Cybersecurity company WithSecure Oyj is warning that a security flaw in Microsoft 365 Message Encryption can leak structural information in messages.

WithSecure, previously known as F-Secure until March, explained that the issue with Microsoft 365, known as Office 365 until yesterday, is that Microsoft uses an Electronic Codebook implementation. That’s a mode of operation known to leak certain structural information about messages.

According to the advisory, attackers who can obtain enough OME emails could use the information to infer the contents of the messages partially or fully by analyzing the location and frequency of repeated patterns in individual messages. Having done so, an attacker could then match these patterns to ones found in other OME emails and files.

“Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents,” WithSecure consultant and security researcher Harry Sintonen explained. “More emails make this process easier and more accurate, so it’s something attackers can perform after getting their hands on e-mail archives stolen during a data breach, or by breaking into someone’s email account, e-mail server, or gaining access to backups.”

The advisory explains that the attack method can be done offline, meaning an attacker could compromise backlogs or archives of previous messages. It’s noted that organizations have no way to prevent an attacker that comes into possession of affected emails from compromising its contents using the method.

No knowledge of the encryption keys is needed to conduct the analysis, according to the advisory and the use of a Bring Your Own Key scheme does not remedy the problem.

WithSecure shared its research with Microsoft in January 2022, but the issue has not been fixed. Microsoft is said to have acknowledged the problem and made a payment via its vulnerability reward program. Organizations can mitigate the problem by not using the feature, but Microsoft’s decision not to address this issue is claimed to increase the risk of adversaries gaining access to existing emails encrypted with OME.

“Any organization with personnel that used OME to encrypt emails is basically stuck with this problem,” Sintonen added. “For some, such as those that have confidentiality requirements put into contracts or local regulations, this could create some issues. And then, of course, there are questions about the impact this data could have in the event it’s actually stolen, which makes it a significant concern for organizations.”

The advisory concludes with WithSecure recommending that Microsoft 365 users should avoid using OME as a means of ensuring the confidentiality of emails.

Image: Microsoft

With companies increasingly moving their data to cloud, there is an extensive need for more professionals with sound understanding and expertise of cloud technology.

Microsoft’s cloud offering, Azure, ranks among the top in the industry. Enterprises find Azure’s hybrid feature appealing, as well as the wide range of tools offered on the platform. As per data from Statista, the Azure market share has been on an upsurge and now accounts for 21% of the worldwide cloud market, making earning an Azure certification a strong career move.

Here are 16 role-based Azure certifications that will supply you an in-depth understanding of the skills and knowledge required to elevate your IT career using Microsoft’s cloud.

• Azure Administrator Associate
• Azure AI Engineer Associate
• Azure Database Administrator Associate
• Azure Data Engineer Associate
• Azure Data Scientist Associate
• Azure Developer Associate
• Azure Enterprise Data Analyst Associate
• Azure Network Engineer Associate
• Azure Security Engineer Associate
• Azure Solutions Architect Expert
• Azure Stack Hub Operator Associate
• Cybersecurity Architect Expert
• DevOps Engineer Expert
• Identity and Access Administrator Associate
• Security Operations Analyst Associate
• Windows Server Hybrid Administrator Associate

Azure Administrator Associate

The certification is designed for professionals with expertise in implementing, managing, and monitoring identity, storage, governance, compute, and virtual networks in a cloud environment. Many a times, this role operates as a part of a bigger team devoted to implement an organization’s cloud infrastructure.

To earn this certification, you should have a minimum of six months of hands-on experience managing Azure. In addition, you would also require a good understanding of core Azure services, Azure workloads, security, and governance. It will also test your skills of deploying and managing Azure compute resources, as well as your ability to configure, monitor, and maintain Azure resources.

Job role: Administrator

Required exam: Microsoft Azure Administrator

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure AI Engineer Associate

This certification validates your ability to develop AI solutions in collaobration with data engineers, data scientists, AI developers, and IoT specialists.

To earn this certification, you need to have a strong understanding of C# or Python and should have hands-on knowledge of REST-based APIs and SDKs to develop conversational AI solutions, natural language processing, computer vision, and knowledge mining on Azure. You should also be proficient enough to apply responsible AI principles and be able to plan and mange Azure Cognitive Services solution.

Job role: AI engineer

Required exam: Designing and Implementing a Microsoft Azure AI Solution

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Database Administrator Associate

This certification demonstrates your ability to implement and manage the operational side of hybrid data platforms and cloud-native solutions developed with SQL Server and Azure data services. This test verifies your proficiency in using varied methods and tools to execute regular operations, including know-how of using T-SQL for administrative management purposes.

The skill sets that the test measures include the ability to: plan and implement data platform resources; implement a secure environment; examine, configure, and Boost database resources; configure and manage task automation; and plan and configure a high availability and disaster recovery environment.

Job role: Database administrator

Required exam: Administering Microsoft Azure SQL Solutions

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Data Engineer Associate

This certification is a stamp of your expertise in integrating, consolidating, and transforming data pouring in from numerous structured and unstructured data systems and in providing structure to build analytics solutions on that data. An Azure data engineer ensures data pipelines and data stores are well-functioning, effective, structured, and reliable based on business requirements and limitations. You also need to navigate unexpected issues and reduce data loss.

To earn this certification, you need to have an in-depth knowledge of data processing languages, including Scala, SQL, or Python, and have an understanding of parallel processing and data architecture patterns. You should be able to design, implement, and optimize data storage, data processing, and data security.

Job role: Data engineer

Required exam: Data Engineering on Microsoft Azure

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Data Scientist Associate

This certification focuses on your expertise in leveraging data science and machine learning to implement and run machine learning workloads on Azure.

Candidates for this role should be able to conduct data experiments, train predictive models, and manage Azure resources for machine learning.

Job role: Data scientist

Required exam: Designing and Implementing a Data Science Solution on Azure

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Developer Associate

The Azure Developer Associate certification is designed for professionals with one to two years of professional experience with Azure. It validates that a candidate is a cloud developer who takes part in all stages of development, deployment, and maintenance. And that the candidate works with cloud database administrators and clients to implement solutions.

The skills measured in the test include the ability to develop Azure compute solutions; develop for Azure storage; implement Azure security; monitor, troubleshoot, and optimize Azure solutions; and connect to and use Azure services and third-party services.

Job role: Developer

Required exam: Developing Solutions for Microsoft Azure

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Enterprise Data Analyst Associate

The certification proves your standing to appropriately deal in areas of designing, creating, and deploying enterprise-scale data analytics solutions.

To achieve this certification, you should have advanced Power BI skills. You should have the expertise to implement and manage a data analytics environment; query and transform data, implement and manage data models; and explore and visualize data.

Job role: Data analyst

Required exam: Designing and Implementing Enterprise-Scale Analytics Solution Using Microsoft Azure and Microsoft Power BI

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Network Engineer Associate

The Azure Network Engineer Associate certification validates your prowess of deploying networking solutions by using the Azure portal and other methods such as PowerShell, Azure Command-Line Interface, and Azure Resources Manager templates. The certification demonstrates your aptitude to work with solution architects, security engineers, cloud administrators, and DevOps engineers to deliver Azure solutions.

The test measures thorough expertise in planning, implementing, and maintaining Azure networking solutions comprising connectivity, routing, hybrid networking, security, and private access to Azure services.

Job role: Network engineer

Required exam: Designing and Implementing Microsoft Azure Networking Solutions

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Security Engineer Associate

This certification focuses on your expertise in implementing Azure Security Controls that secure identity, access, data, applications, and networks in cloud and hybrid environments. It proves your ability to execute responsibilities such as managing the security posture of the organization, responding to security incident escalation, conducting threat modeling, identifying and neutralizing detected flaws, and implementing threat protection.

To earn this certification, you need to have moderate to robust knowledge of most Azure offerings and an understanding of basic IT security principals. This test tests your knowledge in four different subject areas: managing identity and access; implementing platform protection; managing security operations; and securing data and application.

Job role: Security engineer

Required exam: Microsoft Azure Security Technologies

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Solutions Architect Expert

The certification validates your subject matter expertise in designing cloud and hybrid solutions on Azure, including network, compute, monitoring, storage, and security. It requires you to have advanced experience and deep knowledge of IT operations comprising networking, governance, disaster recovery, data platforms, virtualization, business continuity, identity, and security.

To earn it, you must have Azure Administrator Associate certification (see above), which tests your skills to implement, monitor, and manage an organization’s Microsoft Azure environment.

Job role: Solution architect

Required exam: Designing Microsoft Azure Infrastructure Solutions

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Azure Stack Hub Operator Associate

This certification focuses on your ability to plan, deploy, update, and maintain the Azure Stack Hub infrastructure. It evaluates your aptitude to work with teams that support datacenter infrastructure; teams that manage identity; and teams that use Azure Stack Hub resources such as DevOps engineers, developers, and virtual infrastructure administrators.

The certification requires you to possess strong experience in operating and managing Azure Stack Hub environments, and to do so by using PowerShell. It will also test the depth of your understanding of Azure, as well as your knowledge of networking, virtualization, and identity management as the certification is for administrator-level role.

Job role: Administrator

Required exam: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR                     

Cybersecurity Architect Expert

Cybersecurity Architect Expert is an enhanced certification that establishes your subject matter expertise in securing an organization’s digital assets by deploying cybersecurity strategy. It also focuses on your ability to design a Zero Trust strategy and architecture, which comprises applications, security strategies for data, identity and access management, and infrastructure. This test also evaluates Governance Risk Compliance (GRC) technical strategies; security operations strategies; and experience of hybrid and cloud implementation.

To earn this certification, you must have at least one of the following certifications: Microsoft Certified: Azure Security Engineer Associate; Microsoft Certified: Identity and Access Administrator Associate; Microsoft 365 Certified: Security Administrator Associate; or Microsoft Certified: Security Operations Analyst Associate.

Job role: Security engineer, administrator, solution architect, security operations analyst

Required exam: Microsoft Cybersecurity Architect

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

DevOps Engineer Expert

The DevOps Engineer Expert certification proves your ability to plan and implement strategies for collaboration, code, source control, infrastructure, compliance, monitoring, delivery, testing, constant integration, monitoring, and feedback. It requires you to possess experience with administering and developing in Azure, with solid skills in at least one of these domains. You need to be acquainted with both Azure DevOps and GitHub.

The test evaluates your ability to develop an instrumentation strategy; oversee source control; design a security and compliance strategy; plan and implement constant integration; plan and implement a continuous delivery and release management approach; enable communication and collaboration; and build a site reliability engineering strategy.

To earn this certification, you must have either the Azure Administrator Associate or Azure Developer Associate certification.

Job role: DevOps engineer

Required exam: Designing and Implementing Microsoft DevOps Solutions

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Identity and Access Administrator Associate

The certification verifies your ability to design, implement, and operate an organization’s identity and access management systems by putting into use the Azure Active Directory. It also validates your expertise to configure and manage authentication and authorization of identities for Azure resources, users, devices, and applications.

Job role: Administrator, identity and access administrator, security engineer

Required exam: Microsoft Identity and Access Administrator

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Security Operations Analyst Associate

This certification validates your skills in collaborating with stakeholders to secure IT systems from cyberattacks. It demonstrates that you are capable of reducing organizational risk by promptly emending active attacks in the systems, recommending improvements to threat protection practices, and stating breaches of organizational policies to applicable stakeholders.

The certification establishes that you are efficient for the role that predominantly investigates, responds to, and tracks attacks applying Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products.

Job role: Security engineer, security operations analyst

Required exams: Microsoft Security Operations Analyst

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD

India: ₹4800 INR

Windows Server Hybrid Administrator Associate

This certification proves your expertise in configuring and managing windows server workloads using on-premises, hybrid, and infrastructure-as-a-service technologies. It also demonstrates your ability to execute tasks in line with security, monitoring, migration, troubleshooting, and disaster recovery. It also covers Azure Automation update management, Microsoft Defender for identity, Azure Security Center, Azure Migrate, and Azure Monitor.

This certification tests your ability to deploy and manage active directory domain services in on-premises and cloud environments; manage windows servers and workloads in a hybrid environment; implement and manage an on-premises and hybrid networking infrastructure; manage virtual machines and containers; manage storage and file services; and implement disaster recovery. You should have vast experience working with Windows Server operating systems.

Job role: Administrator,identity and access administrator,support engineer, network engineer, information protection administrator, technology manager, security engineer

Required exams: Administering Windows Server Hybrid Core Infrastructure and Configuring Windows Server Hybrid Advanced Services

Cost: Depends on the country or region in which it is taken. Does not include applicable taxes.

United States: $165 USD + $165 USD = $330 USD

India: ₹4800 INR + ₹4800 INR = ₹9600 INR

•Says company’s $200m ADC initiative will boost local talents in Nigeria

Emma Okonji

The federal government yesterday disclosed that it would soon begin the implementation of universal licence on all Microsoft products, an initiative that would allow the federal government to purchase in bulk, all Microsoft product licenses and sell same to federal public institutions that are in need of such product licence.

The Minister of Communications and Digital Economy, Dr. Isa Ibrahim Pantami, made the disclosure yesterday, during the launch of Microsoft’s $200 million Africa Development Centre (ADC) West Africa initiative and the launch of Microsoft new facility in Lagos.

Pantami who commended Microsoft International for the ADC West Africa initiative, said the centre, which is located in Lagos, would further develop local talents in Nigeria.

According to Pantami, the process of universal licence for Microsoft products, when completed, would be presented to the Federal Executive Council (FEC) for consideration and approval.

“With the universal licence, the federal government is able to negotiate with Microsoft and then purchase in bulk, all Microsoft product licences that are necessary for the use of all federal public institutions in the country, such that any federal public institutions that want the licence, will subscribe through the federal government instead of purchasing directly from Microsoft.

“The federal government is in the process of formalising the business with Microsoft Nigeria, to enable it have universal license on all Microsoft product licences.

“The process has reached advanced stage and I have directed the National Information Technology Development Agency (NITDA), to complete the process for onward presentation to the Federal Executive Council (FEC) for consideration and approval,” he added.

Explaining the need for the universal licence, Pantami said some government institutions may have the capacity to purchase Microsoft product licences, while some may not, and this often leads to low patronage for Microsoft.

According to Pantami, “The essence is to increase the scope of patronage and make purchases open to all federal public institutions. It will also reduce cost of the licence, and also reduce the rate of piracy.

“The issue of renewal of licence for institutions will be eliminated because federal government will be responsible for renewal, since federal government will be doing bulk purchase of the licence. It will also provide opportunities for institutions to have access to Microsoft solutions.”

Excited about the Microsoft ADC West Africa Initiative, Pantami said since it is located in Lagos, it would promote local talent development among Nigerian youths.

“Emerging technologies are driving the fourth industrial revolution, and the emerging technologies include Artificial Intelligence (AI), Augmented Reality (AR), Virtual Reality (VR), Robotics, 5G, Internet of Things (AI),

Cybersecurity, Autonomous Vehicle among others, but government is focusing on AI, Robotics, 5G and any other emerging technology that drives technology development much faster.

“The ADC West Africa initiative is in line with the federal government policy on National Digital Economy Policy and Strategy (NDEPS), and government is happy with the Microsoft ADC West Africa initiative,” Pantami said.

Corporate Vice President for Identity at Microsoft, Joy Chik, said Microsoft would continue to partner with the federal government of Nigeria and technology startups to develop local talents on technology skills.

She said the launch of Microsoft ADC West Africa initiative, and the launch of its new office facility in Lagos, were part of Microsoft’s commitment to further develop digital skills in Nigeria and West Africa.

The Managing Director, ADC Wast Africa, Garfa Lawal, said the centre would employ skilled persons that would be involved in developing Microsoft products for the West African market.

WithSecure researcher Harry Sintonen has released an advisory on issues with Microsoft Office 365 Message Encryption (OME). OME is used to send encrypted emails. It uses the Electronic Codebook implementation, which can leak certain structural information about emails.

Issues with ECB are not unknown. In its Announcement of Proposal to Revise Special Publication 800-38A, NIST wrote, “The ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal… the use of ECB to encrypt confidential information constitutes a severe security vulnerability.”

Sintonen comments, “Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents. More emails make this process easier and more accurate.”

The problem is not one of decryption, and the cleartext content of the message is not directly revealed. Nevertheless, some content can be revealed.

Since repeating blocks of the cleartext message always map to the same ciphertext blocks, an attacker with a database of stolen emails can analyze them offline for these patterns, and be able to infer parts of the cleartext of the encrypted emails.

Image extracted from O365 message

In this sense, the problem is similar to the ‘harvest now, decrypt later’ threat of quantum decryption. Adversaries could steal large quantities of emails knowing that the more they have, the greater number of repeated patterns will be discovered in analysis, and the more accurate their cleartext inferences will become. For example, autocratic states could use this methodology to infer the identity of political activists, and locate other members of activist groups.

The attacker would look for a ciphertext block that appears to be of potential interest, and then use that as a fingerprint to highlight other emails containing the same fingerprint. This search across all the available emails would be automated. 

AI is also a potential aid. The AI could detect potentially, but not exactly, comparable ciphertext blocks. “AI could detect similarities in files that aren’t one of the ‘fingerprinted’ files,” Sintonen told SecurityWeek. This could increase the number of inferences that could be concluded. “You would certainly be able to leverage AI in the analysis,” he added.

Sintonen reported his findings to Microsoft in January 2022. He was awarded $5k for his discovery, and consequently expected to hear back from Microsoft that a patch was planned. Nothing happened. Eventually, he was told, “The report was not considered meeting the bar for security servicing, nor is it considered a breach. No code change was made and so no CVE was issued for this report.”

It is not clear why Microsoft has taken this stance. It may be because the company – like all other companies – must plan to move towards NIST’s quantum safe encryption methods over the next few years. The difficulty in ensuring that all apps that use OME must be simultaneously patched may also play into the decision. Or its message may be taken at face value: it is not considered serious.

But the potential should not be ignored. “Any organization with personnel that used OME to encrypt emails are basically stuck with this problem. For some, such as those that have confidentiality requirements put into contracts or local regulations, this could create some issues. And then of course, there’s questions about the impact this data could have in the event it’s actually stolen, which makes it a significant concern for organizations,” said Sintonen. 

The only mitigation for this flaw is to stop using OME to encrypt sensitive files.

Related: Investors Bet Big on Attempts to Solve Encryption 'Holy Grail'

Related: Is OTP a Viable Alternative to NIST's Post-Quantum Algorithms?

Related: Zoom Announces Better Encryption, Other Security Improvements

Related: New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn

Leon Gordon is a leader in data analytics, a current Microsoft MVP based in the U.K. and a partner at Pomerol Partners.

Data analytics is an emerging trend and has been around for a while. It’s an important tool in business intelligence, decision making and reporting. Organizations use data analytics to find insights to make better decisions and gain a competitive advantage. In this article, I’ll provide an overview of the implementation journey of data analytics in business and finance; I’ll also provide you with a compelling case study of how one organization leveraged its data using big data technologies to Boost its performance metrics across various departments like sales, customer service, marketing, etc.

Finding The Needle In The Haystack

One of the most important aspects of data analytics implementation is identifying valuable insights from data. With so much information to sift through, it’s essential to have a partner that can help you find the needle in a haystack.

As we’ve outlined, implementing data analytics is no easy task. Data analysts must be highly skilled and trained in order to succeed at their job effectively. While this might seem like an obvious requirement for someone working in such an important field, there are many other challenges that may arise during implementation.

Finding qualified candidates with the skills required for this type of work can be difficult because there aren’t enough qualified people available yet (this will likely change as more businesses adopt data analytics). This means that companies need to plan ahead when hiring new employees because they may not be able to find anyone who has experience with these types of projects yet—which means longer wait times before results start coming back!

Data Is Gold

Data is the raw material of data analytics and can come from many different sources. Data can be collected from websites, social media, mobile apps, sensors or even other databases. Data can take many forms—structured or unstructured—and it can be analyzed to understand trends and patterns. For example, the weather app on your phone knows that you’re running late for work because it predicts that it will rain later today; your online bank has calculated how much money you spend each month on groceries based on previous transactions, and a retailer’s web server records every time someone visits their website (even if they don’t make a purchase).

Creating Value From Data

Data is a source of competitive advantage. The ability to turn data into insight and action gives you the upper hand in your industry and makes you more attractive as a business partner for suppliers, customers and partners.

Data can be used to make better decisions. The right insights allow you to make smarter business decisions that drive growth or Boost efficiency by helping you understand customer behavior, employee engagement and productivity, provider relationships and risk management.

Data can be used to Boost customer experience (CX). Understanding who your customers are before they become customers allows you to provide relevant services at all stages of their journey with your brand—from pre-purchase through life cycle management post-purchase—so that they remain loyal customers over time rather than churning out onto the competition’s doorstep when they need something else from your industry supply chain in another part of town (or country) while continuing shopping online elsewhere!

Data Tells A Story

It’s the most valuable asset of your company. It’s the key to the future, it’s fuel for digital transformation, it’s the new oil and more.

Data is what makes businesses run, and as such, it has become one of the most valuable commodities on earth. We all know that data is a powerful asset: companies will pay anything for access to information about their customers or product usage patterns; governments are investing billions into building up their data infrastructure; people are making careers out of simply analyzing numbers (and getting paid well for it). But there’s so much more we can do with this stuff!

The Implementation Journey In Business And Finance

The data analytics implementation journey begins with the right data. A process that helps you take your company’s data, extract information from it and analyze it is called a “data science” project. Once this is done, the next step is to make a decision based on that analysis. After all, if we can’t interpret the results correctly and put them into practice effectively, what’s the point?

Data analytics doesn’t just help companies make more informed decisions; it also helps them safeguard their investments by providing better risk management strategies for both internal and external stakeholders. It gives businesses an edge over competitors by providing them with advanced technologies such as artificial intelligence (AI), machine learning or user experience design (UXD).

Businesses are looking for partners and consultants who can support them at strategic, implementation and execution stages. Data analytics is a key component of any business strategy. Businesses need to find ways to make sense of the data they have and use it in a way that improves the business.

The implementation journey is the most complex and challenging stage, where businesses require a lot of support for managing their data and making it valuable. Only through strategic planning, implementation and execution can companies extract insights from data to gain a competitive advantage. The business leaders who are willing to invest in analytics solutions today will be able to take advantage of new technologies in the future when they become more affordable or accessible.

Where should these leaders start?

1. Get A Partner: Data analytics is an ongoing process that requires expertise. At the very least, it will require someone with experience finding the right solution for your needs.

2. Consult With Experts: Data analysts know their stuff! They’ll be able to help you understand how it all works and limit any surprises later down the line.

3. Be Patient: Data analytics takes time! It might seem like there isn’t much happening at first, but don’t worry—this is normal.

In the end, data analytics is a simply way of looking at your business from a new perspective. It can help you make better decisions.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

• Mercedes-Benz introduces MO360 Data Platform, connecting passenger car plants to Microsoft Cloud
• Vehicle production efficiency expected to Boost by 20% by 2025
• Logistic teams to solve supply chain bottlenecks much faster
• Dynamic allocation of resources to prioritize low-emission and Top-End Luxury vehicles
• Production teams can access self-service portal with Microsoft Power BI dashboard from any device
• Data analytics tool to monitor and forecast carbon emissions, energy and water usage, waste management

STUTTGART, Germany, and REDMOND, Wash. — Oct. 12, 2022 — Mercedes-Benz and Microsoft Corp. collaborate to make vehicle production more efficient, resilient and sustainable. With the new MO360 Data Platform, Mercedes-Benz is connecting its around 30 passenger car plants worldwide to the Microsoft Cloud, enhancing transparency and predictability across its digital production and supply chain. The MO360 Data Platform is the evolution of Mercedes-Benz’ digital production ecosystem MO360 and allows teams to identify potential supply chain bottlenecks faster and enable a dynamic prioritization of production resources toward electric and Top-End vehicles. This unified data platform is standardized on Microsoft Azure, providing Mercedes-Benz with flexibility and cloud computing power to run artificial intelligence (AI) and analytics at global scale while addressing cybersecurity and compliance standards across regions. The platform is already available to teams in EMEA and will be deployed in the United States and China.

“This new partnership between Microsoft and Mercedes-Benz will make our global production network more intelligent, sustainable and resilient in an era of increased geopolitical and macroeconomic challenges. The ability to predict and prevent problems in production and logistics will become a key competitive advantage as we go all electric,” said Joerg Burzer, Member of the Board of Management of Mercedes-Benz Group AG, Production & Supply Chain Management.

“Mercedes-Benz’ partnership with Microsoft is a testament to the power of the industrial metaverse,” said Judson Althoff, executive vice president and chief commercial officer at Microsoft. “Together, we are merging the physical and digital worlds to accelerate value creation. Mercedes-Benz can simulate and refine manufacturing processes infinitely in the Microsoft Cloud before bringing them to the shop floor to enhance efficiency and minimize its environmental impact amid constant change and uncertainty.”

“With the MO360 data platform, we democratize technology and data in manufacturing. As we are moving toward a 100% digital enterprise, data is becoming everyone’s business at Mercedes-Benz. Our colleagues on the shop floor have access to production and management-related real-time data. They are able to work with drill-down dashboards and make data-based decisions,” said Jan Brecht, Chief Information Officer, Mercedes-Benz Group AG.

Redefine production excellence with a unified data platform

With the MO360 Data Platform, the Stuttgart-based carmaker can create a virtual replica of its vehicle manufacturing process, combining insights from assembly, production planning, shop floor logistics, supply chain and quality management. The virtual simulation and optimization of processes before running them on the shop floor helps accelerate operational efficiency and unlock energy savings. For example, managers can optimize operational patterns to reduce CO2 emissions in production.

Mercedes-Benz is also exploring the integration of the MO360 Data Platform with data sources from other departments to enable a digital feedback loop that will spur continuous learning and innovation across the Group.

The recently opened Mercedes-Benz Digital Factory Campus Berlin is the home base for the MO360 Data Platform engineering teams and will become the MO360 training and qualification center for implementing digital approaches globally.

Increase supply chain resilience and efficiency

With the new centralized data platform, teams can instantly analyze and visualize production data, to faster optimize production processes and identify potential supply chain bottlenecks. This enables a dynamic allocation of operational resources within and across plants to prioritize the manufacturing of low-emission and Top-End Luxury vehicles.

The Mercedes-Benz Operations Logistics team will be able to solve supply chain bottlenecks much faster. They can compare the availability of components, including semiconductors, with production orders and position this data against production parameters including operational running plans. As a result, plant managers can keep the production running and prioritize relevant vehicles even if supply chain challenges occur.

Move at full speed toward an all-electric future

The MO360 Data Platform will make it easier to maintain production of both electric and combustion-engine vehicles on a single production line as the market demand gradually shifts toward an all-electric future.

To tackle shortages in components and prevent delivery delays, the MO360 Data Platform will enable teams to explore a variety of production scenarios depending on the availability of components like semiconductors, based on real-time data about the quality of parts and equipment. This is expected to result in productivity gains of 20% in passenger car production by 2025 and help avoid unplanned downtimes and schedule maintenance work in a timely and CO2-friendly fashion.

Reduce ecological footprint from water and energy use to waste management

As part of the MO360 Data Platform, Mercedes-Benz has implemented an analytics tool to monitor and reduce its ecological footprint during vehicle production, a crucial milestone toward the company’s Ambition 2039 initiative to become carbon neutral by 2039. With the data analytics tool, teams can track and forecast carbon emissions, energy and water usage as well as waste management and roll out best practices across the production network. Mercedes-Benz plans to cover more than 70% of its energy needs through renewable sources by 2030 by expanding solar and wind power at its own sites and through Power Purchase Agreements and plans to cut its use of water by 35%¹ through the reuse of water in production.

Democratize data to enhance workforce productivity and distributed teamwork

Mercedes-Benz production staff gets access to the MO360 Data Platform via a self-service portal available on any company device including tablets, smartphones and laptops. Its visualization with Microsoft Power BI provides a what-you-see-is-what-you-get experience, allowing employees to become data workers with the ability to model and correlate data. The Teams Walkie Talkie app provides workers with an instant push-to-talk (PTT) communication on their business phones — no extra device needed.

With the MO360 Data Platform, teams at Factory 56 have shortened their daily shop floor meeting by 30%. In addition, they identify priority tasks to optimize production workflows within two minutes, which took up to four hours prior to the introduction of the platform. From team leads and process engineers to shop and plant managers, employees are encouraged to contribute new use cases to drive process innovation with Microsoft Power Platform.

Working with a global community of internal and external developers, Mercedes-Benz’ process software engineers are committed to open collaboration. They use Free and Open Source Software (FOSS) including GitHub to Boost the quality of the software and the speed of delivery. They benefit from Azure Data Lake, Azure Databricks and Azure Purview to process and govern huge amounts of data and run AI and analytics using their preferred development frameworks. For software deployment and operations, they work with Azure DevOps.

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

Mercedes-Benz Group at a glance

Mercedes-Benz Group AG is one of the world’s most successful automotive companies. With Mercedes-Benz AG, the Group is one of the leading global suppliers of premium and luxury cars and vans. Mercedes-Benz Mobility AG offers financing, leasing, car subscription and car rental, fleet management, digital services for charging and payment, insurance brokerage, as well as innovative mobility services. The company founders, Gottlieb Daimler and Carl Benz, made history by inventing the automobile in 1886. As a pioneer of automotive engineering, Mercedes-Benz sees shaping the future of mobility in a safe and sustainable way as both a motivation and obligation. The company’s focus therefore remains on innovative and green technologies as well as on safe and superior vehicles that both captivate and inspire. Mercedes-Benz continues to invest systematically in the development of efficient powertrains and sets the course for an all-electric future: The brand with the three-pointed star pursues the goal to go all-electric, where market conditions allow. Shifting from electric-first to electric-only, the world’s pre-eminent luxury car company is accelerating toward an emissions-free and software-driven future. The company’s efforts are also focused on the intelligent connectivity of its vehicles, autonomous driving and new mobility concepts as Mercedes-Benz regards it as its aspiration and obligation to live up to its responsibility to society and the environment. Mercedes-Benz sells its vehicles and services in nearly every country of the world and has production facilities in Europe, North and Latin America, Asia and Africa. In addition to Mercedes-Benz, the world’s most valuable luxury automotive brand (source: Interbrand study, 20 Oct. 2021), Mercedes-AMG, Mercedes-Maybach, Mercedes-EQ and Mercedes me as well as the brands of Mercedes-Benz Mobility: Mercedes-Benz Bank, Mercedes-Benz Financial Services and Athlon. The company is listed on the Frankfurt and Stuttgart stock exchanges (ticker symbol MBG). In 2021, the Group had a workforce of around 172,000 and sold 2.3 million vehicles. Group revenues amounted to €168.0 billion and Group EBIT to €29.1 billion.

Further information on Mercedes-Benz Group is available at group-media.mercedes-benz.com and group.mercedes-benz.com.

¹ In production compared to average 2013/14

For more information, press only:

Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, [email protected]

Edward Taylor for Mercedes-Benz, +49 176 30 94 1776, [email protected]

Birgit Zaiser for Mercedes-Benz, +49 160 86 14 753, [email protected]

Katja Liesenfeld for Mercedes-Benz, +49 160 8621488, [email protected]

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at https://news.microsoft.com/microsoft-public-relations-contacts.

Forward-looking statements:

This document contains forward-looking statements that reflect our current views about future events. The words “anticipate,” “assume,” “believe,” “estimate,” “expect,” “intend,” “may,” ”can,” “could,” “plan,” “project,” “should” and similar expressions are used to identify forward-looking statements. These statements are subject to many risks and uncertainties, including an adverse development of global economic conditions, in particular a decline of demand in our most important markets; a deterioration of our refinancing possibilities on the credit and financial markets; events of force majeure including natural disasters, pandemics, acts of terrorism, political unrest, armed conflicts, industrial accidents and their effects on our sales, purchasing, production or financial services activities; changes in currency exchange rates, customs and foreign trade provisions; a shift in consumer preferences towards smaller, lower-margin vehicles; a possible lack of acceptance of our products or services which limits our ability to achieve prices and adequately utilize our production capacities; price increases for fuel, raw materials or energy; disruption of production due to shortages of materials or energy, labour strikes or provider insolvencies; a decline in resale prices of used vehicles; the effective implementation of cost-reduction and efficiency-optimization measures; the business outlook for companies in which we hold a significant equity interest; the successful implementation of strategic cooperations and joint ventures; changes in laws, regulations and government policies, particularly those relating to vehicle emissions, fuel economy and safety; the resolution of pending governmental investigations or of investigations requested by governments and the outcome of pending or threatened future legal proceedings; and other risks and uncertainties, some of which are described under the heading “Risk and Opportunity Report” in the current Annual Report or in the current Interim Report. If any of these risks and uncertainties materializes or if the assumptions underlying any of our forward-looking statements prove to be incorrect, the real results may be materially different from those we express or imply by such statements. We do not intend or assume any obligation to update these forward-looking statements since they are based solely on the circumstances at the date of publication.

The European Commision and the U.S. government announced its new Trans-Atlantic Data Privacy Framework earlier this year, and Microsoft was quick to champion the move given its legal history with international data privacy concerns, but the Biden administrations recent executive order could fast track its implementation.

Last week, the Biden administration signed an executive order which implements the previously announced Data Privacy Framework and marks the third such effort by the two regions to tackle trans-Atlantic handling of data since 2015.

As a refresher, the Trans-Atlantic Data Privacy Framework adds restraints on Washington's signals intelligence gathering in the EU in addition to setting up processes for data collection and establishes an appeals system that European citizens can access when they feel American Intelligence agencies have violated the principles of the agreement in pursuit of 'information.'

This framework addresses two concerns of the Court of Justice in the EU related to U.S. surveillance laws: (1) the scope and proportionality of permissible U.S. national security surveillance activities; and (2) the availability of redress mechanisms for Europeans whose personal data is improperly collected and used by U.S. intelligence agencies. The new framework rightfully makes clear that U.S. surveillance practices must be both necessary and proportionate. And critically, it creates an independent data protection review court to provide effective review and redress for Europeans impacted by improper surveillance.

Back in 2018, several US officials came to an agreement to pass the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which aimed to facilitate cross-border access to data as it pertained to investigations of serious crimes. The effort to pass the CLOUD act was entirely a US led effort but helped clarify Microsoft's position as a data broker in a publicized suit between the company and the US Justice Department over emails originating from Ireland on Irish servers but ultimately held by an American-based software company.

With Biden fast tracking safeguards and implementing more clear frameworks for the handling of international data sought or held by US-based organizations, it's no wonder Microsoft publicly offered its own commitment statement for the effort back in March of this year.

First, Microsoft will confirm that any demand for personal data from the U.S. government complies with the newly announced Trans-Atlantic Data Privacy and Security Framework. If we believe the demand is not compliant, we will use all lawful means to challenge it.

Second, Microsoft will support the redress process under the new agreement by putting our full legal resources to work and seeking to actively participate in the judicial review of an individual’s claim of harm related to Microsoft’s public sector and commercial cloud services.

As of this month, Biden's executive order simply expedites the long-term efforts to establish frameworks for the investigation, handling and limits to the use of international data in criminal cases, which takes the onus off of Microsoft dancing between the various data privacy rules established by each country and determining which ones take precedent.

Share This Post:

More industries are incorporating blockchain applications into their business, drawing the attention of threat actors — like the recent Axie attack, for example. As a result, many cybersecurity professionals are now finding they are responsible for securing blockchain systems. Unfortunately, even skilled cybersecurity professionals are ill-equipped to secure blockchain applications because it and other decentralized applications bring different risks and threat vectors that can only be mitigated through tailored controls.

Blockchain technology allows untrusted parties to agree on the state of data and applications securely, but that security guarantee is quite narrow. This means that many developers and users assume this security broadly applies to applications built on top of the blockchain. When in reality, that’s not the case. Whether it’s due to code mistakes, breaches or scams, both individuals and big corporations have lost significant amounts of money — in fact, scammers stole $14 billion worth of cryptocurrencies in 2021.

Failing out in the open

Threat actors gravitate toward the easiest targets with the most profit. As we approach a blockchain-reliant future, ensuring that developers and security professionals understand what it takes to secure applications on blockchain is paramount. Threat groups will continue to pivot as security frameworks evolve to better protect traditional assets. A prime example is ransomware groups, which have already adopted blockchain for payment. It is only a matter of time until they pivot their targets to Web3 as well.

In a public blockchain ecosystem, every new technology or application is developed and launched under full view. This brings many challenges, but is particularly painful when developers are also pressured to launch as quickly as possible.  Developers used to spend years developing the product and planning for its launch. Now, this long-standing process does not align with our current reality, in which blockchain developers may ideate and launch a product over as little as a single weekend.

Today, many projects in the blockchain space are created by organizations without robust security programs, processes and controls that can withstand advanced threat actors. This leads to teams missing or misclassifying risk factors and gives businesses a false sense of security. Combining fast development and a lack of security talent, attackers are able to find easy targets.

Blockchain beyond Bitcoin

Blockchain spending is expected to reach 19 billion by 2024, so now is the time for organizations to adopt new technology. If implemented correctly, blockchain can offer increased transparency into operations and processes, making it highly sought after. Offerings touted by advocates include the tokenization of money flow, supply chain financing and the cross-border movement of money. However, it may be difficult for businesses to launch applications on the blockchain that ensure security is at the forefront of their technology.

A business that wants to implement new technology or processes needs the tools and team to successfully execute it. For instance, if a finance team is interested in implementing cloud-based software to streamline the payroll process, they hire a strong team with the knowledge and necessary skill set at their disposal to safely realize their goal.

Cloud security tooling and resources are now plentiful in our industry. However, if the same finance team from the example above looks to implement blockchain technology in their company payroll, they will have a harder time finding security and development tools and talent to ensure the product is safe. Adoption of blockchain is far outpacing available expertise. The challenge here is that security can easily become an afterthought if an organization doesn’t have a knowledgeable team dedicated to identify and mitigate threats.

Blockchain and your orgs’ security strategy

Organizations that adopt blockchain also need a security strategy to operate successfully. This includes finding cybersecurity professionals who are knowledgeable about the space. As many seasoned security professionals look at blockchain as a fad or unnecessary technology at best, this may be increasingly difficult. 

It is challenging for traditional security experts to be excited about NFTs and cryptocurrency taking the blockchain community by storm. We are, of course, a risk-averse group in general.  This then leads to a shortage of experienced security professionals in blockchain, even when investment is accelerating. 

Instead of disregarding blockchain, security professionals can take a middle-of-the-road outlook on the future of the technology. Whether you believe it is the future or not, you can recognize there is a real impact to people and organizations when attacks happen. As for organizations without proper knowledge of blockchain security — you are launching without a safety net.

Ryan Spanier is vice president of innovation at Kudelski Security.

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

Copyright 2022 Scripps Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.