that we are considering data across our internal processes, as well as how we are helping our customers and partners succeed with data.

Robin is passionate about learning and collaborating with our customers and partners about how to truly leverage data and AI to create new solutions.

Prior to working at Microsoft, she served in the US Military. She strives to bring her best in all aspects of work and personal life. From obtaining two law degrees and multiple professional certifications – all while working full time, parenting her daughters and balancing personal commitments (including training for an IronMan), she believes anything is possible.

The post 6 ways leaders can build responsible AI and data systems and the tools that can help appeared first on Microsoft Industry Blogs - United Kingdom.

What your leadership team really want from technology

Now more than ever before, the technology employees use is proving to be a point of difference between companies that succeed and those that don’t. Why? Because modern technology opens up new possibilities for flexible, creative, and better working. Of course, with all this smart, new technology on offer, business leaders have hard decisions to make. And, in my experience, they have a diverse set of goals in mind when approaching this task. Broadly speaking, they want to:

• Optimise operations and cut costs
• Engage customers across channels, while boosting loyalty
• Innovate and stand out from their competitors
• Get more from their employees

What employees really want from technology

Of course, technology decisions don’t just affect the business and its leaders. Employees also have certain needs. They want access to their favourite apps. There will be generational differences and their individual motivations to consider as well. Sure, tech can augment employees’ skills and capabilities. But, more importantly, it can help them do their best work and achieve their own goals. In my experience, employees want technology that helps them:

• Be more creative
• Work together better
• Complete work more easily
• Stay safe and compliant on and offline

When they have technology that helps them do all of that in the way they find best, they’ll be happier, more productive, and more engaged. Which means they’ll do their very best work for their employer. They’ll want to stick around. And new talent will be eager to come on board, too.

Starting to see how the idea of the balancing act comes in?

How to strike the right balance between leadership and employees

As a CTO, your role is to bridge the gap between what business outcomes the leadership team wants to drive, and what your employees want to achieve daily. While also getting everybody on board with technology changes. In short, you have to choose and implement the kinds of tools that people want to use. The kinds of tools that can help everyone achieve everything they want. What’s more, you have to think beyond technical delivery, to how you’ll get everyone engaged with the process.

This practice of change management takes employees on the journey right from the very beginning. So, when it comes to adoption, everyone’s committed. Not just the leaders. This might mean getting members of the leadership team involved from the start of each project. Or it might mean managers embedding the change in their coaching and bringing in relevant training to build skills in their team.

It’s all about striking a balance so new technology isn’t just an investment, but an occasion. Your employees are excited by it and want to use it. I’ll leave you with these four questions I always ask before considering new technology:

1. What are the strategies or outcomes my business wants to achieve?
2. Could technology solutions fulfil or contribute to these goals?
3. How could employees benefit from this technology?
4. How could we take them along with us on the change journey?

The points I’ve covered are just the tip of the iceberg. If you’d like to learn more, why not explore our Microsoft 365 offering? It’s packed with features and tools that can help your employees – and your organisation’s leaders – achieve their goals.

Find out more

[msce_cta layout=”image_center” align=”center” linktype=”blue” imageurl=”http://approjects.co.za/?big=en-gb/industry/blog/wp-content/uploads/sites/22/2018/07/collaboration.jpg” linkurl=”https://info.microsoft.com/en-gb-landing-UK-M365-CNTNT-FY19-01Jan-30-Real-World-Guide-to-Employee-Engagement-AID-771369-MGC0003484.html” linkscreenreadertext=”Strike the right balance for employee engagement: download the guide” linktext=”Strike the right balance for employee engagement” imageid=”7153″ ][/msce_cta]

Leadership in the time of artificial intelligence

About the author

David Rodger is Microsoft’s CTO for the enterprise commercial business. Alongside his community of strategists, he identifies where and how the right tech can drive change and success. Here, he talks about how modern technology is changing the role of the CTO and how you can balance the needs of your leadership team with those of employees.

The post Striking the balance: how modern technology is changing IT leadership roles appeared first on Microsoft Industry Blogs - United Kingdom.

It’s tough being a leader today. Unlike the explorers of yesteryear, no longer is it as easy as organising an expedition to a distant summit then sitting back in the expectation of certain success. Today, those who have attempted such expeditions have often had their hubris checked by an unexpected disruptor with the temerity to catch up and overtake them.

Leaders like to be in control. But the pace of disruption leaves leaders feeling a little breathless as they earnestly struggle to ascend their digital peaks. And they find it relentless—for every zenith they reach today, someone else climbs higher tomorrow.

However, today’s leaders have fought hard to discard the dead weight of laboured budgetary processes and conservative organisational cultures. They have begun to build the agility and entrepreneurism essential to adapt and survive. It’s been a struggle, but slowly their enterprises are becoming fit for the digital age.

And then, inevitably, stepping out from the gloom, appears the next interloper.

Artificial intelligence (AI) has been with us for some time. We’ve been using technology to mimic human cognitive processes for nearly as long as we’ve had computers. But forces have coalesced over the past few years to shape AI into a new, more powerful force. One that seeks to throw wide open the gates of competition and challenge every leader on their journey to success.

AI has become so disruptive because four technologies have developed rapidly and combined with seismic effect.

Computing power The exponential impact of Moore’s Law has resulted in hugely powerful computer chips—we can now do much more within the same physical constraints of silicon circuitry.	Algorithms At the same time, big leaps have been made in computer science with the development of increasingly sophisticated machine learning algorithms that are more efficient in the way they use those chips to do calculations.	Data Then there’s data. Lots of it. AI’s power grows through data—as we produce more data in our interactions with digital devices, we train AI to become more insightful, more applicable and create more personal experiences.	The cloud The final technology that is fuelling the power of AI is the cloud. The cloud is the medium through which AI’s value is experienced. The cloud’s connectivity and scale are the perfect platform for AI, and business leaders are now grasping the limitless potential that these capabilities bring.

Al’s rise results in a single significant challenge for business leaders: the democratisation of intelligence. Competitive advantage has traditionally been founded on the scarcity of intelligence. The acquisition and protection of smart people and smart models of understanding have been key to business success. And then along comes AI. AI automates. AI makes sense of complexity. AI even mimics creativity and empathy. It drives productivity and efficiency among employees. The question for leaders now is how can they find value at a time when AI empowers everyone with intelligence?

The key to success is in recognising the unique value that exists in the combination of people and AI. AI leads to the democratisation of intelligence, but that intelligence still needs to be applied. Human ingenuity is what’s required to translate AI into real value.

So, as leaders prepare their organisations’ digital paths, three questions will focus their minds:

1. Are you intelligent? Leaders should have a clear strategy for accessing and deploying the power of AI. This won’t be a uniform one-size-fits-all approach, but it will require harnessing the cloud as the medium for AI power and connectivity. Modernising their technology platform is the most rapid route to AI capability.
2. Do you have ingenuity? Leaders will need to build a culture of entrepreneurism across the organisation. This is the value creator in the time of AI. Leaders need to develop new skills in their workforce—soft skills alongside creativity—skills that complement AI, rather than duplicate it.
3. How do you combine intelligence and ingenuity? Leaders must recognise the need to change the way the organisation works if they are to harness the power of AI. Using methods that allow for experimentation are key, as is an emphasis on diversity and transparency to ensure AI is developed and managed without bias and with clear responsibility.

AI offers the potential for leaders to scale great heights. Leaders should set themselves ambitious targets for the success they aim to achieve for their organisations and society as a whole. They should also equip themselves well for what will certainly be a rewarding adventure.

About the author

Richard advises business leaders in the UK on a range digital transformation challenges. However, it’s the building of innovative enterprises that is his real passion. As well as leading Microsoft Services’ CTO practice, Richard works with customers helping them turn ideas into transformational business results.

You can find out more about Richard on Twitter and LinkedIn.

The post Who’s smart now? Leadership in the time of artificial intelligence appeared first on Microsoft Industry Blogs - United Kingdom.

Stand out from the competition

As a business, you have a core differentiator that helps you stand out from the competition. When you’re thinking about digital transformation and building a plan to migrate to the cloud, think about how it will give you more time to focus on the core of your business and stay competitive.

Build what differentiates you. Buy what doesn’t.

The cloud provides a true vehicle in which organisations can offload and automate. Take advantage of the productivity gains you can get from the cloud, as well as the security, compliance, and scaling. As a result of using a cloud approach, nearly 80 percent of IT professionals surveyed by Microsoft say they are saving money, increasing productivity, and have better security.

Mazars is an Australian-based accountancy and advisory company with offices found globally. They traditionally ran their data centres from London where their servers required maintenance which contributed to latency issues using Citrix between countries.

Users wanted to be able to work more flexibly and remotely, whilst the IT team needed to focus on business value services –

improving their core differentiator. They decided to move to Azure and used the Hyper Cloud Platform to connect applications and infrastructure.

“By mobilising our apps into the cloud, they’re not so dependent on historic infrastructures,” says CTO David Bennett. “One of our key drivers was to move to a flexible model. We’ve opened up in regions that a traditional Citrix deployment in London wouldn’t allow us to do. By moving to Citrix on Azure, we can go and open an office really quickly.”

Mazars has seen a reduced latency for its Citrix users globally, improved user experience, and competitive advantage. Hyper Cloud Platform has also identified cost savings of over $50,000.

It represents a huge shift in the way you think about your resources. With the cloud, it’s easier and cheaper to scale up, out, and down as you need. It will help run your day-to-day, so you can focus on what really sets you apart so you can deliver a great

customer experience.

What about security?

You’re only as secure as your front door. With cloud, there are multiple doors. However, that doesn’t mean you’re more at risk.

In fact, there are lots of security benefits of migrating to the cloud. You no longer have one point of failure like you would if you hosted your own servers. It also makes it easier to manage users, data, and access, meaning your employees can get on with focussing on the core of your business.

“The digital landscape—and associated cyberthreats—will continue to grow rapidly,” says Simon Hodgkinson, Group Chief Information Security Officer at BP. “We need to keep BP cyber-resilient and continually improve our ability to protect, detect, respond, and recover in the event of a cyberattack. Everything we do has to be secure by design.”

Security and privacy are built into Azure from the beginning and are updated to ensure you’re protected against the latest threats and have the most up-to-date compliance. This is key to ensure you stay compliant with GDPR. However, this doesn’t mean you’re not accountable for your cybersecurity just because you’ve moved to a cloud provider.

While Azure is built from the ground up with security in mind, keeping your data safe is a shared responsibility. You also must use best practices and educate employees on how to manage, classify, and access your data securely. What moving to the cloud does, is make this all so much simpler. Azure Security Centre gives you control over your cloud assets. Identity and access management such as Intune, MFA, or Azure Active Directory ensures everyone will see only what they need to.

“Using the combination of Cloud App Security and Azure AD helps us detect unusual patterns of behaviour, expand more risk-

based checks, and enforce user access, granting it only to devices and locations that we know are right,” says Chris Eaton, Director, Security Strategy and Architecture at BP.

How do I migrate to the cloud?

It can seem like a big job – after all, the world produces about 2.5 quintillion bytes of data a day. Look at your business strategy. Is it a modern strategy that’s data-driven and future-proof? Or is it outdated and based on yesterday’s ideas? Figure out what you need to achieve and work to find a cloud solution that will help you.

Remember: Build what differentiates you. Buy what doesn’t.

Migrate to the cloud over time with a hybrid approach using a combination of on-premises, public cloud, and private cloud. Listen to the feedback of your IT team and employees and make changes to ensure everyone is empowered and has the right skills to use the cloud.

Don’t think about the cost of moving to the cloud. Think of it from this perspective: How much would it cost if you did nothing?

IT spending in businesses is higher than ever, and organisations are capitalising on digital transformation. A Cloud Industry Forum survey said that spending on cloud infrastructure has overtaken spend on legacy IT for the first time ev

er – with 84 percent saying they’ll increase their cloud spending in 2019.

For Towergate Insurance, moving to the cloud meant they became more agile, efficient, and collaborative. They saw a 75 percent improvement in reported major incidents and streamlined costs by moving to Azure.

“For the first time, staff feel actively enabled by technology to do their jobs better and more easily, rather than being frustrated by it,” says CIO Gordon Walters. “Not only has it transformed the way they work and the experience for our customers, but we now sell better informed product bundles because of the ease of knowledge sharing and collaboration internally.”

You don’t want to get left behind. When you migrate to the cloud your teams will be more productive and collaborative. Your firstline workers will be able to make the most of every minute in the working day. Even that morning commute whilst waiting for their train. What you save in costs, you can use to invest in other parts of the business, increasing your core differentiator and making you more competitive.

Find out more

Discover the right cloud solution for your business

[msce_cta layout=”image_center” align=”center” linktype=”blue” imageurl=”http://approjects.co.za/?big=en-gb/industry/blog/wp-content/uploads/sites/22/2019/01/Interior-view-of-the-Gherkin-building-in-London-e1549465950152.png” linkurl=”https://azure.microsoft.com/en-us/resources/cloud-migration-essentials-e-book/” linkscreenreadertext=”Download the eBook: Cloud Migration Essentials” linktext=”Download the eBook: Cloud Migration Essentials” imageid=”7354″ ][/msce_cta]

The post Why you should migrate your business to the cloud appeared first on Microsoft Industry Blogs - United Kingdom.

Everyone wants the latest and greatest tech but something is stopping IT teams from migrating employees to modern desktops.

A Windows PC is where the majority of your employees will do most of their work and, for them, it’s always been an easy choice. Most people are already happily using Windows 10 at home. But IT departments seem to be more hesitant. From experience, IT teams often have bad memories from the last major upgrade that make them hesitant about migrating to a modern desktop. Whilst they’re eager to use the latest tech, they don’t want, and can’t afford, any downtime.

You might be experiencing the Rashomon Effect in your business – where two or more witnesses recount an event completely differently. Your employees may only have seen you updating their machine. They think it’s easy and can’t understand why you won’t let them use the latest technology. But we know that it was a company-wide undertaking for you and your IT department.

The workforce craves cutting edge technology

From my experience, employees are left feeling deflated, frustrated and much less productive when their kit is dated. It doesn’t give them the functionality they need to do their best work.

The tech people use at work isn’t as modern as their kit at home. Your employees are eager to get to grips with the very latest technology.

You hardly even notice your devices updating at home as nearly everything’s automated. Last time my phone updated, I was prompted with an update, clicked ‘Update tonight’ and, as if by magic, next time I used my device, everything was sorted.

But it was a different story last time your IT department updated every device across the entire business. For starters, migrating from XP to Windows 7 was pretty complex. Most machines had to be wiped clean. Everything needed to be re-installed from scratch and there were major issues caused by differences in the underlying systems.

Put simply, lots of apps stopped working and had to be re-written, which was costly and time consuming.

Migrating will be easier this time

The move from Windows 7 to Windows 10 is infinitely easier, because compatibility levels are much higher. 99% of commercial software that works on Windows 7 also works on Windows 10, so there’s no need to worry about your apps. In many cases, it’s possible to upgrade rather than start again. Which means you can upgrade Windows 10 on top of Windows 7, keeping all the settings, apps, and data in place. The upgrade will be faster, cost a lot less, and be a much less stressful experience. Your employees will be a lot happier to have their machines updated and up and running quickly, with the added benefit of still feeling familiar too.

Windows 10 closes the gap between Windows 7 and the last decade of cyber threats and it can dramatically reduce complexity for your IT team, making it easier to get a company device ready when someone joins your organisation. What’s more, new AI features make getting things done with PowerPoint and Excel faster and smarter than ever before. Cortana boasts some new productivity tools too.

A report commissioned by Forrester predicted an ROI of 233% for companies implementing Windows 10.

I always recommend this handy tool to IT teams who are looking to migrate to a modern desktop so they can see how much of their organisation’s hardware and software is ready for Windows 10 before you start.

As you can see, keeping your systems up to date has become a lot simpler. When you combine that ease with the invaluable reward of improved employee experience and increased security; it’s a no-brainer.

What’s stopping you?

Learn more

Why cybersecurity is a boardroom issue

Discover how Windows 10 can help protect data, devices, and identity

10 stats that reveal the changing face of IT security

About the author

Robert has been in the IT industry for over 20 years and has a wealth of experience – from running his own IT solutions business to spending time in the IT channel, working with industry names like HP and Intel. Robert has worked at Microsoft for around 15 years across various roles, including Small Business Audience Lead and OEM Sales Manager. In his current role, as UK Product Marketing Lead for Microsoft 365, he’s also responsible for helping partners, from startups to enterprises, understand the value of Windows 10, how to adopt it and how Windows makes it easy to keep valuable business data secure.

The post Migrating to the modern desktop made easy appeared first on Microsoft Industry Blogs - United Kingdom.

It’s 9am as you walk into the office. The lights are out. The doors lock behind you. You try to check your email, but the internet has been disconnected. When you reach your desk, you’re astounded to find it’s been replaced with a soundproof box.

This is the ideal world of security. Nothing gets in, nothing gets out. But, of course, nothing would get done.

It sounds ridiculous, but it’s not far from the reality I left behind to join Microsoft in 2012. On my first day here, I brought my laptop from home, just in case. Of course, I wasn’t sure how useful it’d be; surely there would be no chance I’d be allowed to plug into their network and join the domain…

So when Microsoft let me do exactly that, I figured it was a test – the job I’d just left would’ve fired me for gross misconduct. But it’s nothing like that here. Here, we trust people to work their way. But we always assume compromise. Employees can work on any device they want, because our network carries out a security check automatically, every time.

This is our security culture. It’s a quick process that doesn’t intrude on the way we work. And it’s how we’ve helped employees care about security.

The security to say “yes”

Now, in my role here at Microsoft, I’m on the other side of things. Trying to keep up with the new technology my team needs to work. The biggest lesson I’ve learned from our security culture has been: You’ve got to trust your people.

Employees just want to do their jobs the best way they can with the tools they prefer. That’s why they send work to devices and services at home, even though they know they shouldn’t. They download apps they’re familiar with, even if they’re not approved. And they reuse the same password, even when they know it’s been compromised, because it’s better, easier, and faster.

They want to do the right thing, but not at the cost of their productivity – or satisfaction. You have to accept they’re not going to put security before either of those things. That’s why, in a security culture, well-meaning employees aren’t punished for making honest mistakes. It’s up to technology and managers to make security easy for employees to manage on their own.

After all, what’s the alternative? Enforce security measures without explaining them – and punish any employee who doesn’t follow them? That’s how you push your people into finding faster and riskier ways of working.

Instead of saying no, a security culture welcomes new technology – because a security culture is prepared. It relies on people but it’s supported by apps, features, and AI tools that make security part of the culture. Apps, features, and AI tools like these…

Five tools you can use to start building your security culture

1.     Add extra layers of security with multi-factor authentication

If you’re only going to take one thing away from this blog, take this. Switch on multi-factor authentication on any device or service that supports it. If it’s not supported, question whether that device or service is right for you. Multi-factor authentication kills the vast majority of attacks and, when it’s done right, makes for a better user experience.

2.     Put the rules where nobody can miss them with Tool Tips

Turn your security policy from some abstract list of rules, into practical pointers employees can use every day. You can do this with Tool Tips on Office 365 and Azure. This uses AI to prompt people when it looks like they’re about to do something risky like opening an unknown attachment, sharing their personal details, or sending information to someone they shouldn’t be sending it to.

3.     Assess the risk and respond appropriately with risk-based conditional access

It’s not enough to just say yes or no. These days, different devices, tasks, and requests all come with different degrees of security risk. That’s why we built risk-based conditional access into Office 365 and Azure. So you can assess the risk for yourself, implement a rule specific to the case, and use AI to apply it automatically in the future.

4.     Know where you’re starting from by turning on reporting

To totally understand your current security culture, log every breach. Take notes. Have conversations. Once you understand how and why your employees are breaking your rules, you can find ways of making them easier and more productive to stick to. Instead of implementing and enforcing severe data protection policies on your well-meaning employees.

5.     Protect your devices and accounts with a password manager

You’ve got lots of passwords. Or maybe you’ve only got a few that you use on lots of digital accounts. But until password-less authentication is the norm, that’s the way it is. You’re bound by policies and complexity requirements. A password manager is a simple way of ensuring every service has a unique and complex password – all you have to remember is the master, and the app completes the login for you. There’s a password manager like this built into Windows.

So how do you get employees to care about security?

You make it easy. You make it better than not caring – and not through threats.

When employees can confidently use their own devices and apps, you’ve made security an enabler, not an obstacle. When following the rules means employees have the power to work their way, you’ve made security a carrot, not a stick. And when working safely is just another part of your employees’ everyday, you’ve got a security culture.

And it’s easy to build yours with Microsoft 365 so you can empower your people to do their best work securely.

Learn more

4 ways to transform your employees into cyber security champions

Empower your employees to be creative and work together securely

Talking 365: How to avoid security nightmares

Forrester’s Risk-Driven Identity and Access Management Process Framework

About the author

Nick is passionate about transforming every person and organisation to be more productive and more secure in his role as Security Product Marketing Lead within the Microsoft modern workplace team. A geek at heart, he spends his spare time experimenting with lasers and 3D printers with his two sons, keeping old computers alive (particularly Commodores), and learning about mechanics to keep an ageing British sports car on the road.

The post How do you get employees to care about security? appeared first on Microsoft Industry Blogs - United Kingdom.

Ever since personal computers have been a mainstay of the workplace, we’ve had CIOs in our businesses. Their role is to own the strategy of technology within the business to ensure it supports wider organisational goals. As our use of technology has become bigger, the role has grown to match.

It’s no longer just deciding on what technology your organisation requires. After all, all businesses need technology to succeed in today’s world. A modern CIO is taking a human-centric approach to technology, focussing on the employee experience. They ensure everybody is empowered to work the best they can, using technology that suits their working style. This modern way of working can boost revenue by 14 percent and is an important factor for attracting and retaining employees.

Emerging technology

One of the biggest issues facing organisations today is what technology you should adopt and when. Do it too slow and you risk falling behind the rest of your industry.

80 percent of CIOs believe that not modernising will negatively impact their organisation.

With AI, blockchain, cloud, mixed reality, and the Internet of Things, there’s so many options to choose from that could revolutionise your organisation. It’s hard to know where to get started. Before you do anything, you should first identify your business challenges. What problems are you trying to solve? Only then will you be able to uncover how technology can help your organisation.

At Towergate Insurance, CIO Gordon Walkers adopted an ambitious mentality to transform their workplace, which embraced Azure, Office 365, Windows 10, Platform-as-a-Service, and Infrastructure-as-a-Service.

“For the first time, staff feel actively enabled by technology to do their jobs better and more easily, rather than being frustrated by it,” he says.

You need to bring everyone together with the technology right from the implementation stage. Listen to feedback and provide ample learning and development opportunities.

All technology should be used to benefit humans, not replace us or take over. With AI forecasted to increasingly handle more labour by 2025, it leaves us with more time to focus on using our ‘human’ skills such as innovation, creativity, and problem solving.

A mobile workforce

The great thing about technology is that it’s allowing us to be a more mobile, flexible workforce, improving work-life balance and empowering us all to be more creative. However, for the CIO, that can bring its own challenges.

CIOs need to find ways that will allow employees to work wherever they work best – whether that’s in the office, at home or in a coffee shop. With 53 percent of people saying they would be more productive if they worked remotely it doesn’t make sense to force everybody to come to the office.

“It’s my goal as CIO to make sure this amazing group of more than 5,000 individuals has the best tools at their disposal as they collaborate in creative teams across 40 countries to help our customers achieve their unique business and sustainability goals,” says ERM group CIO, Richard Zotov. He deployed Microsoft 365 across the organisation to empower their employees to work faster, better, and safer, maximising ERM’s global impact.

According to the Deloitte Global Mobile Consumer Survey 2018, 45 percent of people use their own devices to answer work emails. That’s why you may need to consider a mixture of remote working and bring your own device policies, with tools that make it easy for employees to access their work, whilst ensuring your organisation’s data stays secure.

Keep control

The NCSC says that 43 percent of businesses reported a cyberbreach in 2017. Data doesn’t care how it’s being used. It’s up to you and your organisation to show your employees and customers that you care about their data. Have a set of core principles grounded in ethics, accountability, security, and compliance.

Microsoft builds all its products with security and compliance in mind. More importantly it gives you the power to protect your data. Securing data and applications is often best done by identity-based controls like multi-factor authentication or role-based access control.

People first

Even though a CIO manages the organisation’s technology infrastructure, your success depends on how people interact with that technology.

Therefore, it’s important to take a people-centric approach from the get-go. Be open and transparent. Offer learning and development for everyone. Listen to feedback from all employees – from frontline to C-level, and engage with them on platforms such as Yammer, or Teams.

A modern CIO is one who has aligned their technology use with the organisation’s values. More importantly, they’re passionate about creating an empowered workforce who is productive, collaborative, and confident in the technology they use at work.

Find out more

Drive a creative culture in a modern workplace
Why you need intelligent security for a modern workplace
Find out how to maximise the AI opportunity

The post The future role of a CIO appeared first on Microsoft Industry Blogs - United Kingdom.

Howard Bush

Caution over Blockchain

Bitcoin may have entered the public consciousness, but not much has changed for the banks over the last twelve months. Bartlett says, “distributed ledger technology is something of great interest – the question is how do we turn something of great interest into something of great value?”

Certainly there’s a perception in banks that while distributed ledger could be valuable, there are problems to be worked through first, and even the most technologically-savvy are moving cautiously. There are still big problems for banks, specifically around anonymity and the problem in anti-money laundering that it creates.

“All the banks are investing R&D in [distributed ledger],” says Bartlett. “They want to be seen as active players.” But even banks with a reputation for being forward-thinking when it comes to adopting new technology are moving cautiously with distributed ledger. The initial rush of interest over cryptocurrencies has been replaced by a more measured view of what distributed ledger can offer.

So where are the benefits of distributed ledger? When applied to the banking system distributed ledger offers a more efficient alternative to the current payment processes; but moving these legacy systems onto an entirely new technology stack is a large, expensive and risky undertaking. Performance improvements and cost reductions promised by distributed ledger could be realised using alternative technologies such as Artificial Intelligence (AI) and Robotic Process Automation (RPA).

“The benefits to a bank tend to be on the transaction side,” says Bartlett. “Look at the payment world, which is relatively inefficient. These technologies could take a huge amount of inefficiency out of the international payment environment.”

Ultimately, then it’s still early days, and other solutions may yet present themselves. “distributed ledger is one pressure on the system, but there are other pressures creating uncertainty,” Bartlett says. “When you look at a technology like distributed ledger, it is a pressure point on an environment or ecosystem, and the ecosystem can respond in multiple ways. Banks typically, because of their conservative nature, tend to look for efficiencies in their current environment, rather than adopting new technologies. We’ll see how it plays out.” Microsoft is investing heavily in Blockchain with Project Bletchley and Coco Framework.

APIs – a platform of value

Banking is a highly-regulated industry, and the banks are prepared for mandated changes such as the second Payment Services Directive (PSD2) and Open Banking. That’s not where the uncertainty lies. The banks don’t want to be like Blockbuster.

The API trend is yet to mature, but Bartlett believes it will only take one or two sharp organisations to build a platform of value rather than just substitute value. “Where API will come into plays is when you start to see smaller players able to offer platforms of value by coming together under the umbrella of a third-party platform. So, a building society might combine with an insurer, plus a mortgage provider, plus a Monzo-like debit card – and presents itself as one platform.”

Still, the churn is low. Current account switching in the UK is only in the 3-4% per annum range, and the change in market share is also low even with initiatives such as Open Banking.

Trends in cloud computing

Regulatory-mandated changes are a chief driver when it comes to the adoption of cloud technology. Initiatives such as the Fundamental Review of the Trade Book (FRTB), part of the Basel Accords, are changing the way in which traded assets are valued throughout the course of a day, and the risks associated with that.

Bartlett says it’s a process that demands a large amount of compute. “Banks’ first foray into the cloud has been with analytics workloads, things like grid compute. For FRTB all the banks are looking at cloud.” Speed is of interest here. “We can spin up an analytics environment in hours, not months, so we’re seeing banks go down that path.”

Another driver towards the cloud is dealing with legacy technologies. The cloud offers the advantage of avoiding the huge expense of on-premise technological solutions. “The cost of those services in-house is ridiculously expensive, particularly when you look at the switch on/switch off costs.” In-house assets, such as grid or HPC computing infrastructure, can have multi-million-pound initial outlay costs that rapidly depreciate in value. “Whereas an Azure Service like Batch you can switch it on, get the value out of it, and switch it off.”

To compete with the challenger banks and the FinTech startups, the established banks need to provide a better customer experience at a lower cost. “Banks all struggle with trying to get the cost/income ratios down,” Bartlett says, “and a large part of that is driven by legacy technology environment that are inflexible, too costly and too slow moving to adapt to these new requirements.” This in turn creates blocks to knowing more about customers. “That’s when you start to see technologies like Azure Data Lake being used to create a better source of information.” Machine Learning and advanced analytics workloads and are gaining traction too. “Banks are trying to see how they can take the information assets they already own, move them into modern data platforms. Then they can learn more from every customer interaction. This allows them to provide better customer experiences, with greater customer intimacy, to gain greater efficiency and challenge the challenger banks”.

If you would like to know more about how Azure can be used by the Banking industry, visit the Azure banking website.

In the next article, we’ll be looking at how Smartr, a UK based startup, is disrupting the traditional mortgage market.

Find out more by downloading The Future Banking Ecosystem white paper

The post The latest trends in the Banking Landscape appeared first on Microsoft Industry Blogs - United Kingdom.

The average cost of a data breach is now at more than $4m, according to McKinsey. In many cases, cyberattacks have the potential to destroy a business, which is why cybersecurity is now a boardroom issue. It’s time for the senior managers in businesses to lead the charge.

C-Level buy-in

Being fully cyber-resilient requires making very important decisions, the likes of which need the support and direction of C-Level executives. The big issue, however, is that in many organisations senior leaders, particularly CISOs or CIOs, rarely meet or attend board discussions, which can put a strain on the ability to make informed and strategic decisions.

It is crucial that top-level execs come together with a clear understanding of the type of threats their business faces and the solutions they have in place to defend against them. Only then can a business take real control of its cyber-resilience.

Be the change

As much as 87% of senior managers have admitted to accidentally leaking business data. When a C-Level executive is seen to be lax when it comes to protecting valuable company data, it’s no surprise that the rest of the business follows suit.

C-Level executives have the ability – and the responsibility – to make significant changes to how their business handles cyberthreats. This begins with them becoming the change they want to see across the rest of the business, and can start with something as simple as taking extra precautions with forwarding email attachments.

If senior managers openly treat cybersecurity as a business-wide issue, it will become a business-wide initiative.

Choosing the right defence

While good housekeeping will help to keep your business secure, it must be paired with robust threat protection software. Although this may sound like a matter for the IT department, it’s important to understand that having the right technology in place to defend your business will do more than just reduce risk, it will also be a business enabler.

Protecting your data will always require a trade-off with operational efficiency, but that trade-off becomes less when you have the right suite of tools, such as:

• Windows Defender Advanced Threat Protection, which helps enterprises detect threats, investigate the scope and quickly respond and remediate to prevent reoccurrence.
• Office 365 Advanced Email Threat Protection, which protects your email in real time against unknown and sophisticated attacks.
• Office 365 Threat Intelligence, which researches threats against your business, responds to malware and phishing attacks and searches for threat indicators from user reports.

While these tools are designed to keep your business protected and secure, they are also built with usability in mind.

IT is a business issue

Senior management giving time to cybersecurity was identified as the biggest driver of maturity in managing risk, according to a McKinsey study. In fact, C-Level buy-in was considered even more important than company size or sector.

Cybersecurity is a long, hard battle to fight but the more top-level executives realise that IT is a business issue, the better chance organisations have at staying secure.

The post Why cybersecurity is a boardroom issue appeared first on Microsoft Industry Blogs - United Kingdom.