Archive for Cloud

Proposed Legislation To Make IoT Devices More Secure

Digital Minister Margot James has proposed the introduction of legislation that could make internet-connected gadgets less vulnerable to attacks by hackers.

What’s The Problem?

Gartner predicts that there will be 14.2 billion ‘smart’, internet-connected devices in use worldwide by the end of 2019.  These devices include connected TVs, smart speakers and home appliances. In business settings, IoT devices can include elevators, doors, or whole heating and fire safety systems in office buildings.

The main security issue of many of these devices is that they have pre-set, default unchangeable passwords, and once these passwords have been discovered by cybercriminals the IoT devices can be hacked in order to steal personal data, spy on users or remotely take control of devices in order to misuse them.

Also, IoT devices are deployed in many systems that link to and are supplied by major utilities e.g. smart meters in homes. This means that a large-scale attack on these IoT systems could affect the economy.

New Law

The proposed new law to make IoT devices more secure, put forward by Digital Minister Margot James, would do two main things:

  • Force manufacturers to ensure that IoT devices come with unique passwords.
  • Introduce a new labelling system that tells customers how secure an IOT product is.

The idea is that products will have to satisfy certain requirements in order to get a label, such as:

  • Coming with a unique password by default.
  • Stating for how long security updates would be made available for the device.
  • Giving details of a public point of contact to whom cyber-security vulnerabilities may be disclosed.

Not Easy To Make IoT Devices Less Vulnerable

Even though legislation could put pressure on manufacturers to try harder to make IoT devices more secure, technical experts and commentators have pointed out that it is not easy for manufacturers to make internet-enabled/smart devices IoT devices secure because:

Adding security to household internet-enabled ‘commodity’ items costs money. This would have to be passed on to the customer in higher prices, but this would mean that the price would not be competitive. Therefore, it may be that security is being sacrificed to keep costs down – sell now and worry about security later.

Even if there is a security problem in a device, the firmware (the device’s software) is not always easy to update. There are also costs involved in doing so which manufacturers of lower-end devices may not be willing to incur.

With devices which are typically infrequent and long-lasting purchases e.g. white goods, we tend to keep them until they stop working, and we are unlikely to replace them because they have a security vulnerability that is not fully understood. As such these devices are likely to remain available to be used by cybercriminals for a long time.

What Does This Mean For Your Business?

Introducing legislation that only requires manufacturers to make relatively simple changes to make sure that smart devices come with unique passwords and are adequately labelled with safety and contact information sounds as though it shouldn’t be too costly or difficult.  The pressure of having, by law, to display a label that indicates how safe the item is could provide that extra motivation for manufacturers to make the changes and could be very helpful for security-conscious consumers.

The motivation for manufacturers to make the changes to the IoT devices will be even greater when faced with the prospect of retailers eventually being barred from selling products that don’t have a label, as is the plan with this proposed legislation.

The hope from cybersecurity experts and commentators is that the proposal isn’t watered-down before it becomes law.

New AI Feature For Microsoft Word Online To Improve Your Writing

The new ‘Ideas’ feature, an AI-powered editor in the cloud for Microsoft Word is intended to provide intelligent suggestions to make your writing more concise, readable, and inclusive.

Ideas

The new ‘Ideas’ feature, which is already being used with PowerPoint and Excel, is likely to be a value-adding improvement on traditional grammar and spelling checks because it is designed to help with the reading and writing of (online) Word documents.

The feature announced at Microsoft 2019 and scheduled for testing in June, will be able to follow along as you write, offer familiar fixes for spelling and grammatical errors, suggest improvements, be able to detect nuances in language and even suggest rewrites for tricky phrases or clunky paragraphs.

The Ideas feature will also be able to help with the reading of Word documents by, for example, providing estimated reading times, extracting key points, and decoding acronyms using data from the Microsoft Graph.

British Company Wins Google Money For AI

It’s not just Microsoft that’s making the news this week for its ongoing pursuit of augmenting its products and services with AI and machine learning.

British fact checking company Full Fact has just been named among the 20 winners of Google’s AI Impact Challenge.  The award will mean that they will receive a share of 19.1 million dollars worth of Google investment as well as consultation help and mentoring from Google.  The AI Impact Challenge from Google asked for organisations to submit ideas on how to use AI to help address societal challenges.  For Full Fact, this involved ideas about how to use AI to combat the kind of misinformation that affects millions of people’s health, safety and ability to participate in society, and is considered by many to be a threat to democracy in many countries.

What Does This Mean For Your Business?

The addition of an AI-powered, cloud-based enhancement to Microsoft’s online version of Word is considered to be the next, more intelligent step onwards from enhancements like predictive text.  It also offers Microsoft a way to compete with popular grammar programs such as Grammarly, and it will be interesting to see how such companies respond to Microsoft’s ‘Ideas’ feature.

The ‘Ideas’ feature is likely to be particularly good news for journalists and other writers as it will presumably be able to make the low-level composing work a little easier and may be able to save time and add value to their work.  It may even help Microsoft reach its aim of enabling people to design documents for maximum readability, and in doing so, make the workday more productive for many people.

One area where AI is predicted to offer some real promise in the near future is in the (cloud-based) cyber security market.  For example, the Visiongain ‘Artificial Intelligence in Cyber Security Market Report’ for 2019-2029 values the 2019 AI in cyber security market at $4.94bn.  Cloud-based cyber security that incorporates AI could prove to a cost-effective and affordable source of protection for SMEs and large enterprises.

School Enlists Chinese Help To Upgrade To Enhanced Wi-Fi

The Lytchett Minster School in Dorset recently made the news among IT commentators after demonstrating how it could overcome the connectivity challenges of its rural location, cut costs and increase efficiency by upgrading its on-site network with Chinese company TP-Link’s enhanced Wi-Fi.

Challenges

As recently featured by Computer Weekly, the school had to contend with a rural campus location and the resulting poor connectivity, next to a grade II listed 18th century manor house, and a rudimentary system of ageing individual home-user access points (APs) mounted in school corridors which required users to disconnect and reconnect when roaming around.   Also, the old wireless network was not voucher-based and was insecure (the pre-shared key could be compromised), which meant that staff had to reset each AP’s password individually (with remote authentication dial-in user service help) and users had to keep reconnecting each of their devices to the network.

As is the case with so many schools, Lytchett Minster School had to make its limited budget go as far as possible in the upgrade.  This meant the need to minimise price per AP and annual licensing fees while getting the best value, efficient and effective wireless infrastructure solution.

Requirements

It was decided that the most important requirements on the school’s list were power over Ethernet (PoE), Radius authentication, centralised management, provision of multiple service set identifiers (SSIDs) and voucher authentication.

TP-Link Chosen

The school chose Chinese company TP-Link to upgrade their on-site network based on features offered, value for money, and the fact that TP-Link builds its hardware itself instead of outsourcing and, therefore, doesn’t charge licensing fees.

Founded in 1996 by two brothers and based in Shenzhen, China, TP-Link is a manufacturer of computer networking products and is now the world’s number 1 provider of consumer Wi-Fi networking devices, shipping products to over 170 countries. 

Change

Changing to the upgraded, enhanced Wi-Fi meant that the old APs could be moved from corridors into classrooms for optimum performance and coverage. The changes to a better enhanced Wi-Fi network also meant that access control lists could issue users with vouchers that restricted network access at the subnet according to core user group, out of hours separate public access SSID could be offered to users of the school’s sports facilities, larger numbers of staff iPads and phones could be used for teaching, and special provisions could be made for the BYOD policy for  sixth form students.

The new system also enabled easier, centralised management of the network with data from each AP being displayed to the IT department on large screens, with no more need to perform network reboots (as these can happen automatically at 6 am every day to avoid disrupting lessons), and the ability to carry out all key tasks from a central interface.

What Does This Mean For Your Business?

This story is an example of how the potential of an organisation (a school in this case) was limited by poor Wi-Fi provision, partly due to its rural location and old, inadequate hardware. The school showed that today, it is possible for a school based in Dorset to choose a Chinese tech firm as a partner to deliver a business-class wireless network solution that meets all operational requirements within budget, and without the extra cost of ongoing licence fees. An enhanced Wi-Fi system of this kind also offers the convenience, transparency and ease of centralised control.

Large Rises in Amazon’s Web Services (AWS) Revenues, Fuelled By Public Cloud Demand

A massive 45% growth in the revenue of Amazon’s Web Services (AWS) in the fourth quarter has been fuelled by big profits in Amazon’s public cloud arm.

Beats Microsoft & Google In Cloud Infrastructure

The $7.4 billion cloud revenue, which is a jump 45% compared to the previous year, means that AWS is beating competitors Microsoft and Google in the market for cloud infrastructure.  These are the services that businesses and organisations use to outsource their computing and data storage needs.

To give some idea of the scale of the jump in revenue for AWS, these figures mean that it generated more operating income during 2018 than its North American retail operations, and that AWS generated the revenue through $25.65bn in sales (compared with the $141.3bn from North American retail operations).

Central To Success

The operating income for AWS in the quarter was $2.18 billion, accounted for 58% of Amazon’s overall operating income, although there was a slight decrease in AWS’s operating margin.

This means that the cloud business has become central to Amazon’s success in terms of revenue and profits.

More Cloud Regions

Amazon purchased two more new cloud computing regions online in 2018, and it says that it plans to open four new regions and 12 new availability zones within those regions by the first half of 2020.

The company widened its base of cloud customers last year, including some big-name sign-ups such as Santander, Korean Air and Amgen.

Not Fastest Growing

Even though AWS has seen significant growth in revenue, Microsoft’s cloud business is growing even faster.  For example, Azure cloud revenue grew by 76% in the latest quarter.

It is, however, perhaps to be expected that the revenue growth rate of a fast-growing company drops off as their revenue base swells e.g. AWS’s has dropped from 78% in 2015 to 42% during the third quarter of 2017.

What Does This Mean For Your Business?

Amazon is clearly a company that has grown very quickly and has diversified (far) beyond its online roots into many areas, including bricks-and-mortar stores (groceries and books), self-service stores in the US, and healthcare, as well as experimenting with innovative new ways to gain an edge in its core business e.g. drone and robot parcel deliveries.  Amazon’s Alexa virtual personal assistant technology and Echo voice-controlled devices have also proven to be very popular in the marketplace.

It hasn’t all been plain sailing though, with the company’s business practices coming under more scrutiny from UK, US, and EU regulators, as well the UK government.

In the business cloud market, AWS is showing strong growth in what is a highly profitable sector as more businesses look to outsource to the cloud, but many market analysts now predict slowing growth and higher spending for Amazon as it tries to compete and fight competitor challenges on many diverse fronts.

Windows 7 Activation Errors A Coincidence Says Microsoft

Just after the January update on 8th January, Windows 7 users began to experience activation errors, but Microsoft put the issues down to coincidence, despite admitting that it had reverted changes made to activation servers in the update in order to fix the problem.

What Is An Activation Error?

Windows Activation Technologies are used by Microsoft to help confirm that the copy of Windows 7 that is a user is running on their computer is genuine.  For example, the activation key is a 25-character code that is located on the Certificate of Authenticity label or on the proof of license label, and validation feature of Activation Technologies is the online process where users must verify that the copy of Windows 7 they’re running on their computer is activated correctly and is genuine.

An activation error, therefore, is when a user’s system wrongly notifies them that their copy of Windows is not genuine.

Which Update?

On 8th January, there was a monthly ‘Rollup’ security update for Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1.  The update was designed to improve and fix certain issues with Windows 7 e.g. fixing a vulnerability known as ‘Speculative Store Bypass’, and adding security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

Coincidence?

According to Microsoft, the fact that users received “Windows is not genuine”, and “Your computer might be running a counterfeit copy of Windows” notification at the same time as the January updates (KB4480960 and KB4480970) were introduced was simply a coincidence. Despite describing it as such, the problems were listed a table of “known issues in this update” on Microsoft’s support pages.

Reverted The Change

Microsoft announced on 9th January that it has fixed the issue by reverting the change that was made to Microsoft Activation and Validation servers.

What Does This Mean For Your Business?

For many Windows 7 users, the change meant a day of disruption on the Tuesday of the first full week back after the Christmas and New Year break.  For many of these users however, this appears to be one more in a long line of incidents, nudges and pointers that look like they’re designed to encourage them to finally make the switch over to Microsoft’s Windows 10 and its SaaS model. Microsoft ended its mainstream support for Windows 7 on January 13th, 2015, and the extended support will only continue until January 14th, 2020, after which time Microsoft says on its website that users can “keep the good times rolling by moving to Windows 10”.

Bitcoin and Other Crypto-Currencies Hit New Lows

After losing 74% of its value so far this year, Bitcoin’s value, and that of other crypto-currencies have continued to fall this month as a sell-off takes place in what some see as the natural course for the market, and as another opportunity to buy crypto-currencies at a low price.

What’s Been Happening?

According to currency commentators, the massive 12% fall in the Bitcoin crypto-currency on Monday, follows a nose-dive that’s been part of downward trajectory for the crypto-currency which recently hit a 14-month low. Many in-the-know believe that the possible reasons for the longer-term fall and the sharp 12% drop in value are likely to be caused by:

  • The extra regulation in the US.
  • A long wait for the January 2019 launch of bitcoin futures by Bakkt, Intercontinental Exchange’s crypto platform. With Bitcoin Futures, investors and sellers make a contract to buy and sell at the agreed-upon price, irrespective of the actual market price at the time the contract is made. This may reduce risk and balance out price fluctuations on investments in portfolios.
  • Investors steering clear of bitcoin because of the price swings, concerns over a lack of regulation, and concerns over the uncharted waters of a new and undeveloped market infrastructure.
  • Investigations by the Securities and Exchange Commission of initial coin offerings and crypto exchanges.
  • Fear caused by hacks and thefts at crypto exchanges.
  • The overconsumption of bitcoin in the first place, which has now led to a market cycle back in the opposite direction as things naturally even out.

Trouble For Other Crypto-Currencies

Bitcoin is certainly not the only crypto-currency that’s been under pressure in recent times. Ethereum’s ‘eher’ has just fallen 7% in value to $106.69, and the value of Ripple’s XRP has fallen 5.6% to only 34 U.S. cents.

Also, in the light of the U.S. SEC ordering civil penalties against Airfox and Paragon Coin over their alleged selling of digital tokens as securities in initial coin offerings, both companies have found themselves having to agree to the return of funds to harmed investors, as well as registering tokens as securities, filing periodic reports with the Commission, and paying penalties.

It has also been reported that crypto-currency Tether is being investigated by the U.S. Department of Justice over possible manipulation of bitcoin prices at the end of 2017.

God Time To Buy While Prices Are Low?

Some investors, however, see the steep fall in values of crypto-currencies as an opportunity to get into viable crypto-currency projects at discounted prices.

What Does This Mean For Your Business?

The rapid rise of bitcoin value and the many problems that it experienced with regulations and restrictions in some countries (e.g. China), hacks, its volatility, a negative image from its use by international criminals and from its use in scams, a lack of knowledge about how to use it, and the fact that the high price of just one bitcoin made it (even more) niche, meant that it became a commodity and a fast-buck opportunity rather than an actual, useful currency.

Now that the huge wave of bitcoin over-consumption and over-inflated value of bitcoin has burst, many market analysts can still see a future for crypto-currencies as a part of a wider ecosystem, and that the fall in the value of bitcoin is simply a natural cycle of things finding their real level again after the boom.

Many would say that the best thing to come out of bitcoin, so far, is the underlying ‘blockchain’ technology.  Blockchain has found multiple useful commercial applications and, as tech companies are now in a race to provide the best ‘blockchain-as-a-service’ offering, businesses will be able to find opportunities to put the technology to good use in innovative ways, creating value and competitive advantages that could start shaking up many markets.

Business Concerns Over ‘Secondary Data’

A study by data protection and management company ‘Cohesity’ has shown that most companies store up to 10 copies of their ‘secondary data’ in different locations and must use multiple products to manage it.

The Problem With Secondary Data

Secondary data (not production data) e.g. all the data that a company collects from other sources such as reports, stats, information from trade / industry publications etc tends to be stored by businesses over time in the hope that it has / will have value to the business, could help the business to avoid problems, and could reveal more business opportunities with analysis. One main problem with the storing of secondary data, which has long been known about, is that it is often fragmented and / or trapped e.g. it is stored across many clouds, remote offices / edge locations, and / or is trapped inside a siloed infrastructure. This can result in problems such as the cost, complication and confusion of duplicated copies stored in different places and using resources to maintain and store data that may not be serving the current needs of the digital business, or adding value because of how it is stored.

The Research

Not surprisingly, the research by Cohesity, a company that offers platforms where all secondary data can be stored, appears to back up the fact that companies have a problem with secondary data fragmentation.  For example, the results of the survey, which drew upon responses from 250 UK IT decision-makers as part of a wider study involving 650 IT decision-makers in the US, France, Germany, Australia and Japan, found that most UK organisations store up to 10 copies of the same secondary data, use four or five different products to manage it, and keep it in up to four locations. These locations may include two or three different public cloud storage providers.

The research showed that the average number of copies of the same datasets of secondary data held by UK respondents is five, and that around 30% of IT teams’ time is spent managing secondary data.

Why?

The research findings indicated that 92.5% of UK respondents store multiple copies of production data in separate locations because their disaster recovery (DR) policies say they must, but when it comes to the reasons for storing so much secondary data, the findings are less clear.

The research findings do, however, show that there has been a big increase in secondary storage data volumes e.g. in 2016 to 2017 the UK average is was 38.5% rise.  This trend is also predicted to continue.

Redundant Copies In The Cloud

The research findings show that 41% of UK organisations replicate redundant copies of data held in one public cloud to another public cloud.

What Does This Mean For Your Business?

Many UK businesses appear to be storing increasing amounts of secondary data in a fragmented way with no clear plan on the horizon about what to do with it all.  Instead of being able to organise the data and use it to generate value and competitive advantages, many businesses are wasting money and resources in keeping often duplicated data stored in limbo across disparate locations.

Businesses may be able to save themselves money and turn the secondary data burden into a value-generating asset by switching to a secure, paid-for consolidated platform solution.  This could help solve the current fragmentation problems, free-up resources, could help businesses to start using the data productively, and help businesses to find an effective way of managing what looks likely to be an increasing amount of secondary data going forward.

Blockchain To Stop Counterfeit Disk-Drive Products

Data storage solutions company Seagate Technology (Seagate), and IBM are reported to be working together and using blockchain and advanced cryptographic product identification technology to reduce disk-drive product counterfeiting.

What’s The Problem?

The problem for Seagate and other manufacturers, integrators, and business partners is the problem of counterfeit hard disk drives (HDDs) being made available for sale online.  For example, these are usually sub-standard counterfeit drives, or old drives that have been re-labelled with false claims of higher speed and greater capacity.

The scale of the counterfeiting problem faced by electronics companies is illustrated by International Anti-Counterfeiting Coalition figures which show that global trade in counterfeit and pirated electronic products is now worth more than US $1.7 Trillion!

What Is Blockchain and How Can It Help?

Blockchain, the open-source, free technology behind crypto-currencies like Bitcoin, is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

IBM has considerable blockchain expertise and powered by the Linux Foundation’s Hyperledger Fabric distributed ledger framework, IBM’s Blockchain Platform on the IBM Cloud enables network participants to append and view blockchain data.

The collaboration with IBM means that whenever Seagate manufactures a hard drive, it will update the IBM blockchain platform with product authentication data which will include each Seagate Secure Electronic ID (eID).  This is a kind of electronic fingerprint that can verify the identity of a hard drive at any time during its product life cycle.  Also, Seagate will use cryptographic erasure technology (Certified Erase) to electronically sign the drive using Seagate Secure public key infrastructure (PKI), and this data will also be added to IBM’s blockchain platform.

With all this unique product-identifying data stored in secure and incorruptible blockchain on IBM’s cloud, technology vendors, service providers and end users will (depending on the permission they have) be able to check a disk-drive product’s provenance on the blockchain.

The Results

The hope is, of course, that by being able to provide an indisputable record of events, from manufacturing through to end-of-life for Seagate’s products, this should reduce data loss, cut warranty costs, go some way towards tackling the counterfeiting problem, and improve customer confidence.

What Does This Mean For Your Business?

This is another example of how businesses are only just beginning to realise the potential of blockchain and what it can offer.  Blockchain has so far proven itself to be particularly useful in applications where authentication, provenance, and proof of different aspects of a supply chain are needed.  For example, an IBM-based blockchain ledger has been used to record data about wine certification, ownership and storage history, and blockchain has been used to record the temperature of sensitive medicines being transported from manufacturers to hospitals in hot climates.  It makes sense, therefore, that blockchain could be an ideal solution in the fight against counterfeiting of electrical and other products and items.

VMware recently joined Microsoft and other companies in offering a blockchain-as-a-service product to companies.

Facial Recognition For Border Control

It has been reported that the UK Home Office will soon be using biometric facial recognition technology in a smartphone app to match a user’s selfie against the image read from a user’s passport chip as a means of self-service identity verification for UK border control.

Dutch & UK Technology

The self-service identity verification ‘enrolment service’ system uses biometric facial recognition technology that was developed in partnership with WorldReach Software, and immigration and border management company, with support from (Dutch) contactless document firm ReadID.

Flashmark By iProov

Flashmark technology, which will be used provide the biometric matching of a user’s selfie against the image read from a user’s passport chip, was developed by a London-based firm called iProov.  The idea behind it is to be able to prove that the person presenting themselves at the border for verification is genuinely the owner of an ID credential and not a photo, screen image, recording or doctored video.

Flashmark works by using a sequence of colours to illuminate a person’s face and the reflected light is analysed to determine whether the real face matches the image being presented.

iProov is a big name in the biometric border-control technology world, having won the 2017 National Cyber Security Centre’s Cyber Den competition at CyberUK, and winning a contract from the US Department of Homeland Security (DHS) Science and Technology Directorate’s Silicon Valley Innovation Program.  In fact, iProov was the first British and non-US company to be awarded a contract by the DHS to enable travellers to use self-service of document checks at border crossing points.

Smartphone App

The new smartphone-based digital identity verification app from iProov has been developed to help support applications for The EU Settlement Scheme.  This is the mechanism for resident EU citizens, their family members, and the family members of certain British citizens, to apply on a voluntary basis for the UK immigration status which they will need to remain in the UK beyond the end of the planned post-exit implementation period on 31 December 2020.

It is believed that the smartphone app will help the UK Home Office to deliver secure, easy-to-use interactions with individuals.

What Does This Mean For Your Business?

Accurate and secure, automated biometric / facial recognition and identification / i.d. verification systems have many business applications and are becoming more popular.  For example, iProov’s technology is already used by banks (ING in the Netherlands) and governments around the world, and banks such Barclays already uses voice authentication for telephone banking customers.

Biometrics are already used by the UK government.  For example, in the biometric residence permit (BRP) system, those planning to stay longer than 6 months, or apply to settle in the UK need a biometric permit. This permit includes details such as name, date and place of birth, a scan of the applicant’s fingerprints and a digital photo of the applicant’s face (this is the biometric information), immigration status and conditions, and information about access public funds (benefits and health services).

Many people are already used to using some biometric element as security on their mobile device e.g. facial recognition, fingerprint, or even Samsung’s iris scanner on its Note ‘phablet’. Using a smartphone-based i.d. verification app for border purposes is therefore not such a huge step, and many of us are used to having our faces scanned and matched with our passports anyway as part UK border control’s move towards automation.

Smartphone apps have obvious cost and time savings as well as convenience benefits, plus biometrics provide a reliable and more secure verification system for services than passwords or paper documents. There are, of course, matters of privacy and security to consider, and as well as an obvious ‘big brother’ element, it is right that people should be concerned about where, and how securely their biometric details are stored.

Microsoft Launches ‘AccountGuard’ Email Service For Election Candidates

A new kind of pilot secure email service called ‘AccountGuard’ has been launched by Microsoft, specifically for use by election candidates, and as one answer to the kind of interference that took place during the last US presidential election campaign.

Ready For The Midterm Elections

The new, free email service (which people must useOffice 365 to register for) is an off-shoot of Microsoft’s ‘Defending Democracy’ Program. This program was launched in April with the aim of protecting campaigns from hacking, through increased cyber resilience measures, enhanced account monitoring and incident response capabilities.

The AccountGuard pilot has been launched in time for the US Midterm elections which are the general elections held in November every four years, around the midpoint of a president’s four-year term of office.

Who Can Use AccountGuard?

Microsoft says that its AccountGuard service can be used by all current candidates for federal, state and local office in the United States and their campaigns; the campaign organisations of all sitting members of Congress, national and state party committees, any technology vendors who primarily serve campaigns and committees, and some non-profit organisations and non-governmental organizations. Microsoft AccountGuard is offered free of charge and is full service, coming with free email and phone support.

Three Core Offerings

AccountGuard has three core offerings. These are:

  1. Unified threat detection and notification across accounts. This means providing notification about any cyber threats in a unified way across both email systems run by organisations and the personal accounts of these organizations’ leaders and staff who opt in. This part of the service will only be available only for Microsoft services including Office 365, Outlook.com and Hotmail to begin with, and Microsoft says it will draw on the expertise of the Microsoft Threat Intelligence Center (MSTIC / MSTIC).
  2. Security guidance and ongoing education. Registering for Microsoft AccountGuard gives organisations best practice guidance and materials. These are in the form of off-the-shelf materials and in-depth live sessions.
  3. Early adopter opportunities. This means access to private previews of the kind of security features that are usually offered by Microsoft to large corporate and government account customers.

Similar To Google

Some commentators have highlighted similarities between the AccountGuard idea and Google’s Advanced Protection Program (APP), also launched this year, although APP is open to anyone, requires log in with hardware authentication keys, and locks out third-party app access.

What Does This Mean For Your Business?

When you think about it, what Microsoft appears to be admitting is that its everyday email programs are simply not secure enough to counter many of the threats that now look likely to come from other states when elections are underway. Microsoft’s other, non-political business customers who are also at risk from common cyber attacks e.g. phishing, may feel a little left out that they are apparently not being offered the same level of security.

Also, protecting democracy sounds like quite a grand aim for a service provider offering an email service. Microsoft does, however, accept that it can’t solve the threat to US democracy on its own and that it believes this will require technology companies, government, civil society, the academic community and researchers working together. Microsoft also acknowledges that AccountGuard is limited to protecting those using enterprise and consumer services, and that attacks can actually reach campaigns through a variety of other ways. Microsoft also appears to be hinting that it may be thinking of expanding AccountGuard to industry as well as government depending on how the pilot works.