Tag Archives: businesses

Cybercriminals see red as Microsoft hacks for good – Middle East & Africa News Center

Businesses in the Middle East and Africa are key targets for cyber attackers.

Data published by PwC in 2016 suggested that Middle East businesses were considerably more likely to suffer from cybercrime than the global average. Even though increased awareness and investment saw attacks in the United Arab Emirates (UAE) decline during the first half of 2018, cyber criminals still managed to steal close to Dh4 billion from victims in 2017, while the average amount of time consumers in the UAE lose dealing with online crime is rising steeply.

Businesses in South Africa are also falling victim to repeated ransomware attacks, with more than half of them hit by ransomware in 2017, according to a survey by Sophos. Further North, Kenya has been targeted by hackers in several major attacks over the past couple of years.

Hackers are increasingly taking advantage of “low-hanging fruit” as the cost of circumventing security measures goes up. Botnets continue to impact millions of computers globally, infecting them with old and new forms of malware, while ransomware continues to be a popular method used by cybercriminals to solicit and, in several cases, successfully obtain money from victims.

“We continue to see high profile cyberattacks land in the headlines around the world,” says David Weston, principal security group manager at Microsoft, who leads the Device Security and Offensive Security Research team, also known as the Red Team.

“Cryptocurrency mining, ransomware and other scareware are reaching new levels of sophistication.”

Microsoft’s own Red Team

Despite the continuous cybersecurity threats, only 33 percent of organisations have a cyber-incident response plan in place, and most companies are still not adequately prepared for or even understand the risks faced.

It’s for this reason, Microsoft is committed to helping businesses secure their environment and protect their customers. One way the company is working to achieve this, is through its Red Team, led by Weston, who is visiting the Middle-East this month.

“The Red Team operates like the world’s most sophisticated attackers: Gathering intelligence about their target, finding strings of vulnerabilities and then building the most refined exploits,” explains Weston. “Once their attack is complete, they work with their colleagues to identify and build disruptors to block the attack.”

The idea came about when Weston was at a hacking competition known as Pwn2Own, and noticed the pattern of many companies, including Microsoft, whereby they released software to the public and then hackers would attack. The so-called “white hats” would tell these companies about the vulnerabilities they found, but the “black hats” found and exploited these vulnerabilities themselves.

Weston says, “I knew we needed to be more aggressive in our approach, so I devised a plan: Disrupt this cycle by creating a team of internal hackers at Microsoft who would mimic the tactics and techniques of the most advanced hackers. Their goal would be to attack Windows 10 and its apps to make them better – to find and fix the toughest vulnerabilities before the bad guys.”

The Red Team’s advanced threat protections identify nearly a billion threats per day across end points. This helps Microsoft stay ahead of the game as hackers become increasingly more sophisticated.

The impact of AI and cloud on cybersecurity

Weston also highlights the impact of artificial intelligence (AI) on security.

“AI is filling critical gaps in cybersecurity,” he explains. “It will continue to advance cybersecurity; improve efficacy, detection and response; and bring us closer to being truly predictive and preventing attacks before they even occur.”

However, cybercriminals will continue to advance and adapt, just as the industry continues to advance and adapt. It’s for this reason businesses are being urged to move to the cloud, adopt modern platforms, and embrace comprehensive identity, security and management solutions.

“Most businesses aren’t as prepared as they could be. We can all do better, and that’s why we believe cloud is a security imperative to secure today’s modern workplace,” says Weston.

The Red Team is making inroads to ensure Microsoft software is as secure as possible for its customers. However, businesses in the Middle East and Africa that are embracing digital transformation to remain relevant in their markets should prioritise four key initiatives to ensure they are secure: implementing cyber resilience strategies; developing cybersecurity skills; protecting data privacy; and integrating cyber risk.

“At Microsoft, we recommend that everyone must be proactive in their cybersecurity efforts. Better protection equals better prevention, detection and remediation,” says Weston.

Slack encryption will soon include enterprise key management

Slack will soon give businesses an additional level of security by letting them manage their encryption keys. The feature will appeal to a small number of large organizations for now, but it could help the startup expand its footprint in the enterprise market.

Slack already encrypts the messages and files that flow through its premium platform for large businesses, called Enterprise Grid. Now, the vendor plans to give customers control of the keys that unlock that encryption.

“Enterprise key management is another significant step that Slack needs to take to meet increasing security demands — and according to their promise, without hurting speed or usability, [which are] common side effects of EKM,” said Wayne Kurtzman, analyst at IDC.

Slack touted the forthcoming feature as providing “all the security of an on-premises solution, with all the benefits of a cloud tool.” But the vendor clarified that the keys will be created and stored in Amazon’s public cloud.

“In the future, we may expand this offering to support an on-prem or private cloud [hardware security module] key store,” said Ilan Frank, director of Slack’s enterprise products.

Cisco Webex Teams lets businesses manage encryption keys on premises or in the cloud. It also provides end-to-end encryption. In contrast, Slack only encrypts data in transit and at rest, which means the data may get decrypted at certain routing points in the cloud.

Slack has no plans to change its encryption model, Frank said, citing potential “usability drawbacks” related to search and advanced app and bot features.

Symphony also offers end-to-end encryption and enterprise key management. Its team collaboration app has found a niche among banks and other financial firms, which generally have strict compliance and regulatory standards.

“I think, from Slack’s case, it’s a good first step in allowing customers to control their own keys,” said Zeus Kerravala, founder and principal analyst at ZK Research in Westminster, Mass. But Slack should also ensure businesses can store those keys in their own data centers and eventually pursue end-to-end encryption, he said.

Slack’s enterprise key management feature will be particularly useful for external communications done through Slack, said Alan Lepofsky, a vice president and principal analyst at Constellation Research, based in Cupertino, Calif.

When partners communicate through a shared channel in Slack, the company that established the channel will have control over the encryption keys.

“I think this will be a very important use case, as it’s that external communication where you really want to ensure security and privacy,” Lepofsky said.

Slack expects to make enterprise key management available for purchase to Enterprise Grid customers sometime this winter.

Slack looks to appeal to more large enterprises

Slack launched Enterprise Grid last year in an attempt to expand beyond its traditional base of teams and small businesses. The platform lets large organizations unify and manage multiple Slack workspaces.

Slack said in January that more than 150 organizations had deployed Enterprise Grid, including 21st Century Fox, Target, Capital One and IBM. But the vendor did not mention the product in May when it announced that 8 million people at more than 500,000 organizations worldwide were using Slack daily.

As the vendor tries to win more contracts with large businesses, Slack faces competition from vendors that already have deep penetration in the enterprise market — notably Cisco and Microsoft.

Cisco recently tied its team collaboration app to the online meetings platform Webex, which has 140 million users. Also, Microsoft has been aggressively building out the features of Microsoft Teams, which integrates with the Office 365 productivity tools relied upon by 135 million people.

“[Enterprise key management] is an important addition to Slack as it becomes more mature for enterprise needs,” Lepofsky said.

The new business imperative: A unified cloud security strategy

As more businesses begin to explore the benefits of moving on-premises data and applications to the cloud, they’re having to rethink their traditional approaches to data security. Not only are cybercriminals developing more sophisticated attacks, but the number of employees and users who can access, edit, and share data has increased the risk of breaches. In fact, Gartner indicates* that “through 2022, 95 percent of cloud security incidents failures will be the customer’s fault. CIOs can combat this by implementing and enforcing policies on cloud ownership, responsibility and risk acceptance. They should also be sure to follow a life cycle approach to cloud governance and put in place central management and monitoring planes to cover the inherent complexity of multicloud use.”

Instead of relying on a patchwork of third-party security solutions that don’t always speak to each other, potentially leaving systems vulnerable to attack, companies are now adopting a unified, end-to-end cloud security defense. This typically involves choosing a cloud provider that can integrate security controls right into existing corporate systems and processes. When these controls span the entire IT infrastructure, they make it easier to protect data and maintain user trust by offering increased compatibility, better performance, and more flexibility.

Protection that’s always compatible

A holistic, cloud-supported threat warning and detection system can be designed to work seamlessly across every asset of an IT environment. For instance, built-in security management solutions can give IT teams the ability to constantly monitor the entire system from a centralized location, rather than manually evaluating different machines. This allows them to sense threats early, provide identity monitoring, and more—all without any compatibility issues.

Container shipping company Mediterranean Shipping Company (MSC) has gone this route. As in many businesses, MSC’s IT environment is spread across a variety of locations, networks, and technologies, such as container ships, trucking networks, and offices. Its previous security strategy employed a mixture of third-party solutions that often ran into compatibility issues between different components, giving attackers a large surface area to probe. This made MSC vulnerable to threats such as fileless attacks, phishing, and ransomware. However, after transitioning to a unified cloud security solution, it has been able to guard against attacks using protection that integrates effortlessly into its existing environment.

Reliable performance, more efficiently

The more complex an IT environment gets, the more time employees spend testing, maintaining, and repairing third-party security solutions. A unified cloud security approach improves performance by not only providing a consistent, layered defense strategy, but by also automating it across the entire IT infrastructure. At MSC, software and security updates are now done automatically and deployed without delay across the cloud. Information about possible threats and breaches can quickly be shared across devices and identities, speeding up response and recovery times so that employees can focus on other issues.

Security with flexibility to grow

Scalability is another factor driving adoption. A cloud environment can easily scale to accommodate spikes in traffic, additional users, or data-intensive applications. A patchwork of third-party security solutions tends not to be so nimble. At MSC, security controls are integrated into multiple levels of the existing IT infrastructure—from the operating system to the application layer—and can be dynamically sized to meet new business needs. For example, continuous compliance controls can be established to monitor regulatory activities and detect vulnerabilities as they grow.

A unified security approach: becoming the standard

The best security solutions perform quietly in the background, protecting users without them noticing. Unified cloud security does this while also reducing the resources required to keep things running smoothly. “Once you have true defense in depth, there’s less chance of having to single out a user and impact their productivity because you have to reimage an infected machine,” said Aaron Shvarts, chief security officer at MSC Technology North America.

After moving its workloads to Azure and upgrading its previous third-party security solutions to the native protection of Windows Defender, MSC now has a defense strategy that suits the complexity of its business. Learn more about Azure security solutions and how Microsoft can help you implement unified security across your cloud.

To stay up to date on the latest news about Microsoft’s work in the cloud, bookmark this blog and follow us on Twitter, Facebook, and LinkedIn.

*Gartner, Smarter with Gartner, Is the Cloud Secure?, 27 March 2018, https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/

How API-based integration dissolves SaaS connectivity limits

As businesses introduce an ever-growing, complex IT ecosystem of on-premises and SaaS applications, APIs, blockchain and other technologies, how can they possibly tie them together?

For many DevOps teams, the answer is API-based integration to enable communication between applications and platforms. Integration projects, however, pose challenges in security, runtime and management.

In this Q&A, Oracle’s Vikas Anand explores industry trends that drive rapid adoption of API-based integrations. He also lays out the hybrid cloud connectivity integration challenges for DevOps teams and ways to bypass those issues.

Anand is vice president of product management for integration, process and API management cloud services at Oracle.

Which technologies and use cases drive use of API-based integration?

Vikas Anand: SaaS connectivity limitations are the No. 1 reason enterprises adopt and then expand API integration programs. When SaaS is not integrated, it quickly changes to silo as a service. Customers can only derive limited value if their SaaS system is not working well in a very heterogeneous enterprise IT environment.

Vikas Anand, vice president of integration, OracleVikas Anand

APIs power new technologies that create better experiences for customers, such as chatbots and many mobile user experiences. APIs provide information from on-premises and cloud back-end systems, such as CRM [customer relationship management] or ERP.

Those new technologies have to be integrated into the existing IT environments and then extended to customers. For example, adoption is growing in API-driven B2B technologies, which provide a nimbler transaction option than traditional EDI [enterprise data integration] [Standard] X12-based transactions. Another example is growing use of smart contracts with blockchain to do transactions in a trusted way. API integration provides the pathways for these transactions.

What problems do DevOps teams encounter in API-based integration implementation and management?

Anand: The No. 1 challenge is how to secure their APIs. APIs are exposed on the edge, and they are available for everyone to use. A thought-through security model is important. My advice is to focus on using security standards, such as OAuth. Then, you’ll be on the same security level as partners and customers.

Another challenge is documentation of how you define, build and share APIs. Look at standards such as OpenAPI [that] support moving APIs across teams and across API developers.

A third challenge is optimizing API runtime, which relates to monitoring, testing and management. This calls for preproduction work in API interface testing and validating API functionality. In operations, ensure that APIs are not only secured and protected from anomalies, but also can be scaled up as more APIs are consumed by the partners in an ever-growing hybrid environment.

Consider that APIs run not just behind the customer firewall in a data center, but also across multiple clouds and devices. At runtime, you need your APIs to be close to the back-end applications to deliver the timely response, scale and experiences customers want.

Why isn’t integration built into SaaS offerings?

Anand: SaaS only allows you to configure and customize. If you need to extend the applications, API-based integration is a lightweight alternative to legacy, on-premises ESB [enterprise service bus] integration suites.

For example, say you have a CRM application with a coding system, and you might need to have an extension of the business logic to support new discounting rules. Unfortunately, it may not be possible to configure or change the SaaS environment. The vendor will not allow you to do it, because the SaaS product would then be upgrade-unfriendly. So, in such cases, DevOps can use business process automation in alignment with API-based application integration to deliver those extensions.

In hybrid compute environments, how does the business value of APIs and API-based integration play out?

SaaS connectivity limitations are the No. 1 reason enterprises adopt and then expand API integration programs. When SaaS is not integrated, it quickly changes to silo as a service.
Vikas Anandvice president of integration, Oracle

Anand: API integration supports multichannel experiences that improve customer engagement. An example is how integration helps businesses partner with other service providers to offer new capabilities. An example is an API model that makes Uber services available on a United Airlines application.

APIs also spur revenue growth. For instance, a business’s IP [intellectual property] that lies behind firewalls can be exposed as an API to create new revenue channels. Many new-age companies, such as Airbnb and Lyft, leverage the API model to deliver revenue. Traditional companies [in] manufacturing and other [industries] are really applying this to their domain.

API-first design provides modernized back-end interfaces that speed integrations. Doing back-end integrations? You can run the APIs within the data center to integrate SaaS and on-premises applications. A good API, a well-designed API can actually reduce the cost of integration by 50%.

Which best practices do you suggest for API-based integration project success?

Anand: Developers need to transform and route data and apply process automation capabilities. To do integration efficiently, enterprises have to automate data flow, business processes and whatever repeatable, error-prone tasks IT does. This calls for support from automation models, such as robotic process automation, to create single pane of glass for analytics.

Enterprise-level application integration projects used to take a year or two. Now that SaaS applications can be deployed in a matter of months, that won’t do. Fortunately, APIs themselves are now designed so that the integrations can be done more effectively, more efficiently and with better time to market than ever before. For API integration, there are automated, prebuilt connections that can be applied. Also, automated API integrated features are available in some iPaaS offerings now and coming to others soon.

Vendors race to adopt Google Contact Center AI

Google has released a development platform that will make it easier for businesses to deploy virtual agents and other AI technologies in the contact center. The tech giant launched the product in partnership with several leading contact center vendors, including Cisco and Genesys. 

The Google Contact Center AI platform includes three main features: virtual agents, AI-powered assistance for human agents and contact center analytics. Google first released a toolkit for building conversational AI bots in November and updated the platform this week, with additional tools for contact centers.

The virtual agents can help resolve common customer inquiries using Google’s natural language processing platform, which recognizes voice and textual inputs. Genesys, for example, demonstrated how the chatbot could help a customer return ill-fitting shoes before passing the phone call to a human agent, who could help the customer order a new pair.

Google’s agent assistance system scans a company’s knowledge bases, such as FAQs and internal documents, to help agents answer customer questions faster. The analytics tool reviews chats and call recordings to identify customer trends, assisting in the training of live agents and the development of virtual agents.

Vendors rush to adopt Google Contact Center AI

Numerous contact center vendors that directly compete with one another sent out strikingly similar press releases on Tuesday about their adoption of Google Contact Center AI. The Google platform is available through partners Cisco, Genesys, Mitel, Five9, RingCentral, Vonage, Twilio, Appian and Upwire.

“I don’t think I’ve ever heard of a launch like this, where almost every player — except Avaya — is announcing something with the same company,” said Jon Arnold, principal analyst of Toronto-based research and analysis firm J Arnold & Associates.

Avaya was noticeably absent from the list of partners. The company spent most of 2017 in bankruptcy court and was previously faulted by critics for failing to pivot to the cloud quickly enough. The company said at a conference earlier this year it was developing AI capabilities internally, said Irwin Lazar, an analyst at Nemertes Research, based in Mokena, Ill.

An Avaya spokesperson said its platforms integrated with a range of AI technologies from vendors, including Google, IBM, Amazon and Nuance. “Avaya does have a strong relationship with Google, and we continue to pursue opportunities for integration on top of what already exists today,” the spokesperson said.

Google made headlines last month with the release of Google Duplex, a conversational AI bot targeting the consumer market. The company demonstrated how the platform could pass as human during short phone conversations with a hair salon and restaurant. Google’s Contact Center AI was built on some of the same infrastructure, but it’s a separate platform, the company said.

“Google has been pretty quiet. They are not a contact center player. But as AI keeps moving along the curve, everyone is trying to figure out what to do with it. And Google is clearly one of the strongest players in AI, as is Amazon,” Arnold said.

Because it relies overwhelmingly on advertising revenue, Google doesn’t need its Contact Center AI to make a profit. Google will be able to use the data that flows through contact centers to improve its AI capabilities. That should help it compete against Amazon, which entered the contact center market last year with the release of Amazon Connect.

The contact center vendors now partnering with Google had already been racing to develop or acquire AI technologies on their own, and some highlighted how their own AI capabilities would complement Google’s offering. Genesys, for example, said its Blended AI platform — which combines chatbots, machine learning and analytics — would use predictive routing to transfer calls between Google-powered chatbots and live agents.  

“My sense with AI is that it will be difficult for vendors to develop capabilities on their own, given that few can match the computing power required for advanced AI that vendors like Amazon, Google and Microsoft can bring to the table,” Lazar said.

ComplyRight data breach affects 662,000, gets lawsuit

A data breach at ComplyRight, a firm that provides HR and tax services to businesses, may have affected 662,000 people, according to a state agency. It has also prompted a lawsuit, which was filed in federal court by a person who was notified that their personal data was breached. The lawsuit seeks class-action status.

The ComplyRight data breach included names, addresses, phone numbers, email addresses and Social Security numbers, some of which came from tax and W-2 forms.

ComplyRight’s services include a range of HR products, such as recruitment, time and attendance, as well as an online app for storing essential employee data. This particular attack was directed at its tax-form-preparation website. Hackers go after customer and employee data. The Identity Theft Resource Center 2018 midyear report, for instance, lists every known breach so far this year. It said the compromised data is a shopping list of HR managed data.

Company: No more than 10% of customers affected

The breach occurred between April 20 and May 22, and the company notified affected parties by mail.

ComplyRight, in a posted statement, said “a portion (less than 10%)” of people who have their tax forms prepared on its web platform were affected by a cyberattack, but it did not say how many customers were affected by its breach. The company knows the data was accessed or viewed, but it was unable to determine if the data was downloaded, according to the firm’s statement.

But the state of Wisconsin, which publishes data breach reports, has shed some light on the scale of the impact. It reported the ComplyRight data breach affected 662,000 people — including 12,155 Wisconsin residents. A spokesman for Wisconsin Department of Agriculture, Trade and Consumer Protection said this figure was provided verbally to the state by an attorney for ComplyRight.

Rick Roddis, president of ComplyRight, based in Pompano Beach, Fla., said in an email that the firm won’t be commenting, for now, beyond what it has posted on the site.

Among the steps ComplyRight said it took was the hiring of a third-party security expert who conducted a forensic investigation. The firm is also offering credit-monitoring services to affected parties.

Security expert Nikolai Vargas, who looked at the firm’s statement, said ComplyRight “is doing the bare minimum in terms of transparency and informing their clients of the details of the security incident.”

“In cases of a data breach, it is important to disclose how long the exposure occurred and the scope of the exposure,” said Vargas, who is CTO of Switchfast, an IT consulting and managed service provider based in Chicago. ComplyRight stating that “less than 10%” of individuals were affected “doesn’t really explain how many people were impacted,” he added.

“Technical details are nice to have, but they’re not always necessary and may need to be withheld until protections are put in place,” Vargas said.

Federal suit alleges poor protection

[ComplyRight] is doing the bare minimum in terms of transparency and informing their clients of the details of the security incident.
Nikolai VargasCTO at Switchfast

The ComplyRight data breach was first reported by Krebs on Security, which had heard from customers who had received breach notification letters.

Susan Winstead, an Illinois resident, received the notification from ComplyRight on July 17, outlining what happened. She is the plaintiff in the lawsuit filed July 20 in the U.S. District Court for the Northern District of Illinois.

The lawsuit faults ComplyRight for allegedly not properly protecting its data and not immediately notifying affected individuals, and the suit seeks damages for the improper disclosure of personal information, including the time and effort to remediate the data beach. 

Company faced difficult detective work

Another independent expert who looked at ComplyRight’s notice, Avani Desai, said the company “followed best practice for incident response.”

With a cyberattack, one of the most difficult processes initially is identifying that there was an actual attack and the true extent of it, said Desai, president of Schellman & Company, a security and privacy compliance assessor in Tampa, Fla. It’s important to ask the following questions early: Was there sensitive information that was involved? Which systems were exploited? The firm quickly hired a third-party forensic group, she noted.

“ComplyRight locked down the system prior to announcing the breach, which is important, because when organizations announce too quickly, we see copycat attacks hit the already vulnerable situation,” Desai said.

Mike Sanchez, chief information security officer of United Data Technologies, an IT technology and services firm in Doral, Fla., said the things the firm did right are “they disabled the platform and performed a forensic investigation to understand the cause of the breach, as well as the breadth of the malicious actor’s actions.”

But Sanchez said the firm’s statement, which he described as a “very high-level summary,” lacked many specifics, including the exact flaw that was used to gain access to the data.

The Identity Theft Resource Center reported that as of the first six months of this year, there were 668 breaches exposing nearly 22.5 million records.

Team collaboration secondary in Workplace by Facebook app

Facebook pitches Workplace as a team collaboration app, but businesses have found the product more useful as an intranet that helps build community across large workforces with many remote and part-time employees.

In recent months, Facebook has stepped up efforts to position its business platform as a competitor to cloud-based collaboration apps like Slack and Microsoft Teams. Recently, for example, the social media company added to Workplace by Facebook third-party business software and made it easier to deploy instant messaging.

But the Workplace users interviewed for this story do not have the platform integrated with many business apps and have not seen widespread adoption of Workplace Chat, the messaging tool.

Instead, most of those Workplace users continue to rely on platforms like Microsoft Skype for Business for unified communications (UC), while using Workplace primarily for companywide announcements and for promoting collaboration across departments.

Facebook arranged interviews with Weight Watchers, Farmers Insurance and the World Wildlife Fund (WWF) for this story. Heineken USA and Rooftop Housing Group, a 200-person nonprofit based in Evesham, England, were contacted independently. More than 30,000 organizations use the Workplace by Facebook app.

Workplace by Facebook app a better intranet

Only 10% of Weight Watchers employees work at a desk in an office. The World Wildlife Fund has 80 offices around the world. Two-thirds of Heineken workers in the United States are based out of regional offices, which they visit once or twice a week.

These organizations turned to the Workplace by Facebook app because it was a mobile-centric platform that most employees would intuitively know how to use based on the popularity of consumer Facebook.

“For someone who only works two hours a week for the company, we wanted them to be able to intuitively get what the platform was, understand how to use it and take to engage in it,” said Stacie Sherer, senior vice president of corporate communications at Weight Watchers.

Similar to consumer Facebook, Workplace lets users like, comment and share posts. Since deploying Workplace, employees engage with company news more frequently and are more likely to post updates about their own team’s work, the users said.

“Whether you’re in the field, or whether you’re working in finance, or whether you’re working in an administrative role, it has allowed [staff] to feel more part of WWF and our work,” said Kate Cooke, head of network communications at the World Wildlife Fund. (The platform is free for nonprofits.)

The tool has increased collaboration among teams and departments that would have otherwise never interacted. Weight Watchers employees based in different parts of the country have discussed best practices for helping clients. Recently, the Armenian branch of WWF posted about a communications campaign that other offices ended up copying.

Business integrations aren’t central to how companies use Workplace

In May, Facebook unveiled roughly 50 integrations with SaaS apps such as Jira, HubSpot and SurveyMonkey, following the lead of platforms like Slack, Microsoft Teams and Cisco Webex Teams. But for the most part, the organizations interviewed for this story haven’t begun taking advantage of those integrations.

The users, however, do have Workplace integrated with cloud storage apps, such as Box and Google Drive, and web conferencing platforms, such as Zoom, which can be used to live stream meetings and events to Workplace. Those integrations had been available before the May announcement.

Microsoft, Cisco and Slack have marketed their team collaboration apps as hubs for getting work done. Those apps let users, for example, approve expense reports and message with colleagues from the same interface.

The Workplace by Facebook app offers similar functionality, but users are not adopting the app primarily for that reason.

“We really focused it on that engagement perspective to start and really using it as a communication channel,” said Jacqueline Leahy, director of internal corporate communications at Heineken USA. “We have not started to really use it in terms of managing projects.”

Workplace Chat adoption lags

None of the Workplace users rely on the app as their primary instant messaging platform. Most have other UC clients deployed, such as Microsoft Skype for Business, and don’t view Workplace as a replacement for those tools.

At Weight Watchers, for example, the technology and product teams use Slack, integrated with Confluence and Jira, while others in the organization communicate through WhatsApp or text messaging. Sherer said the company was looking into boosting adoption of Workplace Chat.

In fact, Workplace may be inadvertently contributing to a communication channel overload within some organizations. Rooftop Housing Group, for example, now has three or four different ways to instant message, including Workplace Chat, Microsoft Skype for Business and a Mitel softphone client.

“We now need to find organizational defaults,” said John Rockley, the nonprofit’s head of communications and marketing. “Otherwise, we’ve got too many separate channels.”

Microsoft Teams e-discovery enabled for hybrid clouds

For businesses with on-premises Exchange mailboxes, Microsoft will facilitate the electronic discovery of Microsoft Teams chats — a feature that should appeal to large enterprises in the process of migrating to the cloud.

Upon request, Microsoft will create cloud-based mailboxes for the sole purpose of storing the Teams chat data of users with on-premises Exchange mailboxes. Those users must have their on-premises identities synced to the cloud in Office 365’s Azure Active Directory. 

Organizations that take advantage of the tool will be able to search, preview and export Teams chat data stored in the cloud. That activity could be useful for Microsoft Teams e-discovery cases, compliance reviews or data service requests related to the General Data Protection Regulation.

However, businesses won’t be able to apply Office 365 retention policies to that chat data or place it on hold. In a blog post announcing Microsoft Teams e-discovery for hybrid setups, Microsoft said it would “provide more updates about our plan to address this gap soon.”

Microsoft Teams muddles path to cloud for large enterprises

Microsoft needs to continue to promote hybrid capabilities, such as its new Microsoft Teams e-discovery feature, to help on-premises customers feel comfortable with the transition to the cloud — a process that could take years.

“It’s messy to be in the middle, and I think Microsoft forgets that if you’ve got 100,000 people, you’re going to live in the middle for a long time,” said Kevin Kieller, a partner at consulting firm EnableUC in Oakville, Ont.

Many large enterprises with on-premises Skype for Business deployments had previously been gearing up to transition to the cloud version of that platform, Kieller said. Then, Microsoft introduced Teams last year, significantly complicating the cloud migration path for those businesses.

Microsoft has been steadily rolling out interoperability features between Skype for Business and Teams over the past several months, such as persistent chats and aggregated presence. But almost all of those features require businesses to have their employees registered through Skype for Business Online, the cloud version of the service.

“As far as I’ve seen, there isn’t really a good and easy way to migrate from Skype for Business on-prem to Teams,” said Zeus Kerravala, founder and principal analyst at ZK Research in Westminster, Mass. “It just seems like [Microsoft] didn’t think about it very well.”

Advanced telephony features for Teams coming soon

Microsoft is on track to add dozens of telephony features to Teams that are critical to large enterprises by the end of June, including call queues and organizational auto attendants. The final advanced calling features are expected to come online by year’s end.

The perception that Microsoft Teams lacks the full capabilities of Skype for Business has slowed adoption of the platform, particularly among large enterprises. But even as those features get added, Microsoft faces another hurdle: perception.

It could take months to get the message across that Teams is fully built-out, Kieller said. “Microsoft has a tough time, as everybody does, in terms of discoverability of the right information for somebody that’s contemplating this migration.”

Still, there is no end date in sight for support of Skype for Business on premises. However, while Microsoft plans to release a new on-premises server in 2019, the vendor is expected to keep some of its latest and most advanced collaboration tools as cloud-only offerings.

“It’s almost, by definition, going to be a hybrid mode,” Kieller said. “It’s just another way that I think Microsoft, even for on-prem customers … [is] effectively pushing them, moving them, cajoling them to move to the cloud.”

Google Hangouts Meet adds interoperability with competitors

Businesses will soon be able to join meetings on Google’s web conferencing platform, Google Hangouts Meet, using Microsoft Skype for Business and video conferencing systems from Cisco and Polycom.

At the same time, Google is helping several competing video conferencing vendors better integrate with Google Calendar, so users will be able to schedule and join meetings on those platforms without downloads or plug-ins.  

The announcements underscore Google’s commitment to competing with Microsoft Office 365 in the enterprise collaboration market. The consumer tech giant continues to invest in G Suite’s cloud-based applications for web conferencing and team messaging, while also embracing integrations with a wide range of vendors.

“Google has remained a market contender in video conferencing for several years,” said Roopam Jain, an analyst at Frost & Sullivan. “However, its direction in the past was not concerted, and it seemed to be waiting to squarely jump in with an enterprise-ready tool.”

Google is now partnering with startup Pexip to make Google Hangouts Meet interoperable with standards-based video hardware and Skype for Business, starting later this month. Pexip’s code works behind the scenes, so everyone can participate in the same meeting from different interfaces.

Google Hangouts Meet’s incompatibility with third-party communications applications has slowed adoption of the product since its release last year, particularly among businesses already invested in video conferencing products from legacy vendors, Jain said.

“This is a smart move by Google in a very competitive market, where businesses look for a stable and open collaboration platform that they can invest in,” Jain said. It could also convince more existing G Suite customers to start using Google Hangouts Meet, positioning Google “as a viable alternative to any other leading video conferencing solution in the market,” she said.

Google Calendar add-ons for video conferencing

Cisco Webex is working with Google to let customers schedule and join Webex meetings directly from Google Calendar. The vendors Arkadin, GoToMeeting, LogMeIn, Dialpad, RingCentral, Vidyo and Vonage are working on similar add-ons, Google said.

Google will make those add-ons available in the G Suite app store “in the coming months.” It plans to release details for developers so additional web conferencing vendors can sync with Google Calendar in the future.

Google is also expanding its interoperability with Microsoft Exchange, announcing it will make it possible for G Suite users to book rooms, equipment and other resources registered in Exchange.

Google Hangouts Chat to add guest access

Businesses using Google Hangouts Chat will be able to add external participants to communication channels in the coming months — a feature already supported by all other leading team collaboration apps on the market today.

Google made Hangouts Chat available to G Suite subscribers earlier this year to keep its enterprise portfolio competitive with Microsoft Office 365, which includes Microsoft Teams.

In a 2018 Nemertes Research survey of more than 600 businesses, 10.5% of respondents cited Hangouts Chat as their primary tool for team collaboration. Google ranked fourth behind Microsoft Teams (32.9%), Cisco Spark (21.1%) and Slack (14.5%).

Google is continuing to improve its collaboration products, but it still needs to integrate them with Gmail better, said Irwin Lazar, an analyst at Nemertes Research, based in Mokena, Ill. For example, users should be able to launch a chat from a Gmail thread.

“They will grow as a threat, while at the same time also integrating with potential competitors,” Lazar said.

Emerging AI Patterns

One of the top conversations that we have with businesses all over the world is how digital transformation is impacting every part of their operations. This wave of “Digital Transformation” impacts every business and every industry; from media to sports, from finance to healthcare, and from Fortune 1000 organizations to small businesses. This wave of transformation is being driven by the ongoing advances in computing building blocks of the last few decades: compute, storage, and networks. At the same time as companies are continuing down the path of digital transformation, there is a new generation of software building blocks that will drive even greater transformation for businesses in the future of which AI is one of the core drivers. AI will help to transform all industries, including transportation, manufacturing, retail, agriculture, and more and create opportunities we have yet to consider.

In this post I will talk about how Microsoft is helping businesses transform with AI. This moves beyond creating the AI platform, or using AI to enhance an existing application or service and into how people are starting to think about using AI to change core business processes. If you have been following along, this is the third and final part in a 3-part series on AI. If you want to revisit the other two posts before continuing, Part 1 provides some context on why this time is different for AI. It is followed up by Part 2 which looks at how Microsoft thinks about AI and the tools and services that we make available for you to create your own AI solutions and in turn how we use it to enhance our own products and services. 

In this blog we’ll dive more into the patterns we see emerging for the use of AI across industries and experiences. As we talk about AI with business and industry leaders, we see 4 patterns emerging on how to apply AI to businesses and business scenarios that provide a useful frame for the conversation.

  1. Virtual Agents – The first pattern is the use of virtual agents to interact with employees, customers, and partners on behalf of a company. These agents can help answer questions, provide support and over time become a proactive representative of your company and your brand. Today Microsoft uses a virtual agent in customer support that will engage in close to 50 million conversations this year.
  2. Ambient Intelligence – The second pattern is anchored on tracking people and objects in a physical space. In many ways this is using AI to both map a physical space and activity to a digital space, and then allowing actions on top of the digital graph. Many people will think about “pickup and go” retail shopping experience as a prime example, but this pattern is also applicable to safety, manufacturing, construction scenarios and more. Think about a warehouse that can detect a person walking in one aisle and a forklift driving in another that are on a collision course, the AI can prevent the pending accident. We also showed this pattern applied to an office/meeting scenario at BUILD.
  3. AI-Assisting Professionals – AI can be used to help almost any professional be more effective. For example, we can help people in finance with forecasting. Large companies manage forecasts by having their front-line sellers predict what they are going to do, then having many layers of reviewers to help judge the forecast. Using historical data and global insights from Bing, LinkedIn, and custom data sources, an AI system can reliably forecast how a subsidiary will do while removing all of the middle layers of judgement and the time consumed doing that. We also see AI starting to assist doctors in areas like genomics and public health. There are great examples in sales, marketing, legal and practically every other profession.  
  4. Autonomous Systems – The fourth pattern that we see is for autonomous systems. You might think of self-driving cars when you think about autonomous systems, but it also extends to robotic process automation and network protection. Threats to a network can be hard to identify when they are happening and the lag before responding can result in a lot of damage. Having the network automatically respond as a threat is happening can minimize the risk and free the team to focus on other tasks.

In this post I will cover these 4 patterns along with how Microsoft is helping businesses achieve their goals.

Virtual Agents

At Ignite 2017 we discussed how AI will be used to help large businesses with customer support. Since that time, the Microsoft AI Solution for Customer Service, which is being used by Microsoft, HP, Macy’s, Australian Government Department of Human Services, and others has shown tremendous success in using AI to transform customer engagement. Looking at the initial results from the early adopters we have seen great improvements for their businesses.

  • Microsoft – where possible we are testing AI Solutions within our own business processes before releasing software for others to use (e.g. forecasting and customer care). We built this solution to solve our own problems first and it is trusted to handle one of the largest enterprise support organizations in the world. With the addition of a virtual agent, it has created some impressive results. Over a 6-month period we saw a 2x increase in users successfully being able to help themselves with a 3x decrease in transfers to agents. Users dislike having to repeat themselves as they get transferred between agents, but with this solution the state transfers with the call creating a better experience for customers and our call center employees, at scale with over 100,000 virtual agent sessions per day.
  • HP – one of the early users of this solution has scaled up to handle 70% of support cases with AI and maintains a greater than 85% accurate dialog rate. To achieve this level of accuracy the service was initially trained on over 1 million chat logs and 50 KB of support articles to create a sophisticated dialog.
  • Macy’s – gives an example of how an AI solution for customer support can evolve to become a brand ambassador for the company. The virtual agent is integrated into both the web and mobile web experiences for shopping, so users can use the agents where they are. Macy’s integrated their backend APIs for promotions, alerts, and more into the agent so that the agent could go beyond the corpus of data that it was trained on to pull up account details, shipping updates, and more providing broad and personalized information.

Last year at Ignite when we discussed the Microsoft AI Solution for Customer Service it was framed in the context of helping users get the support they need while also improving the experience for agents who would get to focus on more value-added support cases. Since then there has been an expansion into more personalized experiences as demonstrated by what Macy’s is doing. Looking forward, business agents will be moving towards conversational commerce and blending proactive conversation capability with the current reactive capability.

Today online commerce is primarily a self-help experience with the user either having to know exactly what they are looking for or spending a lot of time researching. With a virtual agent there is the opportunity to have a virtual personal shopper by your side who can help you with your online experience. As you search for products the agent can intelligently recommend relevant intents based on what you have been looking at. As you select options that are intelligently designed to guide you through the purchase experience, the information that you need is presented to you in adaptive cards that contains rich yet focused information so that the user can make better decisions without information overload. Since the agent can maintain historical information, a conversation could be resumed later, and transactions could be completed all with the use of the agent. This pattern is by far one of the furthest along and an area we see a lot of activity in today. Companies can choose from a set of tools in the platform today to get started with initial agents before moving up to a full customer care solution.

Ambient Intelligence

Computing is often thought of in the context of devices but with the use of sensors a physical space can be digitized which creates an environment where people, objects and activities can be detected and tracked. When AI is added to the digitized environment you then make it possible to reimagine how a room interacts with the people and objects in it. For example, using facial recognition to know when a person has entered a room is valuable not just for personalization but also for safety. If the fire alarm goes off, knowing who was in the building and has left, or if anyone is still inside can be quite useful. The next level beyond just tracking people is to track people’s interaction with objects around them. This capability makes it possible to create several interesting retail experiences including; grab and go shopping, personalized offers, immediate and on the spot assistance when needed, and more. In manufacturing we can use this type of capability for health and safety scenarios that can include keeping a person safe by flagging when they are going to pick up something that might too heavy, or to make the problem of losing things less burdensome by flagging where a lost item might be with instructions on how to find it and more. There are many interesting scenarios enabled by the ambient pattern that are just starting to be explored.

We see real-world examples of this today using mixed reality to keep mission critical systems up and running. Preserving perishable goods is a great example. Cows produce 6 gallons of milk daily, so it is important that the milk is packaged on time to avoid waste. However, when a milk packaging line fails because of a faulty part, it can take several days to get up and running resulting in a lot of spoiled milk. Tetra Pak uses cloud-connected predictive analytics to analyze packaging lines data to predict maintenance issues to reduce down time. This is done by using mixed reality headsets to cut down fixing time by having remote experts guide service engineers.

AI Assisting Professionals

AI presents a great opportunity to augment human ingenuity by providing proactive timely support to people so that they can focus their energy on their most important tasks. This shows up in a variety of ways including digital assistants like Cortana, Alexa, Siri, and Google Home that many of us use today to do tasks for us. In business settings we have seen many early uses of AI helping busy professionals including Bing for Business which will take your companies organizational chart, internal sites, and cloud documents, and then integrate them into your search experience so that you have the public and private data that you need. AI helps professionals in other ways more specific to different industries. Attorneys who need to assess the risk of an event will spend a lot of time going through contracts to find the impact of any exposure to a negative event. Machine reading techniques can be used to understand the details of all their contracts and then surface the problems. Journalists can use AI to serve as a virtual editor that will look beyond rules-based spell checking to make writing suggestions. Finance professionals can also use AI to do sales forecasts to make better forecasts or sellers can use AI to target sales prospects and how to close a deal. Marketers can use AI to predict new trends in customer interest before investing a lot of money to experiment. We are working on a variety of areas where we can apply AI to assist professionals and one of my favorite examples is the work we are doing to help medical professionals.

Microsoft Research is known for world class advances in computer science, but they also focus on medical, health, and genomics. Their approach is to apply novel computational tools and analytical techniques to make healthcare more impactful and to assist patients. One application of AI to healthcare is Project InnerEye.

Today expert medical practitioners spend a lot of time analyzing 3D images to identify tumors versus other healthy tissue. Using years of Microsoft AI research in computer vision including deep decision forests which are used in the Kinect and HoloLens, and machine learning, and then applying it to more medical images than the average medical practitioner could analyze on their own, Project InnerEye can assist in identifying the presence of a tumor. To ensure that the medical practitioner is in charge, the results can be adjusted by the experts until everyone is comfortable with the result. Since we are a platform company we are also making the technology available to third-party medical software companies so that medical practitioners can use the tools they are most comfortable with today.

Autonomous Systems

Most people when they think of autonomous systems, visions of self-driving cars come up but there are so many other ways to apply this technology as well. Networks when they are under attack can take a long time for someone to notice and even longer to determine the root cause and then address it. Machine learning does a great job of detecting patterns in a vast amount of data, so it can be used to quickly identify attacks in real-time and then AI can be used to find the most effective approach for addressing the problem. The Network Admin will be notified and can control the process if needed but speeding up this process will limit the amount of damage that an attacker could cause. At the RSA 2018 Conference, Mark Russinovich shared how Microsoft’s investment in AI has created new security capabilities for protecting all of our customers.

For security, autonomous systems can help create secure products by finding security flaws during development. Microsoft Security Risk Detection is our offering for customers to use AI to find security flaws.

DocuSign is a company that enables people to sign documents from any device which means that they take security very seriously. Like most software developers, DocuSign uses a variety of software components in their products including ones from third parties and the security of their product is only as strong as all of the components put together. Using Microsoft Security Risk Detection, DocuSign can automatically check the security of all their components across multiple virtual machines with no extra work.

“We were able to automatically run millions of test cases across multiple virtual machines, entirely automated, with no extra work …. We’re always looking for services that add value, and that scale of automation is a great added value.” —John Heasman, Senior Director, Software Security, DocuSign

It is an exciting time in the industry as artificial intelligence is not just a topic of conversation but becoming the starting point for thinking about what will become the next wave(s) of digital and/or AI based transformation. The examples presented here across the four patterns are just a few examples, but we see the patterns as an interesting point to start the conversation. Three weeks I ago I started this series discussing why this time is different for AI compared to other times of AI excitement in the New Generation of Software Building Blocks post. Last week we focused on Microsoft’s approach to AI and how we are making it available to others across the platform, our products, and solutions. Today we presented four patterns for the use of AI in businesses and industries that we hope provide a useful framing around the topic. As you think through your own use cases think about how these patterns can apply to your business. Thank you for taking the time to read the series and if there are any other topics that we should explore please let us know.

Cheers, Guggs