A group of major U.S. businesses wants the government to hide key import data -- a move trade experts say would make it more difficult for Americans to link the products they buy to labor abuse overseas.
The Commercial Customs Operations Advisory Committee is made up of executives from 20 companies, including Walmart, General Motors and Intel. The committee is authorized by U.S. Customs and Border Protection to advise on ways to streamline trade regulations.
Trade experts say the move would make it more difficult for Americans to link the products they buy to labor abuse overseas.
WASHINGTON — A group of major U.S. businesses wants the government to hide key import data -- a move trade experts say would make it more difficult for Americans to link the products they buy to labor abuse overseas.
The Commercial Customs Operations Advisory Committee is made up of executives from 20 companies, including Walmart, General Motors and Intel. The committee is authorized by U.S. Customs and Border Protection to advise on ways to streamline trade regulations.
Last week -- ahead of closed-door meetings starting Monday in Washington with senior officials from CBP and other federal agencies -- the executives quietly unveiled proposals they said would modernize import and export rules to keep pace with trade volumes that have nearly quintupled in the past three decades. The Associated Press obtained a copy of the proposal from a committee member.
Among the proposed changes: making data collected from vessel manifests confidential.
The information is vitally important for researchers and reporters seeking to hold corporations accountable for the mistreatment of workers in their foreign supply chains.
Here’s how it works: Journalists document a situation where laborers are being forced to work and cannot leave. They then use the shipping manifests to show where the products end up, and sometimes even their brand names and whether they’re on a shelf at a local supermarket or a rack of clothes at a local mall.
The proposal, if adopted, would shroud in secrecy customs data on ocean-going freight responsible for about half of the $2.7 trillion in goods entering the U.S. every year. Rail, truck and air cargo is already shielded from public disclosure under U.S. trade law.
“This is outrageous,” said Martina Vandenberg, a human rights lawyer who has filed petitions with CBP seeking to block shipments of goods suspected of being made by forced labor.
“Every year we continue to import and sell millions of dollars in goods tainted by forced labor,” said Vandenberg, president of the Washington-based Human Trafficking Legal Center. “Corporate America should be ashamed that their answer to this abuse is to end transparency. It’s time they get on the right side of history.”
CBP said it would not comment on ideas that have not been formally submitted by its advisory committee but said that the group’s proposals are developed with input gathered in public meetings.
But one of CBP’s stated goals in creating what it has dubbed a “21st Century Customs Framework” is to boost visibility into global supply chains, support ethical sourcing practices and level the playing field for domestic U.S. manufacturers.
Reports by the AP and other media have documented how large quantities of clothing, electronics and seafood make their way onto U.S. shelves every year as a result of illegal forced labor that engages 28 million people globally, according to the International Labor Organization. Much of that investigative work — whether into clothing made by Uyghurs at internment camps in China’s Xinjiang region, cocoa harvested by children in the Ivory Coast or seafood caught by Philippine fishermen toiling in slave-like conditions — starts with shipping manifests.
“Curtailing access to this information will make it harder for the public to monitor a shipping industry that already functions largely in the shadows,” said Peter Klein, a professor at University of British Columbia, where he runs the Hidden Costs of Global Supply Chains project, an international collaborative between researchers and journalists.
“If anything, CBP should be prioritizing more transparency, opening up records of shipments by air, road and rail as well.”
In its 34-page presentation, the business advisory panel said its goal in further restricting access to customs data is to protect confidential business information from “data breaches” that it says “have become more commonplace, severe and consequential.”
The group also wants CBP for the first time to provide importers with advance notice whenever it suspects forced labor is being used. Activists say such a move puts whistleblowers overseas at risk of retaliation.
GM declined to comment, referring all inquiries to the Customs Operations Advisory Committee. Neither Intel nor Walmart responded to AP requests for comment.
In August alone, CBP targeted shipments valued at more than $266 million for inspection due to suspected use of forced labor, including goods subject to the recently passed Uyghur Forced Labor Prevention Act. Additionally, last month the U.S. Department of Labor added 32 products — among them acai berries from Brazil, gold from Zimbabwe and tea from India — to its list of goods possibly made with child or forced labor, making them targets for future enforcement actions.
The proposal to make vessel data confidential comes as American companies are under increasing pressure from consumers to provide greater transparency regarding their sourcing practices, something reflected in the ambitious language found in many corporate social responsibility statements.
But Vandenberg said the proposed restrictions are in line with less-touted litigation and lobby efforts by major companies to water down enforcement of the U.S. ban on forced labor.
She cited a brief filed last week by the American Chamber of Commerce, the world’s largest business federation, in a case now before a federal appeals panel in Washington. At issue is whether tech companies can be held responsible for the death and injury of children in the Democratic Republic of Congo forced to mine cobalt that ends up in products sold in the U.S.
The lawsuit was brought by families of dead and maimed children against tech giants Alphabet (the parent company of Google), Apple, Dell Technologies, Microsoft and Tesla under what’s known as the U.S. Trafficking Act, which allows victims to sue ventures that benefit financially from forced labor. The case was dismissed last year after a district judge found the companies lacked sufficient ties to the tragic working conditions in the DRC.
The Chamber of Commerce, in asking the appeals panel to uphold that decision, said the serious global problem of forced labor is best addressed by private industry initiatives, Congress and the executive branch — not U.S. courts.
Such suits “often last a decade or more, imposing substantial legal and reputational costs on U.S. companies that transact business overseas,” the Chamber of Commerce wrote in a friend-of-the-court filing.
The mismatch in rules governing disclosure of trade data for different forms of transportation goes back to 1996, when lobbying by the airline industry reversed a law passed by Congress that same year that for the first time required air freight manifests be made public.
In 2017, Scottsdale, Arizona-based ImportGenius — a platform used to search shipping data — was among companies that unsuccessfully sued the federal government seeking to obtain aircraft manifests.
“Suppressing information about goods coming into our country is breathtakingly stupid,” said Michael Kanko, CEO of ImportGenius. “From discovering imports of human hair linked to forced labor, to understanding the flow of PPE during the pandemic, to tracking importers of tainted, deadly dog treats, public access to this data has empowered journalism and kept consumers safe. We need more transparency in trade, not less.”
AP Writer Martha Mendoza contributed to this report.
Protecting your business against growing security threats is a huge priority. Companies of all sizes have increased their spending on cybersecurity solutions to protect their operations over the last year. User spending for the information security and risk management market will grow to USD169.2 billion in 2022, with a constant currency growth of 12.3 percent. The market will reach USD261.9 billion in 2026, with a constant currency growth of 11.1 percent (2021 to 2026).1 And though spending is increasing, cybercriminals aren’t going to slow down their attacks. The average cost of a data breach increased to USD4.35 million in 2022—an all-time high.2 With today’s economic uncertainty and ongoing talent shortages, organizations need comprehensive security that allows them to protect more without expending more.
Microsoft is committed to building a safer world together and helping you maximize the security you already have with your Microsoft investments. We’ve built a simplified and comprehensive security solution with six interconnected product families that protect your entire multicloud, multiplatform digital estate and leverage built-in threat intelligence from the 43 trillion signals we capture every day so you can catch what others miss.3 With Microsoft Security’s multicloud solution, you can simplify your approach to security through vendor consolidation and realize up to 60 percent cost savings.4 Essentially, you can do more with less.
We’re constantly looking for ways to bring more value and simplicity to our customers. At Microsoft Ignite, we announced five new innovations across our comprehensive portfolio so that you can confront the security threats you face. Customers with existing Microsoft 365 E5 licenses already have access to many of these resources—it’s simply a matter of turning them on. Keep practicing for five ways you can do more—and secure more—with what you have in your security stack.
To stay protected across clouds, start secure with cloud-native protection throughout the cloud application lifecycle. As my colleague Shawn Bice explains in his blog post on Microsoft Defender for Cloud innovations, cloud security requires a comprehensive approach and a centralized, integrated solution to mitigate risk from code to cloud.
Unfortunately, too often, cybersecurity and development teams within organizations operate entirely apart from each other. Applications may be deployed without first addressing security in code. This may cause security problems to be discovered right before deployment or, in many cases, in runtime. Development teams then must scramble to reconfigure or rebuild the application to address the security team’s findings, creating inefficiencies.
With more bad actors exploiting vulnerabilities in the code itself, it’s critically important to build in security from the beginning. Microsoft believes secure code development should be the industry standard. We’re introducing Microsoft Defender for DevOps, which empowers security teams to unify, strengthen, and manage DevOps security, so you can minimize vulnerabilities and cloud misconfigurations, and effectively prioritize and drive remediation in code across multi-pipeline environments.
We also announced the preview of Microsoft Defender Cloud Security Posture Management (CSPM) so your security teams can save time and remediate the most critical risks with contextual cloud security. New agentless scanning capabilities provide full coverage and real-time assessments across hybrid and multicloud environments. Then, Defender CSPM connects the dots for security teams, integrating insights from Defender for DevOps, Microsoft Defender External Attack Surface Management (EASM), and your workload protection solutions. Instead of sifting through long lists of vulnerable resources, customers can use the attack path analysis built on the cloud security graph to help reduce recommendation noise by up to 99 percent so you can identify the most critical risk on the most important cloud resources along potential attack paths.
With Microsoft Defender for Cloud, our integrated cloud-native application protection platform (CNAPP), you can seamlessly integrate security from development to runtime and accelerate threat protection across your multicloud environments. Get started today with the preview of these new innovations, available in the Microsoft Defender for Cloud dashboard, to gain comprehensive protection across clouds.
Building secure apps is just the start. After all, more people now work outside the office for at least a portion of each week. Some never go into the office at all. This—along with infrastructure as code and the rise in apps and clouds—have made organizations increasingly dynamic, so they need to build a trust fabric in their organizations that includes flexible governance without sacrificing protection.
At Ignite, we announced the preview of Microsoft Entra Identity Governance, which helps your organization ensure that the right people have the right access to the right resources at the right time. This release extends our earlier investments in converged identity governance and access management solutions and delivers a comprehensive identity governance product for both on-premises and cloud-based user directories.
The newly released capabilities include Lifecycle Workflows, which automate repetitive tasks and separation of duties in entitlements management to safeguard against compliance issues. These capabilities complement our existing governance features—access reviews, access certification, entitlement management, and privileged identity management. Customers can begin using these features immediately. Licensing terms will be announced with the general availability of Lifecycle Workflows.
Now, when you choose Microsoft Entra Identity Governance, you can simplify operations, support regulatory requirements, and consolidate multiple identity point solutions. Optimization through consolidation is a major way that organizations can do more with less. Be more efficient by unifying your tools. With Microsoft Entra Identity Governance, you can automate employee, supplier, and business partner access to apps and services—in the cloud and on-premises—at enterprise scale.
Protecting people and devices is not just about threats coming from the outside. Organizations need inside-out protection too. A Microsoft study on insider risks found that companies reported an average of 20 data security incidents a year, with 40 percent of those companies reporting a financial impact of USD500,000 or more per incident. To prevent this, companies must make sure their sensitive data isn’t being inappropriately shared—or even removed—by employees, unintentionally or not.
The report recommends evolving to a holistic insider risk management program that makes it easier to prepare for and mitigate these insider risks. That means deploying a solution that optimizes data protection strategy across the cloud, apps, and devices while reducing complexity—vital to doing more with less in compliance. To support your organization’s efforts to protect against insider risks and keep sensitive data protected, we’re growing the Microsoft Purview family of data governance, risk, and compliance solutions.
Microsoft Purview helps protect sensitive data all along its journey, from data source to point of consumption. We announced the general availability of Microsoft Purview Information Protection for Adobe Document Cloud, combining the power of native classification and labeling with the power of Adobe Acrobat to seamlessly secure PDFs. Also in preview are several new data loss prevention capabilities—including granular policy management and contextual evidence for policy matches on endpoint devices—to prevent the unauthorized sharing or transfer of sensitive data. All of these new capabilities can be enabled in the Microsoft Purview compliance portal by customers with a Microsoft 365 E5 license or with the standalone Microsoft 365 E5 Compliance suite.
To help protect sensitive data, strong security against both external threats and insider risks relies on well-managed endpoints. In April 2022, we announced a plan to launch a series of premium endpoint management solutions to help bolster endpoint security, Strengthen user experiences, and reduce the total cost of ownership. This suite will bring together mission-critical endpoint and security management tools in Microsoft Intune, our cloud-powered unified management solution, and will help protect endpoints in the cloud, on-premises, and across device platforms.
We have committed to innovating in advanced compliance and advanced security. The evolution of our advanced endpoint management plan is another step in providing a comprehensive solution. The suite will include capabilities such as endpoint privilege management, intelligent automation and data insights, remote help, and automated app patching. All these capabilities will be based on Microsoft Intune so you will benefit from our unified console and integrations with our entire security stack: Microsoft Azure Active Directory (now part of Microsoft Entra), Microsoft Defender, Microsoft Priva, and more. Customers with either a Microsoft 365 E3 or E5 license will be able to take advantage of the new suite once it launches in March 2023.
We’re also excited to announce that Microsoft Intune is now the new name for our expanding family of endpoint management products. We remain committed to our customers using Microsoft Configuration Manager and will meet you where you are in your journey to cloud management. Because hybrid work is here to stay, we will continue to deliver more value for better outcomes, better experiences, and simplified IT and security operations through our cloud solutions.
We all know that endpoints are by no means where security stops. We are introducing the preview of automatic attack disruption in Microsoft 365 Defender, which helps protect organizations at machine speed where it all comes together—in the security operations center (SOC). Using the power of extended detection and response (XDR), Microsoft 365 Defender—available in a Microsoft 365 E5 license—correlates trillions of signals across identities, endpoints, email, documents, cloud apps, and more to detect in-progress attacks like ransomware and financial fraud. Automation enables you to be more effective by helping you detect and respond faster and more accurately to external attacks and insider risks.
Once an attack is detected in the environment, affected assets like compromised identities and endpoints are automatically isolated. This game-changing capability limits lateral movement and reduces the overall impact of an attack while leaving the SOC team in control of investigating, remediating, and bringing assets back online.
In addition to attack disruption, we’re going even further to help make your teams’ lives easier. We’ve simplified the investigation experiences in both Microsoft 365 Defender and Microsoft Sentinel to expedite incident response and help defenders stop breaches faster. We do this by reducing context switching.
Besides simplifying investigation experiences, we’re also introducing a new unified search experience and low-cost options of voluminous log storage to enable SOC teams to quickly search massive volumes of historic data. For more hands-on assistance, customers also can now get expert guidance and accelerate their migration to Microsoft Sentinel with Microsoft Sentinel Migration and Modernization Program.
Customers tell us that our tools that support the efforts of their security teams are incredibly valuable. Consider the story of Webber Wentzel, a leading law firm in South Africa. “Security professionals often become disillusioned and disheartened by their work,” said Warren Hero, Chief Information Officer of Webber Wentzel. “With the Microsoft security ecosystem, we now have opportunities for our people to engage in less tedious, more meaningful work while accelerating our security capabilities.”
We know that doing more with less is not just about innovation. It’s also about access. That’s why we are excited to announce a new, limited-time offer to help organizations adapt more easily to the growing threat landscape and macroeconomic pressures. Starting on November 1, 2022, we are giving new and existing customers 50 percent off Microsoft Defender for Endpoint P1 and P2 licenses. This gives organizations looking to modernize their security portfolio the opportunity to move away from legacy antivirus solutions. This is the first step to an integrated security information and event management (SIEM) and XDR solution that improves visibility across identities and endpoints, so they can be more unified and increase SecOps efficiency.
Speaking of efficiency, maximizing the value of your current investments is a fantastic way to operate more efficiently. One of your biggest investments is your people. We can help you educate your employees by providing access to free online security training during Cybersecurity Awareness Month. This free training is available on our Cybersecurity Awareness Month website, along with other resources.
If all these innovations didn’t make it clear, we are absolutely committed to working with defenders and want to give you every tool and resource possible to support your organizations. Our more than 785,000 customers in 120 countries motivate us to maximize value for them by combining six product families into a comprehensive security approach that offers simplified management and built-in threat intelligence that harnesses inputs from 43 trillion signals we process and learn from every single day.3 Do more with whatever you’re already benefiting from, and we’ll continue to strengthen the security of our platform and applications so you can be confident about the security of your data centers and services. To learn more about our innovation announcements, watch the Microsoft Security keynote delivered at Microsoft Ignite 2022.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Gartner® Forecast: Information Security and Risk Management, Worldwide, 2020-2026, 3Q22 Update. September 28, 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
2Cost of a Data Breach , IBM. 2022.
3Cyber Signals, Microsoft. 2022.
4Savings based on publicly available estimated pricing for other vendor solutions and web direct and base price shown for Microsoft offerings.
Business runs on content—proposals, contracts, invoices, designs, plans, legal documents, images, training videos, and more. According to IDC, by 2025 there will be more than 130 billion terabytes of content.1 This content is often unstructured, locked up in siloed repositories, or worse, sitting as paper in a warehouse. The patchwork of disconnected systems and processes leaves gaps in classification and organization. This all makes it challenging to use content at scale effectively. And emerging digital work trends have changed the boundaries and frontiers of where we work—by escalating security and compliance needs as content is accessed from more places than ever. Today, organizations spend $46 billion per year storing and managing content2, and time spent looking for the right content can impact productivity by 11 to 14 percent.3
Storage alone is not the answer. What’s needed is a new category of technology solutions called Content AI. Content AI utilizes advancements in cloud and AI to transform how content is created, processed, and discovered—empowering people and automating workflows at scale. It builds on cloud content services platforms and intelligent document processing with AI-powered workflows that transform digital work.
We’re honored that customers trust Microsoft with their collaborative and mission-critical content. Every workday, on average, our customers add over 1.6 billion documents to Microsoft 365.
Today at Microsoft Ignite, we’re proud to launch Microsoft Syntex. Microsoft Syntex is Content AI integrated in the flow of work. It puts people at the center, with content seamlessly integrated into collaboration and workflows, turning content from a cost into an advantage. Syntex automatically reads, tags, and indexes high volumes of content and connects it where it’s needed—in search, in applications, and as reusable knowledge. It manages your content throughout its lifecycle with robust analytics, security, and automated retention.
Whether you’re focused on customer transactions, processing invoices, writing a contract that requires a signature, or struggling to understand the flood of unstructured content, Content AI with Syntex can help.
Let’s look at how Syntex helps you enhance, manage, and connect your content at scale.
Syntex’s no-code AI enhances your content to help you understand and structure information, simplifying your business workflows. Whether you’re working with highly structured content like forms or text-heavy content like contracts, you can build models to understand your content the way you do. Syntex extends AI capabilities such as summarization and translations into the Microsoft 365 apps you already use, empowering you to engage them in the flow of work.
Syntex helps you understand, tag, and secure information, integrating AI from Microsoft Azure, AI Builder, and other Microsoft sources. Syntex brings structure to your content, which is all part of our approach to intelligent document processing. Your content can be easily classified, tagged with extracted data, and secured with sensitivity and retention labels. These labels and taxonomy tags are integrated into Microsoft Viva Topics, seamlessly turning content into knowledge. Document processing is available now.
With business spanning many countries and cultures, Syntex enables you to translate content among dozens of languages.
To help you focus on what’s important and needs action, Syntex uses AI to generate summaries of content to distill key points, on demand or using rules.
When you’re ready to create a new contract, invoice, letter, or other document, Syntex can help you automatically generate that document with templates and metadata using content assembly, which is available now.
Images are one of the most common file types in Microsoft 365. You can process and tag images with nearly 10,000 automatically recognized objects “out of the box.” You will be able to automatically extract text from images in SharePoint and Exchange using optical character recognition (OCR) to optimize search and compliance.
Digital media is a major part of modern content, which is why we’re making transcription for audio and video available as part of Syntex. Extracting text from audio, especially meetings, is crucial to search and compliance, and we’re leveraging innovations from Microsoft Stream to automatically produce video transcripts for twenty-eight different languages and locales.
Syntex is designed to connect your content—helping you discover and reuse content with AI-powered search, eSignature, and integration into business workflows like contracts and invoice management.
Enriching content is a vital factor to help you discover content and reuse it in business processes and applications. One of the fastest growing content transactions is eSignature. You can send electronic signature requests using Syntex, Adobe Acrobat Sign, DocuSign, or any of our other eSignature partner solutions and your content stays in Microsoft 365 while it’s being reviewed and signed.
Syntex also brings the power of Microsoft Search to Content AI. As a part of Syntex, Microsoft Search becomes even more insightful through innovative deep learning models that encompass semantic understanding, question-and-answering, and natural language processing to help you intuitively discover information.
These new investments in Microsoft Search with Syntex will be available in 2023 and include:
Syntex builds on top of Microsoft Search to provide powerful ways to query, shape, and discover the content and data embedded in your files. You can use form-based content queries to get back to any specific document easily. Coming next year, Syntex will let you save, share, and manage queries for you and your teams.
You can use annotations, like ink, notes, redactions, stamps, and comments, on any content—not just Office documents—without modifying the original files, so you can preserve original records for critical business processes.
The Syntex content processor lets you build simple rules to trigger the next action, whether it’s a transaction, an alert, a workflow, or just filing your content in the right libraries and folders.
Finally, Syntex also provides a growing range of solution accelerators for common patterns and scenarios that every organization faces. Today you can use our solution accelerator for contract management, and we’re announcing our new solution for accounts payable coming later this year.
We’re also investing in new ways to turn your libraries, sites, and processes into reusable templates to deploy to Microsoft Teams and SharePoint in your environment or across multiple tenants.
Syntex services offers new ways to create content-centric apps and processes. Many Syntex services, such as content assembly and structured document processing models, are tightly coupled to Microsoft Power Automate and Microsoft Power Platform. Syntex also lets you use AI Builder models for structured and freeform document processing alongside unstructured document models.
Most critical line of business applications consumes and generates lots of content. But too often, those content stores are siloed and disconnected from Microsoft 365. Most content begins in Microsoft 365—statements of work, for example—but once uploaded to your accounting system, they get disconnected from your cloud. Wouldn’t it be great to use the content platform you already have?
Next year, we’ll roll out new business app integration plugins, allowing you to use Microsoft 365 as the content engine for critical line of business systems. Today, these systems all work with and generate thousands of pieces of content, but often require a disconnected repository outside of Microsoft 365, or even storage within the line of business system’s expensive database storage, for storing the content. Syntex will allow you to use Microsoft 365 as the content platform for Dynamics 365 and many other critical line of business applications from third parties.
Microsoft 365 provides highly resilient and reliable storage, however bringing more and more content into the cloud requires new flexible ways of managing it. That’s why Syntex offers tools to manage, backup, and restore your content. It’s important to get maximum value from your content by keeping it in Microsoft 365, but we also understand the need to manage storage costs and comply with long-term archiving needs.
Whether you need malware protection or preserved file copies from a particular point in time, Syntex backup can help. It preserves the state of your cloud—across Syntex, SharePoint, OneDrive, and Exchange—so that you can get back to information from the last quarter, the last month, or the last decade with ease, keeping your backup stored conveniently in the Microsoft Cloud. Your backup is highly available and tightly integrated with your content policies.
More content requires cost flexibility. Next year, we’ll also introduce Syntex archiving, allowing you to establish simple rules to move less critical content from SharePoint and Microsoft Teams to lower cost storage—kept in the cloud with the security and search you need.
Of course, bringing content and process together in Syntex requires world-class management capabilities. That’s the role of the Syntex Protector, which:
Microsoft partners have helped deliver content solutions based on SharePoint and OneDrive to customers, expanding to include capabilities from Microsoft Power Platform, Stream, Microsoft Purview, Microsoft Viva Topics, and now Microsoft Syntex. We’re honored to introduce our Microsoft Syntex Launch Partners:
“Syntex has powered richer content intelligence experiences for our customers, creating better search and knowledge experiences and enabling deeper process integration into the digital workspace. The ease of use and power of machine learning and AI unlock value previously out of reach for many customers.“—Jesse Murray, Senior Vice President, Employee Experience, Rightpoint.
We’re grateful for the partnerships with Adobe, Avanade, AvePoint, ClearPeople, Colligo, Content+Cloud, DocuSign, Lighthouse, Protiviti, Rightpoint, SparkHound, TCS, and many others.
These partners and many more work with Microsoft through the Microsoft Content AI Partner Program (CAPP). CAPP supports our partners delivering solutions that make the transformation of your content management approach practical and attainable. If you’re a partner, you can learn more about the program, apply to join, or subscribe to our newsletter.
Over the past year, early adopter customers like Northumbrian Water Group, the London Stock Exchange Group, and Aurecon have relied on Syntex to deliver content AI and digital transformation to their operations, helping shape and Strengthen the product. We’re pleased to share even more customer success with you as we now launch Microsoft Syntex.
TaylorMade Golf Company, founded in 1979, is a global golf equipment provider. TaylorMade has a legacy of breaking from tradition to reach new thresholds of performance and leads the industry in product innovation. They bring precision to all aspects of their operations, creating revolutionary products year after year and attracting many of the greatest athletes in all of golf.
TaylorMade’s journey with Syntex began with their legal team and Lighthouse (a Preferred Microsoft CAPP partner). They needed a comprehensive document management system to organize and secure emails, attachments, and other documents for intellectual property and patent filings.
Beyond securing and processing legal documents, they’re also using Syntex to explore bringing content AI to processing orders, receipts, and other transactional documents for their accounts payable and finance teams. Read more about TaylorMade and Syntex in our new customer story.
Files and documents play a critical role in modern apps. We’ll continue to use Syntex to provide developer-optimized storage for the next generation of content-centric apps. In 2023, we’ll introduce new APIs in the Microsoft Graph to help you integrate Content AI into the flow of your applications, creating new ways to harvest Microsoft’s content management investments directly in your apps. If you need to build queries that look at all your content in Microsoft 365—potentially billions of files—Syntex will allow you to bring large datasets into Azure Synapse Analytics for additional data analytics and modeling. We’ll have more to share on Syntex for developers in 2023.
We’re already working with the next wave of product innovators and partners—many of them listed above—to build the next generation of content apps with Syntex. If you’re interested in learning more, we’d love to hear from you—sign up for Syntex today.
Microsoft Syntex is available now, including document processing, annotation, content assembly, content query, accelerators, and more. More services are coming to public preview later this year and even more coming in 2023.
This week at Microsoft Ignite, you can learn more in Jeff Teper’s session, Introducing Microsoft Syntex—Content AI for the Microsoft Cloud (October 13, 2022 at 11:00 AM Pacific Time). Also, check out the Getting Started page on the Syntex Adoption Hub, which brings together all our Microsoft Ignite content, assessment tools, workshops, training, demos, research, adoption guides, and more.
Finally, you can learn more about Microsoft Syntex on today’s Intrazone podcast with Microsoft’s Ian Story and Chris McNulty, as well as Alan Pelz-Sharpe (Founder, Deep Analysis). And don’t miss the new Microsoft Mechanics show, Introducing Microsoft Syntex, with Microsoft’s Omar Shahine.
Organizations aiming to boost their security with zero-trust initiatives got some help from Microsoft this week, when the computing giant announced that a slew of zero-trust features are now available in its Windows 11 operating system.
The zero-trust approach to security aims to secure workers' access to sensitive systems, network, and data by using additional context, analysis, and security controls. The goal is to give "the right people the right access at the right time," Microsoft stated in the Windows 11 Security Book, a 74-page report on Windows 11's security architecture.
The model checks a user's identity and location, as well as their device's security status, and only allows access to the appropriate resources, according to the Windows 11 Security Book. In addition, zero-trust capabilities include continuous visibility and analysis to catch threats and Strengthen defenses.
The latest version of the operating system and software platform adds a variety of features, from support for the Pluton security processor and trusted platform modules (TPMs) to comprehensive features around Trusted Boot, cryptography, and code-signing certificates, says David Weston, vice president of enterprise and OS security at Microsoft.
"Organizations worldwide are adopting a zero-trust security model based on the premise that no person or device anywhere can have access until safety and integrity is proven," he says. "We know that our customers need modern security solutions with tightly integrated hardware and software that protects from entire classes of attack."
The zero-trust concept has been knocking around for years, with technologists and government agencies first discussing it for security with the dawning realization that network perimeters were rapidly disappearing. Then, the work-from-home surge caused by the coronavirus pandemic injected more urgency into the movement. Now, three-quarters of security decision-makers (75%) believe that the increase in hybrid work creates vulnerabilities at their organization, leaving them more open to attacks.
"When employees are given the freedom to choose their work location, device, tools, and/or software, it becomes a challenge to establish trust based on static attributes," says Ben Herzberg, chief scientist at Satori. "As the competitive pressure pushes companies to democratize data and release new customer value faster, employees will be provided more flexibility, and zero trust will be the go-to approach for enabling that flexibility while ensuring security."
That said, implementing zero trust is a complex endeavor, as evidenced by the list of aspects that Microsoft has now built in:
The new Windows 11 features include Smart App Control, which uses machine learning, AI modeling, and Microsoft's vast telemetry network of 43 trillion daily signals to determine if an application is safe. Other features also determine whether driver code and virtual-machine code have signs of maliciousness. Additional improvements include credential checks in Windows Defender, password-less support with Windows Hello for Business, and protection against credential-harvesting websites, the company stated.
Complexity has hampered zero-trust rollouts, but adding these feature directly into Windows 11 makes it more likely that companies can easily deploy zero-trust capabilities, says Microsoft's Weston.
"Building in instead of bolting on makes deployment and management of zero-trust capabilities much simpler and efficient," he says. "In addition, having these [features] directly integrated in the OS enables Windows to provide key measurements in hardware increasing the trust and validity of measurements."
He adds, "The minute zero-trust capabilities are embedded into enterprise infrastructure, it becomes accessible for many companies that would otherwise have a hard time getting access to this technology. ... An integrated client environment for zero trust will make the transition for employees much smoother and internal change management simpler."
Microsoft throwing its considerable weight behind zero trust should indeed move the needle on adoption and overall security: Microsoft sees 2.5 billion endpoint queries and 80 million password attacks on a daily basis, the firm stated in a blog post published this week.
Even with the Windows 11 updates, companies should expect implementing zero trust to be a process. Building a zero-trust framework requires deep technical integrations, and the organizations that do that best are the ones most likely to be successful in their implementation, says Satori's Herzberg.
To start off, companies should identify a group of users, devices, applications, and workflows that could benefit from zero trust; create a zero-trust architecture to protect those components; and then choose and implement the proper technologies, he says.
An incremental rollout works, given that zero trust is more of a journey than a destination, says Jason Floyd, chief technology officer at Ascent Solutions.
"Zero trust was never about solving a technology problem — it’s a strategic tool directing how to use the technology already in place," he says. "Building additional zero-trust features into Windows does encourage enterprises to adopt a healthy security mindset, but not for the one-size-fits all solution some executives might be expecting."
Overall, Windows 11 adds "chip-to-cloud security," establishing trusted processes starting with firmware and reaching out to workloads running in the cloud, Microsoft's publication stated. This support aids zero-trust architectures by minimizing the work required to prove a user's identity and check system health, says Microsoft's Weston.
"This inverts the previous paradigm of systems security where a user or device was assumed healthy until proven guilty," he says. "Microsoft's view is that the zero-trust philosophy and architecture addresses many of the current and future security challenges for customers and thus Microsoft and most of our customers believe this will be the dominant approach to security."
Microsoft Corp. today open-sourced FarmVibes.AI, a collection of artificial intelligence models that farm operators can use to perform tasks such as planting crops more efficiently.
FarmVibes.AI is one of several technologies that Microsoft has developed as part of an initiative dubbed Project FarmVibes. According to the company, the initiative seeks to use software and connected devices such as sensors to enable more efficient farming. Microsoft eventually plans to open-source all the technologies it has developed as part of Project FarmVibes.
The newly released FarmVibes.AI toolkit includes four AI algorithms. The algorithms are designed to help farm operators collect data about their crops and use it to optimize day-to-day work.
The first algorithm, Async Fusion, is capable of combining data from farm sensors with satellite and drone imagery. The algorithm facilitates the creation of farm maps that can be used to identify the optimal way of carrying out agricultural tasks. A farm operator could, for example, create a map that points out the best way of planting seeds in a given parcel and highlights farm sections that can’t be easily navigated by a tractor.
The FarmVibes.AI toolkit also includes a second algorithm, SpaceEye, that makes it easier to process the satellite data used in farm maps. Up-to-date satellite imagery often isn’t available when there are clouds above a farm. Microsoft’s SpaceEye algorithm substitutes the imagery with measurements from satellite-based radar instruments, which can operate even when there is cloud cover.
A third algorithm called DeepMC helps farm operators predict temperatures and wind speeds. DeepMC draws on weather station forecasts, as well as data from internet-connected farm sensors. According to Microsoft, the algorithm makes it possible to identify the best time to carry out farming tasks that can only be performed in specific weather conditions.
The fourth software tool included in FarmVibes.AI helps farm operators with sustainability initiatives. According to Microsoft, it can estimate how different farming practices would affect the amount of carbon sequestered in a farm’s soil. The tool also lends itself to other tasks, such as identifying ways of improving crop yields.
“At Microsoft, we are working to empower growers with data and AI to augment their knowledge about farming and help them grow nutritious food in a sustainable way,” stated Ranveer Chandra, Microsoft’s managing director of research for industry.
Project FarmVibes, the Microsoft initiative through which FarmVibes.AI was developed, also includes several other technologies.
FarmVibes.Connect is a collection of hardware and software tools for providing internet connectivity in farms. According to Microsoft, the toolkit leverages unused parts of the radio spectrum to establish wireless connections. FarmVibes.Edge, another technology developed as part of Project FarmVibes, compresses farm and crop data, which eases the task of uploading the data to the cloud for analysis.
Microsoft has warned that attackers are already taking advantage of recently disclosed zero-day exploits to hack into victim's networks and steal data – and more attacks are likely to be on the way.
The two new zero-day vulnerabilities in Microsoft Exchange Server -- CVE-2022-41040 and CVE-2022-41082 -- were detailed last week, with warnings that they could allow hackers to remotely gain access to internal services and execute remote code on networks.
Now Microsoft has provided more information on how the vulnerabilities have already been used – in attacks that first started in August.
In what's described as a "small number of targeted attacks", the CVE-2022-41040 and CVE-2022-41082 vulnerabilities were chained together to provide attackers with "hands-on-keyboard access", which was used to perform Active Directory reconnaissance and to steal data. The victims haven't been publicly disclosed.
Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats
The attacks require the attacker to be an authenticated user, but it's possible to gain access to these credentials with phishing attacks, brute force attacks or buying stolen usernames and passwords from underground forums.
While there's currently no specific indications as to who's behind these attacks, Microsoft's Security Threat Intelligence Team (MSTIC) "assesses with medium confidence" that they're the work of a single activity group connected to a state-sponsored cyber operation.
Microsoft says it's working on what it describes as an "accelerated timeline" to release a security fix for the vulnerability – although it has yet to emerge.
But since the vulnerability has been publicly disclosed, it's likely that hacking operations are already moving to take advantage of it before a patch becomes available, with Microsoft warning that "overall exploitation of these vulnerabilities will increase".
Previous Microsoft Exchange vulnerabilities were featured in a variety of cyberattacks, including state-sponsored cyber-espionage campaigns, ransomware operations and cryptojacking attacks as attackers rushed to exploit the vulnerabilities before organisations had a chance to apply the patch.
The United States Cybersecurity & Infrastructure Security Agency (CISA) has also issued a warning that attackers could exploit the latest Microsoft Exchange Server vulnerabilities.
While a patch is yet to become available, Microsoft has provided guidance on mitigating the threat, including the recommendation that Exchange Server customers disable remote PowerShell access for non-admin users.
"CISA encourages users and administrators to review the information from Microsoft and apply the necessary mitigations until patches are made available," said a CISA alert.
Several big security announcements were made at Microsoft’s Ignite 2022 conference this week.
Microsoft has been in a battle touting its security offerings over a chorus of third-party vendors including CrowdStrike and Huntress who have criticised the quality of the IT giant's offerings.
Earlier this year, chief executive Satya Nadella said that users of Microsoft’s security products suite “save more than 60 per cent when they turn to us as compared to a multi-vendor solution.”
In July, on the company’s latest quarterly earnings call, Microsoft said the installed base for Microsoft’s Enterprise Mobility + Security platform grew 21 per cent to more than 230 million seats.
Microsoft captures 43 trillion signals for threat intelligence built into its offerings, according to the company.
In January, the company reported more than US$15 billion in security business revenue over the previous 12 months, a 45 per cent increase year over year.
Here are the biggest security announcements to come out of the conference.
New Microsoft Defender for Cloud previews
Microsoft introduced new previews related to Defender for Cloud.
One preview is for a Defender for DevOps service meant to provide central visibility across multiple development operations environments.
The service is also meant to strengthen cloud resource configurations in code and prioritise remediation of critical issues.
Defender for DevOps supports GitHub and Azure DevOps; support for other DevOps platforms coming “soon,” according to Microsoft.
Another preview is for Defender Cloud Security Posture Management (CSPM), which aims to deliver integrated insights across DevOps, runtime infrastructure, external attack surfaces and other cloud resources.
Defender CSPM is built on Microsoft’s cloud security graph and provides a proactive attack path analysis, the company said.
The free CSPM experience also now comes with a comprehensive multi-cloud security framework for Defender for Cloud, which is meant to help map best practices across clouds and industry frameworks, according to Microsoft.
A number of other capabilities are in preview, including agentless scanning for Defender for Servers and an agent-based approach to virtual machines (VMs) in Microsoft Azure and Amazon Web Services (AWS).
A preview is also available for expanded multi-cloud threat protection with agentless scanning in AWS Elastic Container Registry.
Added automation In Microsoft 365 Defender
Microsoft introduced a way for 365 Defender to automatically disrupt ransomware attacks through the collection and correlation of signals from endpoints, identities, emails, documents and cloud applications.
The new automation is meant to contain affected endpoints, user identities and other assets to stop ransomware from spreading laterally, reducing attack cost and improving recovery resiliency, according to Microsoft.
Security operations teams are still needed for investigating, remediating and bringing assets back online once healthy, Microsoft said.
Endpoint Management upgrades
In March, Microsoft will launch an Advanced Management Suite premium endpoint management plan.
The vendor also named its expanding suite of endpoint management products Microsoft Intune, which will feature Microsoft Configuration Manager.
Individual add-ons for Intune include Microsoft Tunnel for mobile app management (MAM) and endpoint privilege management.
Microsoft will release MAM in January as an add-on and included in the future bundle, according to Microsoft.
Tunnel for MAM is meant to allow workers to access company resources securely without device enrollment. Users can keep personal data private while using a work device of choice.
In preview is endpoint privilege management, which will let IT dynamically elevate standard users with administrative permissions through policies, reducing the risk of attack on those users, according to Microsoft.
Endpoint privilege management will launch with Intune Suite.
The suite will also have automated application patching as an add-on, enhancements to Windows remote help and an added remote help for Android add-on, Microsoft said.
Microsoft Entra Identity Governance public preview
Entra Identity Governance, which is now in public preview, received new capabilities for life cycle workflows for automation and connection to on-premises for consistent policies.
It also gained a separation of duties feature for entitlements management and compliance safeguarding.
Now generally available is conditional access authentication context for setting more granular access policies, including specific actions users perform in applications, not just the entire app.
Users can ask for step-up authentication for material changes in a critical business app or accessing critical data in the app.
In November, a workload identities feature will become generally available.
Users can create risk-based policies, detect and respond to compromised workloads and perform reviews to enforce least-privileged access.
Also in preview is certificate-based authentication (CBA), which meets the United States Executive Order on Cybersecurity.
With CBA, users can more easily deploy phishing-resistant authentication, Microsoft claimed.
Changes to Microsoft Purview
At Ignite 2022, Microsoft introduced new features for Purview Information Protection, including a preview of out-of-the-box trainable classifiers.
Microsoft will offer more than 20 classifiers to automate the classification of more than 30 types of sensitive content in various categories, according to the company.
Purview Information Protection for Adobe Document Cloud is now generally available, according to Microsoft.
The company also launched previews of new built-in features in Office and a scanner admin experience in Azure Information Protection.
The new built-in Office features include a more visible sensitivity bar and S/MIME (secure/multipurpose internet mail extensions) encryption in Outlook emails.
Along with this, a premium version of Purview eDiscovery can now capture reactions to Teams messages and conversations to see who reacted to a message and how – thumbs up, heard, laugh, and so on.
Users can also see reactions to edited and deleted messages.
Purview’s Insider Risk Management service received new capabilities in preview, including triage and detection enhancements, improved analytics assessment insights, insights for potential high-impact users and an integration with Communication Compliance.
More previews for Purview include an authorized printer feature for grouping devices and designating restrictive actions within Purview Data Loss Prevention (DLP).
A similar feature for USB devices is in preview, with users able to make authorized and unauthorized device groups based on serial numbers.
A feature for authorized network share paths, using network locations as DLP conditions and sanctioned and unsanctioned site groups for sensitive files are also in preview,.
Preview of Purview Data Lifecycle Management
Purview’s Data Lifecycle Management received a host of updates in preview, including a retain shared versions capability.
Retain shared versions allows users to keep an exact version of a file shared as a Microsoft Teams message or email link.
A Power Automate integration with Purview Data Lifecycle Management is in preview.
The integration will allow for notifying users before data is deleted and other custom process building.
Also in preview are Graph APIs (application programming interfaces) for managing retention labels and event-based retention so that users can connect Purview Data Lifecycle Management to other systems.
Now generally available for Purview Data Lifecycle Management are retention labels for applying policies directly in the Microsoft Teams files tab.
Azure confidential VMs updates
Microsoft has a preview for an Azure Virtual Desktop confidential VM option.
Users can turn to this option for desktop virtualisation to ensure workloads in encrypted in memory, with data in use protected.
The company has also made generally available confidential VM node pools for Azure Kubernetes Service (AKS), with the goal of making lift-and-shift of Linux container workloads to Azure.
The VMs are based on 3rd Gen AMD EPYC processors with Secure Encrypted Virtualisation-Secure Nested Paging (SEV-SNP).
More security announcements from Ignite 2022
During Ignite 2022, Microsoft announced a preview of IP Protection for small and midsize businesses to provide adaptive real-time policy tuning, detailed attack analytics, service-level agreement (SLA) guarantees and other enterprise-grade capabilities.
Users of IP Protection will have the option for distributed denial of service (DDoS) protection on a single public IP.
Microsoft also launched a limited-time sale of 50 per cent off Defender for Endpoint Plan 1 and Plan 2 licenses.
Now generally available are new options for ingesting and archiving data with Microsoft Sentinel.
The new features include basic logs for ingesting data and incident investigation, archived logs for long-term storage searchable up to seven years and log restore.
Microsoft 365 E3 and E5 license holders gained a new version of Audit Search that can run 10 concurrent jobs and review the progress per centage, result number and job status from the user interface (UI).
Results are stored for 30 days and accessible after completion.
Users can filter and export data.
And browser windows can also be closed during searches, Microsoft said.
A preview is now available for a premium version of eDiscovery that allows discovery of versions of a document at the time it was shared.
This article originally appeared at crn.com
DALLAS, October 10, 2022--(BUSINESS WIRE)--As Walt Disney once said, "We always keep moving forward, opening new doors and doing new things…" When you are in the window and door business, this is a daily way of life. So it is with Elevate Windows & Doors as they expand and fine-tune their business in the fourth quarter of 2022 and into 2023.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221010005588/en/
Elevate Windows & Doors windows ready for shipment in our manufacturing facility. (Photo: Elevate Windows & Doors, LLC)
"These past few years have been years of change and growth for Elevate," James Gresham said. "After successfully negotiating COVID-19, 2021-22 was a time of process improvement and growth that allowed us to meet some critical milestones."
Mr. Gresham is the co-owner of Elevate Windows & Doors, LLC, based in Grand Prairie, Texas.
Elevate Windows & Doors manufacture their windows to exacting specifications and their standards meet or exceed those of EnergyStar requirements. They recently expanded their Texas operations from over 135,000 square feet by adding another 40,000 square feet of space. In addition, they are expanding their staff by adding 75 to 100 additional jobs. Consequently, capacity of the Texas facility will increase by 1,000 units per day.
"We are committed to our customers and the new housing markets we compete in," Mr. Gresham continued. "Our objective is to be the premier window and door manufacturer in the markets we serve. We feel these capital expenditures and process improvements emphasize that commitment."
Manufacturing since January 2019, their team has decades of industry experience. The company recently announced expansion into the Kentucky and Tennessee markets. Their Hopkinsville, Kentucky, manufacturing facility will comprise 100,000 square feet and is targeting an initial production rate of 2,000 units per day. The facility will eventually employ over 200.
"Our expansion is one way for us to reemphasize our commitment to our excellent distribution partners," Jim Robinson said. "We see the Kentucky-Tennessee corridor as having a similar growth trajectory as our Texas operations. These new plants are our first steps into geographic expansion and where we expect our company to grow."
Mr. Robinson is co-owner of Elevate Windows & Doors.
With the purchase of the Kentucky facilities complete by the end of first quarter 2023, the first units should roll off of that assembly line by mid second quarter 2023.
Elevate Windows & Doors, LLC, is one of the top manufacturers of contemporary, energy efficient windows and doors for the residential housing market. Headquartered in Texas, they are a Dallas 100 winner. With manufacturing throughout the southeast, the key to their success is producing a well-designed product, delivered on time, packaged with exceptional customer service.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221010005588/en/
Elevate Windows & Doors LLC
(817) 313-9972 (mobile)
Paul E Maynard
PE Maynard & Associates
Trend Micro research reveals supply chains are key source of risk
DALLAS, Oct. 11, 2022 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that 86% of global healthcare organizations (HCOs) that have been compromised by ransomware suffered operational outages.Trend Micro research reveals 86% of global healthcare organizations compromised by ransomware suffered outages.
To find out more, visit: https://www.trendmicro.com/explore/glrans
Most (57%) global HCOs admit being compromised by ransomware over the past three years, according to the study. Of these, 25% say they were forced to completely halt operations, while 60% reveal that some business processes were impacted as a result.
On average, it took most responding organisations days (56%) or weeks (24%) to fully restore these operations.
Ransomware is not only causing the healthcare sector significant operational pain. Three-fifths (60%) of responding HCOs say that sensitive data was also leaked by their attackers, potentially increasing compliance and reputational risk, as well as investigation, remediation and clean-up costs.
Respondents to the study also highlight supply chain weaknesses as a key challenge. Specifically:
The good news is that most (95%) HCOs say they regularly update patches, while 91% restrict email attachments to mitigate malware risk. Many also use detection and response tools for their network (NDR) endpoint (EDR) and across multiple layers (XDR).
However, the study also highlights potential weaknesses, including:
"In cybersecurity we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially very real and very dangerous physical impact," said Bharat Mistry, Technical Director at Trend Micro.
"Operational outages put patient lives at risk. We can't rely on the bad guys to change their ways, so healthcare organisations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains."
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.
View original content:https://www.prnewswire.com/news-releases/quarter-of-healthcare-ransomware-victims-forced-to-halt-operations-301641047.html
SOURCE Trend Micro Incorporated