Microsoft Translator is now certified compliant to meet your needs

Microsoft Translator is happy to announce that it is now certified for ISO, HIPAA, and SOC compliance. This comes as a result of Azure’s commitment to privacy and security.

Last year, Translator announced that it was GDPR compliant as a data processor. Now, Microsoft Translator is ISO, HIPAA, and SOC compliant, in addition to receiving CSA and FedRAMP public cloud attestation.

ISO: Microsoft Translator is ISO certified with five certifications applicable to the service. The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. Translator’s ISO certifications demonstrate its commitment to providing a consistent and secure service. Microsoft Translator’s ISO certifications are:

  • ISO 27001 Information Security Management Standards
  • ISO 9001:2015 Quality Management Systems Standards
  • 27018:2014 Code of Practice for Protecting Personal Data in the Cloud
  • 20000-1:2011: Information Technology Service Management
  • ISO 27017:2015: Code of Practice for Information Security Controls

HIPAA: The Microsoft Translator service complies with the US Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and the Clinical Health (HITECH) Act, which govern how cloud services can handle personal health information. This ensures that the health services can provide translations to clients knowing that personal data is kept private. Microsoft Translator is included in Microsoft’s HIPAA Business Associate Agreement (BAA). Health care organizations can enter into the BAA with Microsoft to detail each party’s role in regard to security and privacy provisions under HIPAA and HITECH.

Learn more about HIPAA compliance

 

SOC: The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud, primarily in regard to financial statements. Microsoft Translator is now SOC type 1, 2, and 3 compliant.

Learn more about SOC Compliance

 

CSA STAR: The Cloud Security Alliance (CSA) defines best practices to help ensure a more secure cloud computing environment, and to helping potential cloud customers make informed decisions when transitioning their IT operations to the cloud. The CSA published a suite of tools to assess cloud IT operations: the CSA Governance, Risk Management, and Compliance (GRC) Stack. It was designed to help cloud customers assess how cloud service providers follow industry best practices and standards, and comply with regulations. Microsoft Translator has received CSA STAR Attestation.

Learn more about CSA STAR

 

FedRAMP: The US Federal Risk and Authorization Management Program (FedRAMP) attests that Microsoft Translator adheres to the security requirements needed for use by US government agencies in the public Azure cloud. The US Office of Management and Budget requires all executive federal agencies to use FedRAMP to validate the security of cloud services. FedRAMP attestation for Microsoft Translator in the dedicated Azure Government cloud is forthcoming.

Learn more about FedRAMP

The Microsoft Translator service is subject to annual audits on all of its certifications to ensure the service continues to be compliant. View more information about Microsoft’s commitment to compliance in the Microsoft Trust Center

Go to Original Article
Author: Steve Clarke

Google’s Mark Risher discusses 2FA adoption strategies

The narrative around two-factor authentication has become more complicated recently as more stories have come out to expose vulnerabilities in SMS-based 2FA.

Malicious actors can use various techniques from SIM swapping to SS7 vulnerabilities in order to intercept SMS-based 2FA codes. As a result, experts have recommended that enterprises not use SMS in 2FA adoption strategies.

However, Mark Risher, head of account security at Google, is worried these stories may lead some to avoid 2FA adoption under wrong assumptions that all 2FA is insecure. Risher tackles phishing and malware abuse and misuse of Google platforms. He believes the conversation about two-factor authentication has lost necessary nuance and said enterprises and users alike need to better understand the practical tradeoffs with different types of 2FA.

Editor’s note: This interview has been edited for length and clarity.

What should be the baseline for 2FA adoption in enterprises? What tools and technologies you think are the best way to move forward?

Mark Risher, head of account security, GoogleMark Risher

Mark Risher: For enterprises, two-factor really should be the starting point. That is the baseline, and any enterprise that is relying simply on passwords today really needs to get with the program. Now I recognize it’s hard, I’m not unsympathetic. I know that there are expenses, there are legacy technology concerns to contend with, there are human factors and usability aspects that need to be looked at, but truly what recent news has shown is that all enterprises have something to lose. You don’t have to be a defense contractor to worry about nation-state attacks, much less organized crime. And being that this is where the line has moved, you are really doing your employees a disservice if you’re allowing them the flexibility to continue logging in with these unproven, rather unsecure methods, like password-only authentication or a firewall with private network-only authentication.

We eat our own dog food. Google has required two-factor authentication for all our employees for many, many years, and we’ve required security keys, which we believe are the strongest and the most secure and most phishing-resistant technology out there, for many years. The result of which has been we’ve had no cases of password phishing since we deployed them.

That said, I don’t want to oversimplify. We are a wealthy, tech-forward company, so I know not every one of your readers can immediately adopt what we have, but we truly believe and practice what we preach. This is the direction that everyone needs to be moving into and needs to have a plan, and executives across these large companies should at least have a migration strategy if not plans that are already underway.

Is it a matter of cost why an enterprise might opt for 2FA adoption using SMS codes rather than physical security keys?

Risher: I think cost is the lowest priority, the least significant obstacle. I think the two bigger impediments are one: a lack of understanding, and two: technical legacy concerns that make integration difficult. If you have a back office payroll system that was last modified six years ago, it may just have limits to what you can do, and that’s where things like a bolt-on VPN or a bolt-on SMS-based two-factor might be the easiest options to deploy. That’s on us as technology providers to make that easier.

There’s always a lot of talk about moving beyond passwords completely. What are your thoughts on that?

Risher: The passwords are terrible. We know that they are too hard for regular people to remember and use and too easy for attackers to remember and use, but the challenges of passwords are also great. They are backward-compatible on systems dating back 40 years, they are a modality that everyone understands, they work across all platforms to some degree, and they have some useful properties. So while there’s great enthusiasm around eliminating passwords, the practical concern is always, to replace them with what?

The way we’ve been approaching this is through what we call federated identity — that is, linking together different services — and in the enterprise world this is frequently described alongside single sign-on or SSO, where the general principle is that users should go through one rigorous robust moment that they authenticate themselves to a new device. They take a device from nothing and they put a single account on there — we’d love for it to be a Google account, but there’s many other identity providers — but then, linking to other services should not require a password because you’re not really adding much in that moment. They should instead rely back on that initial authentication.

Consumers are probably familiar with this in some of the open standards that are implemented on consumer-facing sites — things like Sign In with Google, or to some degree Facebook Connect. Some of these types of features really do evince that principle, but here again, not everyone understands that they’re actually improving security. In fact, counter-intuitively, sometimes users think because that was simpler it must be less secure, and to memorize something with capital letters, symbols, numbers, you know, lower case and punctuation, that would be harder for me, therefore it must be harder for the attacker. That’s a common fallacy: that what’s hard for you is hard for attackers and vice versa, and awareness and understanding is the biggest thing holding us back.

What is your core advice for those looking at 2FA adoption?

Risher: If you’re just using a password you should definitely have a second factor of authentication. At Google we do this automatically wherever possible, so people don’t need to enroll; if we see you coming from a suspicious new device we generally will automatically challenge and require a second factor. That said, people may be afraid or hesitant to jump all the way to the Advanced Protection Program, and I want to reassure them.

I work here. Obviously, I understand how this works, but at the same time as a Google employee I am constantly testing new devices. I’m constantly moving to new firm factors and types of hardware as we’re inventing and building new things at Google. It’s not been an impediment. It’s not this clunky system that people remember from when they were first issued their RSA token back in 1998. It is very elegant, it’s very smooth, it works now with mobile devices, it works over Bluetooth, NFC and USB, and USB-C, and this is not a big hardship. I don’t want to scare people away and make them feel that they need to do the equivalent of driving around in an armored car just to get some peace of mind.

Having a second factor is definitely better than not [having one], so if you’re just relying on passwords and you simply add the weakest, which is this code sent to your cellphone, you’re still way better off than just relying on the password. If your second factor is not a code but is instead a security key, you’ve now moved way further to a place where really, it becomes a local attack, and the number of people that have access to my keychain right now while I’m talking to you is just me. I’m alone in this room.

Go to Original Article
Author:

For Sale – M-ITX Desktop Computer – Intel Atom – 2GB DDR3 Ram – 500GB Hard Drive – Windows 7 Pro

I have a Mini-ITX build for sale.

The motherboard and case are new, never used before and the ram was taken from another machine, the hard drive has been used before but is in full working order.

Running Windows 7 Professional already activated with a key.

It does have a slot for a slimline DVD drive.

Specs

Mini-ITX case
Jetway Mini-ITX NC9KDL-2550 Motherboard
2GB DDR3 Ram
Seagate 500GB Hard Drive
Intel Atom 1.86Ghz CPU
PS/2 Mouse
PS/2 Keyboard
HDMI
VGA
USB 2.0
2 X Ethernet
SPDIF

Power cable included.

Price and currency: 40
Delivery: Delivery cost is included
Payment method: BT
Location: Leeds
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

Microsoft Translator is now certified compliant to meet your needs

Microsoft Translator is happy to announce that it is now certified for ISO, HIPAA, and SOC compliance. This comes as a result of Azure’s commitment to privacy and security.

Last year, Translator announced that it was GDPR compliant as a data processor. Now, Microsoft Translator is ISO, HIPAA, and SOC compliant, in addition to receiving CSA and FedRAMP public cloud attestation.

ISO: Microsoft Translator is ISO certified with five certifications applicable to the service. The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. Translator’s ISO certifications demonstrate its commitment to providing a consistent and secure service. Microsoft Translator’s ISO certifications are:

  • ISO 27001 Information Security Management Standards
  • ISO 9001:2015 Quality Management Systems Standards
  • 27018:2014 Code of Practice for Protecting Personal Data in the Cloud
  • 20000-1:2011: Information Technology Service Management
  • ISO 27017:2015: Code of Practice for Information Security Controls

HIPAA: The Microsoft Translator service complies with the US Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and the Clinical Health (HITECH) Act, which govern how cloud services can handle personal health information. This ensures that the health services can provide translations to clients knowing that personal data is kept private. Microsoft Translator is included in Microsoft’s HIPAA Business Associate Agreement (BAA). Health care organizations can enter into the BAA with Microsoft to detail each party’s role in regard to security and privacy provisions under HIPAA and HITECH.

Learn more about HIPAA compliance

 

SOC: The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud, primarily in regard to financial statements. Microsoft Translator is now SOC type 1, 2, and 3 compliant.

Learn more about SOC Compliance

 

CSA STAR: The Cloud Security Alliance (CSA) defines best practices to help ensure a more secure cloud computing environment, and to helping potential cloud customers make informed decisions when transitioning their IT operations to the cloud. The CSA published a suite of tools to assess cloud IT operations: the CSA Governance, Risk Management, and Compliance (GRC) Stack. It was designed to help cloud customers assess how cloud service providers follow industry best practices and standards, and comply with regulations. Microsoft Translator has received CSA STAR Attestation.

Learn more about CSA STAR

 

FedRAMP: The US Federal Risk and Authorization Management Program (FedRAMP) attests that Microsoft Translator adheres to the security requirements needed for use by US government agencies in the public Azure cloud. The US Office of Management and Budget requires all executive federal agencies to use FedRAMP to validate the security of cloud services. FedRAMP attestation for Microsoft Translator in the dedicated Azure Government cloud is forthcoming.

Learn more about FedRAMP

The Microsoft Translator service is subject to annual audits on all of its certifications to ensure the service continues to be compliant. View more information about Microsoft’s commitment to compliance in the Microsoft Trust Center

Go to Original Article
Author: Steve Clarke

From Microsoft Azure partners to ISVs, deeper partnerships emerge

Microsoft is pursuing deeper connections with its channel allies, from Microsoft Azure partners to independent software vendors, a move that could compel partners to develop higher-value services and more sophisticated offerings.

In an update on Microsoft’s partner strategy this week, Gavriella Schuster, corporate vice president of the One Commercial Partner program at Microsoft, cited examples of a new channel approach that moves beyond transactional reselling. She pointed to developments such as the growth of the Microsoft co-sell program and Cloud Solution Provider (CSP) licensing model. Schuster also cited examples of partners building offerings on top of Azure and greater partner investment in the Microsoft relationship.

“We have moved from partnering to partnerships,” Schuster said in a press briefing.

Consider the following:

  • Microsoft Azure Expert Managed Services Providers (MSPs), a program the vendor kicked off in July 2019, put 32 of its top Microsoft Azure partners through a third-party audit with the goal of creating consistent and repeatable managed services on Azure. In the process, Microsoft found that the Azure Expert MSPs were able to generate more than $100,000 per month in Azure business and some generated $2 million per month. In contrast, a Microsoft Gold-level partner is required to book $100,000 per year in Azure business. That program for Microsoft Azure partners has since grown to 43 companies.
    Gavriella Schuster, corporate vice president of the One Commercial Partner program at MicrosoftGavriella Schuster
  • The Microsoft co-sell initiative, which rewards Microsoft’s field sales force for selling partner solutions, generated $8 billion in partner revenue in the first 18 months of its existence. Schuster said co-sell deals close three times faster and are about six times larger than deals outside the program.
  • Accenture, Microsoft and the companies’ Avanade joint venture unveiled the Accenture Microsoft Business Group on Feb. 4. Schuster said the group represents the “largest investment any partner has ever made with Microsoft” and the largest group of Microsoft solutions experts in the world — more than 45,000 professionals.
  • In March 2019, ISV partners will be able to publish their offerings on Azure Marketplace and AppSource, Microsoft’s online marketplaces, and directly access the Microsoft partner ecosystem, as well as customers. Microsoft said those venues will let ISVs “publish to a single location” and gain access to Microsoft customers, sales people and tens of thousands of partners.

Schuster also pointed to a broadening Microsoft partner ecosystem, which she said includes ISVs, MSPs and systems integrators in addition to traditional resellers. Unconventional partners, in general, are challenging the established players. She also pointed to partnerships with customers such as grocery chain The Kroger Co., which will work with Microsoft to build a retail-as-a-service offering on Azure. The companies will jointly market the product to retail industry customers.

New licensing agreement

Microsoft’s latest partnering tack comes as the company readies a new licensing process, which will let customers buy Azure services directly from Microsoft. The new approach, the Microsoft Customer Agreement, is to go into effect in March 2019. Microsoft said the simplified new agreement spans 11 pages. The Microsoft Customer Agreement is geared toward customers who want to assert maximum control over their Azure services and don’t need the level of administrative support embedded in Microsoft’s Enterprise Agreement (EA), according to Microsoft.

Jason Woodrum, director of the public cloud architecture team at Ensono, a managed services and cloud provider, said small and medium-sized businesses (SMBs) can quickly sign the 11-page digital agreement and get Azure services along with third-party software via the Azure Marketplace. He noted the EA has become a lengthy contract.

We have moved from partnering to partnerships.
Gavriella Schustercorporate vice president of the One Commercial Partner program, Microsoft

“One of the things Microsoft was really focusing on was how can I make it easier for the SMB market to essentially contract directly for Azure services,” he said.

But while facilitating direct sales, the Microsoft Customer Agreement still fits within the company’s partnering strategy, the company said. Toby Richards, general manager of partner go-to-market and programs at Microsoft, said that strategy is embedded in the buying process whether the customer purchases through field sales, via self-service or through the CSP program. The latter is Microsoft’s fastest-growing licensing model.

“We are simply giving choice to the customer, and improving an already low-value function in the license transaction, while still relying on our partnerships to drive value,” Richards said.

Microsoft partner ecosystem impact

Woodrum said the new customer agreement shows the software vendor wants Microsoft Azure partners to focus on services, rather than just helping to execute a cloud licensing transaction.

“We will see a lot of partners who were maybe just focusing on the transaction … pivot in the way they are operating so they can get back to truly adding value to the client,” Woodrum noted.

Woodrum said the new Microsoft policy will have limited effects on Ensono, which already provides cost optimization, architectural best practices and other value-added services on Azure projects.

“Overall to Ensono, it is really business as usual,” Woodrum said.

However, Vadim Vladimirskiy, CEO at Nerdio, a cloud IT management platform for Microsoft Azure and private cloud, said Microsoft’s licensing service providers or licensing solutions partners (LSPs) could see an impact. Transactional-only LSPs will likely see a decrease in business volume due to the introduction of the Microsoft Customer Agreement, he noted.

“Microsoft is making it easier for end customers to purchase Azure directly if they know what they want,” Vladimirskiy said. “Using an LSP for transacting Azure today is beneficial because the process is flexible. With [the Microsoft Customer Agreement], these customers will be able to bypass the LSP and transact with Microsoft directly without the need for an EA or LSP.”

MSPs, on the other hand, will see little effect as a result of the Microsoft Customer Agreement’s introduction.

“These partners exist to service those customers who are not sufficiently technically enabled to buy Azure themselves,” Vladimirskiy said. “They need a partner to help them scope, size, deploy, manage and support Azure.”

Because the Microsoft Customer Agreement doesn’t enable end customers to do any of those things, they will continue to buy Azure through service providers, Vladimirskiy said.

Go to Original Article
Author:

For Sale – Mac Mini (Late 2014) – 1.4GHZ – 4GB – 500GB

Good Afternoon!

After having a little clear out, I’ve got two Mac Minis which are no longer needed… They were in a small office, but have been sat on a shelf since we upgraded a couple of months ago! £220 each including delivery.

They are both 1.4GHZ – 4GB – 500GB, and in mint condition (fully boxed).

Will be sent via courier.

Price and currency: 220
Delivery: Delivery cost is included within my country
Payment method: BACS
Location: Hampshire
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author: