Tag Archives: opportunity

Supporting modern technology policy for the financial services industry – guidelines by the European Banking Authority | Transform

The financial services community has unprecedented opportunity ahead. With new technologies like cloud, AI and blockchain, firms are creating new customer experiences, managing risk more effectively, combating financial crime, and meeting critical operational objectives. Banks, insurers and other services providers are choosing digital innovation to address these opportunities at a time when competition is increasing from every angle – from traditional and non-traditional players alike.

At the same time, our experience is that lack of clarity in regulation can hinder adoption of these exciting technologies, as regulatory compliance remains fundamental to financial institutions using technology they trust.  Indeed, the common question I get from customers is: Will regulators let me use your technology, and have you built in the capabilities to help me meet my compliance obligations?

A portrait of Dave Dadoun, assistant general counsel for Microsoft.
Dave Dadoun.

With this in mind, we applaud the European Banking Authority’s (EBA) revised Guidelines on outsourcing arrangements which, in part, address the use of cloud computing. For several years now we have shared perspectives with regulators on how regulation can be modernized to address cloud computing without diminishing the security, privacy, transparency and compliance safeguards necessary in a native cloud or hybrid-cloud world. In fact, cloud computing can afford financial institutions greater risk assurance – particularly on key things like managing data, securing data, addressing cyber threats and maintaining resilience.

At the core of the revised guidelines are a set of flexible principles addressing cloud in financial services. Indeed, the EBA has been clear these “guidelines are subject to the principle of proportionality,” and should be “applied in a manner that is appropriate, taking into account, in particular, the institution’s or payment institution’s size … and the nature, scope and complexity of its activities.” In addition, the guidelines set out to harmonize approaches across jurisdictions, a big step forward for financial institutions to have predictability and consistency among regulators in Europe. We think the EBA took this smart move to support leading-edge innovation and responsible adoption, and prepare for more advanced technology like machine learning and AI going forward.

Given these guidelines reflect a modernized approach that transcends Europe, we have updated our global Financial Services Amendment for customers to reflect these key changes. We have also created a regulatory mapping document which shows how our cloud services and underlying contractual commitments map to these requirements in an EU Checklist. The EU Checklist is accessible on the Microsoft Service Trust Portal. In essence, Europe offers the benchmark in establishing rules to permit use of cloud for financial services and we are proud to align to such requirements.

Because this is such an important milestone for the financial sector, we wanted to share our point-of-view on a few key aspects of the guidelines, which may help firms accelerate technology transformation with the Microsoft cloud going forward:

  • Auditability: As cloud has become more prevalent, we think it is natural to extend audit rights to cloud vendors in circumstances that warrant it. We also think that audits are not a one-size-fits-all approach but adaptable based on use cases – particularly whether it involves running core banking systems in the cloud. Microsoft has provided innovations to help supervise and audit hyper-scale cloud, including:
  • Data localization: We are pleased there are no data localization requirements in the EBA guidance. Rather, customers must assess the legal, security and other risks where data is stored, as opposed to mandating data be stored strictly in Europe. We help customers manage and assess such risk by providing:
    • Contractual commitments to store data at rest in a specified region (including Europe).
    • Transparency where data is stored.
    • Full commitments to meet key privacy requirements, like the General Data Protection Regulation (GDPR).
    • Flow-through of such commitments to our subcontractors.
  • Subcontractors. The guidelines address subcontractors, particularly those that provide “critical or important” functions. Management, governance and oversight of Microsoft’s subcontractors is core to what we do.  Among other things:
    • Microsoft’s subcontractors are subject to a vetting process and must follow the same privacy and governance controls we ourselves implement to protect customer data.
    • We provide transparency about subcontractors who may have access to customer data and provide 180 days notification about any new subcontractors as well.
    • We provide customers termination rights should they conclude a subcontractor presents a material increase in risk to a critical or important function of their operations.
  • Core platforms: We welcome the EBA’s position providing clarity that core platforms may run in the cloud. What matters is governance, documenting protocols, the security and resiliency of such systems, and having appropriate oversight (and audit rights), and commitments to terminate an agreement, if and when that becomes necessary. These are all capabilities Microsoft offers to its customers and we now see movement among leading banks to put core systems into our cloud because of the benefits we provide.
  • Business Continuity and Exit Planning. Institutions must have business continuity plans and test them periodically for use of critical or important functions. Microsoft has supported our customers to meet this requirement, including providing a Modern Cloud Risk Assessment toolkit and, in addition, in the Service Trust Portal documentation on our service resilience architecture, our Enterprise Business Continuity Management team (EBCM), and a quarterly report detailing results from our recent EBCM testing. In addition, we have supported our customers in preparing exit planning documentation, and we work with industry bodies like the European Banking Federation towards further industry guidance for these new EBA requirements.
  • Concentration risk: The EBA addresses the need to assess whether concentration risk may exist due to potential systemic failures in use of cloud services (and other legacy infrastructure). However, this is balanced with understanding what the risks are of a single point of failure, and to balance those risks and trade-offs from existing legacy systems. In short, financial institutions should assess the resiliency and safeguards provided with our hyper-scale cloud services, which can offer a more robust approach than systems in place today. When making those assessments, financial institutions may decide to lean-in more with cloud as they transform their businesses going forward.

The EBA framework is a great step forward to help modernize regulation and take advantage of cloud computing. We look forward to participating in ongoing industry discussion, such as new guidance under consideration by the European Insurance and Occupational Pension Authority concerning use of cloud services, as well as assisting other regions and countries in their journey to creating more modern policy that both supports innovation while protecting the integrity of critical global infrastructure.

For more information on Microsoft in the financial services industry, please go here.

Top photo courtesy of the European Banking Authority.

Go to Original Article
Author: Microsoft News Center

Announcing new AI and mixed reality business applications for Microsoft Dynamics – The Official Microsoft Blog

Today, I had the opportunity to speak to press and analysts in San Francisco about our vision for business applications at Microsoft. In addition, I had the privilege to make two very important announcements: the upcoming availability of new Dynamics 365 AI applications, and our very first mixed reality business applications: Dynamics 365 Remote Assist and Dynamics 365 Layout.

Our vision for business applications at Microsoft

We live in a connected world where companies are challenged every day to innovate so they can stay ahead of emerging trends and repivot business models to take advantage of new opportunities to meet growing customer demands.

To innovate, organizations need to reimagine their processes. They need solutions that are modern, enabling new experiences for how they can engage their customers while making their people more productive. They need unified systems that break data silos, so they have a holistic view of their business, customers and employees. They need pervasive intelligence threaded throughout the platform, giving them the ability to reason over data, to predict trends and drive proactive intelligent action. And with adaptable applications, they can be nimble, allowing them to take advantage of the next opportunity that comes their way.

Two years ago, when we introduced Dynamics 365 we started a journey to tear down the traditional silos of customer relationship management (CRM) and enterprise resource planning (ERP). We set out to reimagine business applications as modern, unified, intelligent and adaptable solutions that are integrated with Office 365 and natively built on Microsoft Azure.

With the release of our new AI and mixed reality applications we are taking another step forward on our journey to help empower every organization on the planet to achieve more through the accelerant of business applications. Specifically, today we are making the following announcements:

Dynamics 365 + AI

First, I am happy to announce the coming availability of a new Dynamics 365 AI offering — a new class of AI applications that will deliver out-of-the-box insights by unifying data and infusing it with advanced intelligence to guide decisions and empower organizations to take informed actions. And because these insights are easily extensible through the power of Microsoft Power BI, Azure and the Common Data Service, organizations will be able to address even the most complex scenarios specific to their business.

Dynamics 365 AI for Sales: AI can help salespeople prioritize their time to focus on deals that matter most, provide answers to the most common questions regarding the performance of sales teams, offer a detailed analysis of the sales pipeline, and surface insights that enable smarter coaching of sales teams.

Dynamics 365 AI for Customer Service: With Microsoft’s AI and natural language understanding, customer service data can surface automated insights that help guide employees to take action and can even leverage virtual agents to help lower support costs and enable delightful customer experiences, all without needing in-house AI experts and without writing any code.

Dynamics 365 AI for Market Insights: Helps empower your marketing, social media and market research teams to make better decisions with market insights. Marketers can improve customer relationships with actionable web and social insights to engage in relevant conversations and respond faster to trends.

To help bring this to life, today we released a video with our CEO, Satya Nadella, and Navrina Singh, a member of our Dynamics 365 engineering team, showing examples of ways we’re bringing the power of AI to customer service organizations.

Dynamics 365 + Mixed Reality

Our second announcement of the day centers on the work we are doing to bring mixed reality and business applications together.

Since the release of Microsoft HoloLens over two years ago, the team has learned a lot from customers and partners. The momentum that HoloLens has received within the commercial space has been overwhelmingly positive. This has been supported by increased demand and deployment from some of the world’s most innovative companies.

We recognize that many employees need information in context to apply their knowledge and craft. Not only on a 2-D screen — but information and data in context, at the right place, and at the right time, so employees can produce even greater impact for their organizations. Mixed reality is a technology uniquely suited to do exactly that.

This is a whole new kind of business application. And that’s precisely what we’re introducing today, Dynamics 365 Remote Assist and Dynamics 365 Layout.

Today, we also showcased for the first time how Chevron is deploying HoloLens to take advantage of Dynamics 365 mixed reality business applications.

Chevron is already achieving real, measurable results with its global HoloLens deployment. Previously it was required to fly in an inspector from Houston to a facility in Singapore once a month to inspect equipment. Now it has in-time inspection using Dynamics 365 Remote Assist and can identify issues or provide approvals immediately.

In addition, remote collaboration and assistance have helped the company operate more safely in a better work environment, serving as a connection point between firstline workers and remote experts, as well as cutting down on travel and eliminating risks associated with employee travel.

Here is a peek into the work Chevron is doing with mixed reality:

Unlock what’s next with the Dynamics 365 October 2018 release

Next week at Microsoft Ignite and Microsoft Envision we’ll be in Orlando talking with thousands of customers, partners, developers, and IT and business leaders about our October 2018 release for Dynamics 365 and the Power platform that will be generally available Oct. 1. The wave of innovation this represents across the entire product family is significant, with hundreds of new capabilities and features.

We will have a lot more to talk about in the weeks and months ahead. We look forward to sharing more!

Tags: , , ,

We need to modernize international agreements to create a safer digital world – Microsoft on the Issues

I had the opportunity to meet and speak yesterday afternoon in Geneva at the United Nations to discuss the global issues and challenges relating to cybersecurity. It provided an opportunity to connect with people from governments, international organizations, the NGO community and civil society more broadly on what in 2017 has clearly become one of the important issues of our time.

As technology continues to reshape the world, it’s clear that conflicts between nations are no longer confined to the land, sea and air. A cyber arms race is underway with nations developing and unleashing a new generation of weapons aimed at governments and civilians alike, putting at risk the critical data and digital-powered infrastructure that we all depend on for our daily lives.

In May, the nation state-sponsored WannaCry ransomware attack impacted more than 200,000 computers in more than 150 countries and showed the world the broad damage “invisible” cyber weapons can inflict. This didn’t just cause damage to machines. As the United Kingdom’s National Audit Office concluded just last week, WannaCry’s impact forced the National Health Service to divert ambulances and cancel over 19,000 appointments for people scheduled to see a physician or have a surgical procedure. WannaCry provided a wake-up call to the world.  If we do not do more to address the risk of nation-state cyberattacks, the world will become a more dangerous place.

While technology companies like Microsoft have the first responsibility to address these issues, it would be a mistake to think the private sector by itself can prevent or stop the risk of cyberattacks any more than it can prevent any other types of military attacks. Nation-state investments in cyberweapons have advanced beyond the point where that is possible. That’s one reason the WannaCry attack also underscores the need for international norms and agreements to protect civilians from nation-state attacks and for a new Digital Geneva Convention that commits governments to defending and protecting civilians from state-sponsored cyber-attacks.

When we introduced the concept of a Digital Geneva Convention this past February, we acknowledged that it’s the type of initiative that requires as much as a decade of work. We also recognized that this type of agreement could take a variety of different forms and requires more than a single step.

That’s why it’s important to combine a focus on long-term measures like a Digital Geneva Convention with more immediate steps to build on existing international law to better protect civilians from cyberattacks now, not a decade in the future. We must recognize the current norms that already apply to cyberspace on which we can rely and identify the gaps in current norms so that we can fill them in for the future.

There clearly are important foundations on which the world can build. These include the United Nations Charter and the Fourth Geneva Convention. And it’s important to appreciate the encouraging examples of international organizations taking steps to build on agreements that exist today. For example, in 2015, the United Nations Group of Governmental Experts on Developments (UNGGE) confirmed that international law applies to cyberspace. In 2016, the Organization for Security and Co-operation in Europe adopted an enhanced list of “confidence-building measures (CBMs) to enhance security and stability in the cyber domain.” And earlier this year, the Group of 7 (G7) published a declaration recognizing the urgent need to establish international norms for responsible nation-state behavior in cyberspace.

We should recognize that there is a shared responsibility among governments, the private sector and civil society to modernize these principles and ensure their effectiveness in the 21st century. That in fact is the way these types of norms and rules have always advanced. For example, when technology advancements in firearms created new horrors, private citizens spearheaded the founding of the International Committee of the Red Cross in 1863.  New rules emerged to protect medics as neutrals, enabling them to treat all wounded regardless of who they fought for. The Red Cross has since saved countless lives, and it endures today as a cornerstone of international humanitarian aid and a protector of civilians in times of war.  The Fourth Geneva Convention’s rules to protect civilians in times of war provide a foundation to build from, and governments can help by clarifying how existing international law, including international humanitarian law, applies to cyberspace.

But we should also recognize that international humanitarian law was built in an age when military forces squared off on physical battlefields. Where there is no armed conflict on a traditional battlefield, some traditional international legal protections may not apply. While international law includes mechanisms like due diligence, the duty of non-intervention and countermeasures, the existence and meaning of these rules may be disputed. This can create a gap in existing international law’s ability to serve its humanitarian functions, allowing nation states to use offensive cyber means that put civilians at risk.

This is illustrated by questions that arise, for example, regarding the application of the United Nations Charter. While states have agreed in Article 2(4) of the charter that they will not use or threaten force against other states, the charter does not define what constitutes “force.” The text has been viewed as prohibiting only “armed” force – the sorts of violent consequences that militaries inflict on each other through injuries, death and destruction. Cyber weapons, however, have created new means to cause harm, not by blowing things up, but by disrupting the functionality of critical systems on which we all depend.  We need to update international law to clearly prohibit nation states from damaging or destroying data and the machines on which we rely in the same way the charter limits them from damaging or destroying physical infrastructure.

These types of steps are seldom easy. This was illustrated recently when governmental delegates met to author the so-called Tallinn Manual 2.0 – an effort by international legal experts to clarify how existing international law applies to cyberspace. While they made important progress in some areas, they could not reach consensus on what the U.N. Charter has to say about losses of functionality in civilian infrastructure even when nothing gets physically broken.

These types of challenges are natural and understandable parts of what inevitably is a long and complex journey. As debates emerge over existing norms and new threats, it will be important for experts from governments, civil society, the private sector and academia to both help identify existing gaps and deploy new technologies and approaches to prevent the continued harm of civilians by cybercriminals.

Technology has come a long way since the days of rifles and cannons, yet one need is constant: as technology advances, the law must move forward with it. As in the 1800s, the private sector is again urging change and proposing new conventions to compel governments to create new standards and norms. And as in the 1800s, those outside government will need to play an active role to help. Just as volunteers were critical to support medics in treating the wounded, the tech sector today needs to serve as first responders to aid those impacted by a cyber-attack. Just as medics and volunteers needed the recognition of governments to act as neutrals, the tech sector today needs to act as a “neutral Digital Switzerland” to help civilians everywhere who are hurt in an attack. This is part of the thinking that is going into the tech sector’s efforts to increase cybersecurity collaboration and consider a more formal Tech Accord, so we can act effectively and in a globally responsible way.

The future of cybersecurity on the internet will require many steps by many people. We will need to continue to look to tech companies to act proactively to strengthen defenses and work closely with customers. We need governments to act together, both to adhere to current international norms and create new law to fill in the gaps. The world needs a Digital Geneva Convention, as well as many additional steps to move us toward  creating a more secure world.

Tags: Brad Smith, cybersecurity, Digital Geneva Convention