Applications for artificial intelligence in Department of Defense cyber … – Microsoft

May 3, 2022 | Microsoft Corporate Blogs
Editor’s note: On May 3 Eric Horvitz, Chief Scientific Officer, testified before the U.S. Senate Armed Services Committee Subcommittee on Cybersecurity for a hearing on the use of AI in Department of Defense cyber missions. Read Eric Horvitz’s written testimony below and watch the hearing here.
 
Chairman Manchin, Ranking Member Rounds, and Members of the Subcommittee, thank you for the opportunity to share insights about the impact of artificial intelligence (AI) on cybersecurity. I applaud the Subcommittee for its foresight and leadership in holding a hearing on this critically important topic. Microsoft is committed to working collaboratively with you to help ensure new advances in AI and cybersecurity benefit our country and society more broadly.
My perspective is grounded in my experiences working across industry, academia, scientific agencies, and government. As Microsoft’s Chief Scientific Officer, I provide leadership and perspectives on scientific advances and trends at the frontiers of our understandings, and on issues and opportunities rising at the intersection of technology, people, and society. I have been pursuing and managing research on principles and applications of AI technologies for several decades, starting with my doctoral work at Stanford University. I served as a Commissioner on the National Security Commission on AI (NSCAI), was president of the Association for the Advancement of Artificial Intelligence (AAAI), chaired the Section on Computing, Information, and Communication of the American Association for the Advancement of Science (AAAS). I am a member of the National Academy of Engineering (NAE) and the American Academy of Arts and Sciences. I currently serve on the President’s Council of Advisors on Science and Technology (PCAST) and on the Computer Science and Telecommunications Board (CSTB) of the National Academies of Sciences.
I will cover in my testimony four key areas of attention at the intersection of AI and cybersecurity that warrant deeper understanding and thoughtful action:
Before covering these topics, I will provide brief updates on the cybersecurity landscape and on recent progress in AI. I’ll conclude my testimony with reflections about directions.
1. Cybersecurity’s changing landscape
Attacks on computing systems and infrastructure continue to grow in complexity, speed, frequency, and scale. We have seen new attack techniques and the exploitation of new attack surfaces aimed at disrupting critical infrastructure and accessing confidential data.[1] In 2021 alone, the Microsoft 365 Defender suite, supported by AI techniques, blocked more than 9.6 billion malware threats, 35.7 billion phishing and malicious emails, and 25.6 billion attempts to hijack customer accounts targeting both enterprise and consumer devices.[2],[3] Multiple independent reports have characterized the nature and status of different forms of cyberattack.[4] As detailed in Microsoft’s recent Digital Defense Report,[5] cyber criminals and nation-state actors continue to adapt their techniques to exploit new vulnerabilities and counter cyber defenses.
To help mitigate these concerning trends, the U.S. government has taken significant steps forward to secure our cyber ecosystem. Congress enacted several recommendations that came out of the Cyberspace Solarium Commission, such as creating the Office of the National Cyber Director and enacting cyber incident reporting legislation. Almost a year ago, the Administration issued Executive Order (E.O.) 14028, Improving the Nation’s Cybersecurity, which directs agencies to develop and implement a variety of initiatives to raise the bar on cybersecurity across areas, such as supply chain security, and requiring agencies to adopt a zero-trust model. Microsoft has worked diligently to meet deadlines specified in the E.O. on cybersecurity and we support these efforts to encourage a cohesive response to evolving cyber threats.
We expect to face continuing efforts by creative and tireless state and non-state actors who will attempt to attack computing systems with the latest available technologies. We need to continue to work proactively and reactively to address threats and to note changes in systems, technologies, and patterns of usage. On the latter, cybersecurity challenges have been exacerbated by the increasing fluidity between online work and personal activities as daily routines have become more intertwined.[6] The large-scale shift to a paradigm of hybrid work coming with the COVID-19 pandemic has moved workers further away from traditional, controlled environments. Cybersecurity solutions must enable people to work productively and securely across various devices from a variety of non-traditional locations.
2. Advancements in Artificial Intelligence
Artificial intelligence is an area of computer science focused on developing principles and mechanisms to solve tasks that are typically associated with human cognition, such as perception, reasoning, language, and learning. Numerous milestones have been achieved in AI theory and applications over the 67 years since the phrase “artificial intelligence” was first used in a funding proposal that laid out a surprisingly modern vision for the field.[7]
Particularly stunning progress has been made over the last decade, spanning advances in machine vision (e.g., object recognition), natural language understanding, speech recognition, automated diagnosis, reasoning, robotics, and machine learning—procedures for learning from data. Many impressive gains across subdisciplines of AI are attributed to a machine learning methodology named deep neural networks (DNNs). DNNs have delivered unprecedented accuracy when fueled by large amounts of data and computational resources.
Breakthroughs in accuracy include performances that exceed human baselines for a number of specific benchmarks, including sets of skills across vision and language subtasks. While AI scientists remain mystified by the powers of human intellect, the rate of progress has surprised even seasoned experts.
Jumps in core AI capabilities have led to impressive demonstrations and real-world applications, including systems designed to advise decision makers, generate textual and visual content, and to provide new forms of automation, such as the control of autonomous and semi-autonomous vehicles.
AI technologies can be harnessed to inject new efficiencies and efficacies into existing workflows and processes. The methods also can be used to introduce fundamentally new approaches to standing challenges.  When deployed in a responsible and insightful manner, AI technologies can enhance the quality of the lives of our citizenry and add to the vibrancy of our nation and world.  For example, AI technologies show great promise in enhancing healthcare via providing physicians with assistance on diagnostic challenges, guidance on optimizing therapies, and inferences about the structure and interaction of proteins that lead to new medications.
AI advances have important implications for the Department of Defense, our intelligence community, and our national security more broadly. Like any technology, the rising capabilities of AI are available to friends and foes alike. Thus, in addition to harnessing AI for making valuable contributions to people and society, we must continue to work to understand and address the possibilities that the technologies can be used by malevolent actors and adversaries to disrupt, interfere, and destroy. AI has important implications for cybersecurity as the technologies can provide both new powers for defending against cyberattacks and new capabilities to adversaries.
3. Advancing Cybersecurity with AI
The value of harnessing AI in cybersecurity applications is becoming increasingly clear. Amongst many capabilities, AI technologies can provide automated interpretation of signals generated during attacks, effective threat incident prioritization, and adaptive responses to address the speed and scale of adversarial actions. The methods show great promise for swiftly analyzing and correlating patterns across billions of data points to track down a wide variety of cyber threats of the order of seconds. Additionally, AI can continually learn and adapt to new attack patterns—drawing insights from past observations to detect similar attacks that occur in the future.
3.1 Assisting and Complementing Workforce
 The power of automation and large-scale detection, prioritization, and response made possible by AI technologies can not only relieve the burden on cybersecurity professionals but also help with the growing workforce gap. On the challenges to current cyber workforce: the U.S. Bureau of Labor Statistics estimates cybersecurity job opportunities will grow 33% from 2020 to 2030—more than six times the national average.[8] However, the number of people entering the field is not keeping pace. There is a global shortage of 2.72 million cybersecurity professionals, according to the 2021 (ISC)2 Cybersecurity Workforce Study released in October 2021.[9]
 Organizations that prioritize cybersecurity run security operations teams 24/7. Still, there are often far more alerts to analyze than there are analysts to triage them, resulting in missed alerts that evolve into breaches. Trend Micro released a survey in May 2021 of security operations center decision makers that showed that 51% feel their team is overwhelmed with the overall volume of alerts, 55% are not confident in their ability to efficiently prioritize and respond to alerts, and that 27% of their time is spent dealing with false positives.[10]
AI technologies enable defenders to effectively scale their protection capabilities, orchestrate and automate time-consuming, repetitive, and complicated response actions. These methods can enable cybersecurity teams to handle large volumes of classical threats in more relevant time frames with less human intervention and better results. Such support with scaling on the essentials can free cybersecurity professionals to focus and prioritize on those attacks that require specialized expertise, critical thinking, and creative problem solving. However, additional attention should also be given to general cybersecurity training, security awareness, secure development lifecycle practices, and simulated training modules, including using AI to run intelligent and personalized simulations.
3.2 AI at Multiple Stages of Security
Today, AI methods are being harnessed across all stages of security including prevention, detection, investigation and remediation, discovery and classification, threat intelligence, and security training and simulations. I will discuss each of these applications in turn.
Prevention. Prevention encompasses efforts to reduce the vulnerability of software to attack, including user identities and data, computing system endpoints, and cloud applications. AI methods are currently used in commercially available technologies to detect and block both known and previously unknown threats before they can cause harm. In 2021, AV-Test Institute observed over 125 million new malware threats.[11] The ability of machine learning techniques to generalize from past patterns to catch new malware variants is key to being able to protect users at scale.
As an example, last year Microsoft 365 Defender successfully blocked a file that would later be confirmed as a variant of the GoldMax malware. Defender had never seen the new variant of GoldMax. The malware was caught and blocked leveraging the power of an AI pattern recognizer working together with a technology known as “fuzzy hashing”—a means for taking a fingerprint of malware.[12] It is important to note that GoldMax is malware that persists on networks, feigning to be a “scheduled task” by impersonating the activities of systems management software. Such hiding out as a scheduled task is part of the tools, tactics, and procedures of NOBELIUM, the Russian state actor behind the attacks against SolarWinds in December 2020 and which the U.S. government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.
In other work, we have found that AI methods can improve our ability to detect sophisticated phishing attacks. Phishing attacks center on social engineering, where an attacker creates a fake webpage or sends a fraudulent message designed to trick a person into revealing sensitive data to the attacker or to deploy malicious software on the victim’s device, such as ransomware. To help protect people from harmful URLs, AI pattern recognizers have been deployed in browsers and other applications as part of their security services. AI methods can improve detection while lowering false positive rates, which can frustrate end users.[13]
Detection. Detection involves identifying and alerting suspicious behaviors as they happen. The goal is to quickly respond to attacks, including identifying the scale and scope of an attack, closing the attacker’s entry, and remediating footholds that the attacker may have established. The key challenge with detecting suspicious activity is to find the right balance between providing enough coverage via seeking high rates of accurate security alerts versus false alarms. AI methods are being leveraged in detection to (1) triage attention to alerts about potential attacks, (2) identify multiple attempts at breaches over time that are part of larger and lengthier attack campaigns, (3) detecting fingerprints of the activities of malware as it operates within a computer or on a network, (4) identifying the flow of malware through an organization,[14] and (5) guiding automated approaches to mitigation when a response needs to be fast to stop an attack from propagating. For example, an automated system can shut down network connectivity and contain a device if a sequence of alerts is detected that is known to be associated with ransomware activity like the way a bank might decline a credit card transaction that appears fraudulent.
There are several technologies available today to help detect attacks. I will use Microsoft 365 Defender capabilities as an example. A set of neural network models are used to detect a potential attack underway by fusing multiple signals about activities within a computing system, including processes being started and stopped, files being changed and renamed, and suspicious network communication.[15], [16] In addition, probabilistic algorithms are used to detect high likelihoods of “lateral movement” on a network.[17] Lateral movement refers to malware, such as ransomware, moving from machine to machine as it infects an organization. The goal is to detect signals of concerning patterns of spread and to shut down the infection by isolating potentially infected machines and alerting security experts to investigate. As numerous legitimate operations can appear like lateral movement of malware, simplistic approaches can have high false-positive rates. AI systems can help to raise the rate of capture and block these spreading infections, while reducing false positives.[18]
As a recent example, in March 2022, Microsoft leveraged its AI models to identify an attack attributed to a Russian actor that Microsoft tracks as Iridium, also referred to as Sandworm.  The US government has attributed Iridium activity to a group allegedly based at GRU Unit 74455 of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation. The actor deployed wiper malware at a Ukrainian shipping company based in Lviv. Wiper malware erases data and programs on the computers that it infects. The first documented encounter of this malware was on a system running Microsoft Defender with Cloud Protection enabled. The ensemble of machine learning models in Defender, combined with signals across client and cloud, allowed Microsoft to block this malware at first sight.
Investigation and remediation. Investigation and remediation are methods used following a breach to provide customers with a holistic understanding of the security incident, including the extent of the breach, which devices and data were impacted, how the attack propagated through the customer environment, and to seek attribution for the threat.[19] Gathering and doing synthesis from telemetry sources is tedious. Efforts to date include multiple tools to collect telemetry from within and across organizations. The use of AI for investigation and remediation is a promising and open area of research.[20],[21]
Threat intelligence. Threat intelligence enables security researchers to stay on top of the current threat landscape by tracking active malicious actors, at times deliberately engaging with them and studying their behavior. Today, Microsoft actively tracks 40+ active nation-state actors and 140+ threat groups across 20 countries.[22],[23] AI methods help to identify and tag entities from multiple feeds and intelligence sharing across agencies. AI models show promise with their ability to learn and make inferences about high-level relationships and interactions by identifying similarities across different campaigns for enhancing threat attribution.[24],[25]
Recommendations: Advance development and application of AI methods to defend against cyberattacks
4. AI-powered cyberattacks
While AI is improving our ability to detect cybersecurity threats, organizations and consumers will face new challenges as cybersecurity attacks increase in sophistication. To date, adversaries have commonly employed software tools in a manual manner to reach their objectives. They have been successful in exfiltrating sensitive data about American citizens, interfering with elections, and distributing propaganda on social media without the sophisticated use of AI technologies. [26],[27],[28] While there is scarce information to date on the active use of AI in cyberattacks, it is widely accepted that AI technologies can be used to scale cyberattacks via various forms of probing and automation. Multiple research and gaming efforts within cybersecurity communities have demonstrated the power using AI methods to attack computing systems. This area of work is referred to as offensive AI.[29],[30]
4.1 Approaches to offensive AI
Offensive AI methods will likely be taken up as tools of the trade for powering and scaling cyberattacks.  We must prepare ourselves for adversaries who will exploit AI methods to increase the coverage of attacks, the speed of attacks, and the likelihood of successful outcomes. We expect that uses of AI in cyberattacks will start with sophisticated actors but will rapidly expand to the broader ecosystem via increasing levels of cooperation and commercialization of their tools.[31]
Basic automation. Just as defenders use AI to automate their processes, so too can adversaries introduce efficiencies and efficacies for their own benefit. Automating attacks using basic pre-programmed logic is not new in cybersecurity. Many malware and ransomware variants over the last five years have used relatively simple sets of logical rules to recognize and adapt to operating environments. For example, it appears that attacking software has checked time zones to adapt to local working hours and customized behavior in a variety of ways to avoid detection or take tailored actions to adapt to the target computing environment.[32],[33] On another front, automated bots have begun to proliferate on social media platforms.[34] These are all rudimentary forms of AI that encode and harness an attacker’s expert knowledge. However, substantial improvements in AI technology make plausible malicious software that is much more adaptive, stealthy, and intrusive.[35]
Authentication-based attacks. AI methods can be employed in authentication-based attacks, where, for example, recently developed AI methods can be used to generate synthetic voiceprints to gain access through an authentication system. Compelling demonstrations of voice impersonations to fool an authentication system were presented during the Capture the Flag (CTF) cybersecurity competition at the 2018 DEF CON meeting.[36]
AI-powered social engineering. Human perception and psychology are weak links in cyber-defense. AI can be used to exploit this persistent vulnerability. We have seen the rise of uses of AI for social engineering, aiming the power of machine learning at influencing the actions of people to perform tasks that are not in their interest. As an example, AI methods can be used to generate ultra-personalized phishing attacks capable of fooling even the most security conscious users. A striking 2018 study demonstrated how AI methods could be used to significantly raise the probability that end users would click on malevolent links in social media posts. The AI system learned from publicly available data including online profiles, connections, content of posts, and online activity of targeted individuals. Machine-learning was used to optimize the timing and content of messages with a goal of maximizing clickthrough rates—with significant results.[37] A 2021 study demonstrated that the language of emails could be crafted automatically with large-scale neural language models and that the AI-generated messages were more successful than the human-written messages by a significant margin.[38] In a related direction, Microsoft has tracked groups that use AI to craft convincing but fake social media profiles as lures.
4.2 AI-powered cyberattacks on the frontier
The need to prepare for more sophisticated offensive AI was highlighted in presentations at a National Academies of Sciences workshop on offensive AI that I co-organized in 2019. The workshop, sponsored by the Office of the Director of National Intelligence, led to a report available from the Academies.[39] The report includes discussion of the applications of AI methods across the cyber kill-chain, including the use of AI methods in social engineering, discovery of vulnerabilities, exploiting development and targeting, and malware adaptation, as well as in methods and tools that can be used to target vulnerabilities in Al-enabled systems, such as autonomous systems and controls used in civilian and military applications.
The cybersecurity research community has demonstrated the power of AI and other sophisticated computational methods in cyberattacks. Adversaries can harness AI to efficiently guess passwords, to attack industrial control systems without raising suspicions, and to create malware that evades detection or prevents inspection[40],[41],[42],[43],[44],[45] AI-enabled bots can also automate network attacks and make it difficult to extinguish the attacker’s command and control channels.[46] In another direction, a competitor demonstrated at a DARPA Cyber Grand Challenge exercise in 2016 [47] how machine learning could be used to learn how to generate “chaff” traffic, decoy patterns of online activity that resemble the distribution of events seen in real attacks for distraction and cover-up of actual attack strategies.[48]
It is safe to assume that AI will improve the success, impact, and scope of the full breadth of threats present today. AI will also introduce new challenges, including special cyber vulnerabilities introduced with general uses of AI components and applications, which create new apertures for adversaries to exploit.
Recommendations: Prepare for malicious uses of AI to perform cyberattacks
5. Special vulnerabilities of AI systems
The power and growing reliance on AI generates a perfect storm for a new type of cyber-vulnerability: attacks targeted directly at AI systems and components. With attention focused on developing and integrating AI capabilities into applications and workflows, the security of AI systems themselves is often overlooked. However, adversaries see the rise of new AI attack surfaces growing in diversity and ubiquity and will no doubt be pursuing vulnerabilities. Attacks on AI systems can come in the form of traditional vulnerabilities, via basic manipulations and probes, and via a new, troubling category: adversarial AI.
5.1 Attacks on AI Supply Chains
AI systems can be attacked via targeting traditional security weaknesses and software flaws, including attacks on the supply chain of AI systems, where malevolent actors gain access and manipulate insecure AI code and data. As an example, in 2021, a popular software platform used to build neural networks was found to have 201 traditional security vulnerabilities, such as memory corruption and code execution.[50] Researchers have demonstrated how adversaries could use existing cyberattack toolkits to attack core infrastructure of the software running AI systems.[51] Multiple components of AI systems in the supply chain of AI systems can be modified or corrupted via traditional cyberattacks. As an example, data sets used to train AI systems are rarely under version control in the same way that source code is. Researchers from NYU found that most AI frameworks downloaded from a popular algorithm repository do not check the integrity of AI models, in contrast to the standards of practice with traditional software, where cryptographic verification of executables/libraries has been standard practice for well over a decade.[52]
5.2 Adversarial AI
Adversarial AI or adversarial machine learning methods harness more sophisticated AI techniques to attack AI systems. Several classes of adversarial AI have been identified, including adversarial examples, the use of basic policies or more sophisticated machine learning methods to fool AI systems with inputs that cause the systems to fail to function properly. A second type of attack is called data poisoning, where data used to train AI systems are “poisoned” with streams of data that inject erroneous or biased training data into data sets, changing the behavior or degrading the performance of AI systems.[53] A third type of attack, called model stealing, seeks to learn details about the underlying AI model used in an AI system.[54] A fourth category of attack, called model inversion, seeks to reconstruct the underlying private data that is used to train the target system.[55]
With adversarial examples, basic manipulations or more sophisticated application of AI methods are used to generate inputs that are custom-tailored to cause failures in targeted AI systems. Goals of these attacks include disruptive failures of automated message classifiers, perceptions of machine vision systems, and recognitions of the words in utterances by speech recognition systems.
As an example of basic manipulations of inputs, a group, alleged to be within the Chinese government, attempted to amplify propaganda on Uyghurs by bypassing Twitter’s anti-spam algorithm via appending random characters at the end of tweets.[56] The approach was viewed as an attempt to mislead the algorithm into thinking each tweet was unique and legitimate. In another example, researchers from Skylight appended benign code from a gaming database to Wannacry ransomware to cause the machine-learning-based antivirus filter to classify the modified ransomware as benign.[57] In related work on the fragility of AI systems, researchers showed that simply rotating a scan of a skin lesion confuses a computer recognition system to classify the image as malignant.[58]
In uses of AI to generate adversarial examples, researchers have demonstrated stunning examples of failures. In one approach, adversarial methods are used to inject patterns of pixels into images to change what an AI system sees. While the changes with AI inferences are dramatic, the changes to the original images are not detectable by humans. Sample demonstrations include the modification of a photo of a panda leading an AI system to misclassify the panda as a gibbon and changes to a stop sign to misclassify it as a yield sign.[59],[60] Similar demonstrations have been done in the realm of speech recognition, with the injection of hidden acoustical patterns in speech that changes what a listening system hears.[61] Attacks leading to such misclassifications and malfunctions can be extremely costly, particularly in high-stakes domains like defense, transportation, healthcare, and industrial processes.
Challenges of adversarial AI and a set of recommendations are called out in the final report of the National Security Commission on AI (NSCAI).[62] I chaired the lines of effort on directions with developing and fielding trustworthy, responsible, and ethical AI applications, leading to chapters 7 and 8 of the report and the appendix on NSCAI’s recommendations on key considerations for fielding AI systems that align with democratic values, civil liberties, and human rights.[63],[64],[65] Chapter 7 of the report covers rising concerns with adversarial AI, including the assessment that, “The threat is not hypothetical: adversarial attacks are happening and already impacting commercial ML systems.” In support of this statement, over the last five years, the Microsoft cybersecurity team has seen an uptick in adversarial AI attacks.[66] I believe the trend will continue.
5.3 Efforts to Mitigate Adversarial AI
Pursuit of resistant systems. Computer science R&D has been underway on methods for making AI systems more resistant to adversarial machine learning attacks. One area of work centers on raising the level of robustness of systems to attacks with adversarial inputs as described above.[67],[68] Approaches include special training procedures to include adversarial examples, validation of inputs to identify specific properties that can reveal signs of an attack and making changes to the overall approach to building models, and modifying the objective functions used in optimization procedures used to create the models so that more robust models are created. While the latter techniques and research directions behind them are promising, the challenges of adversarial examples persist, per the large space of inputs to machine learning procedures. Thus, it is important to continue to invest in R&D on adversarial AI, to perform ongoing studies with red-teaming exercises, and to remain vigilant.
5.4 Tracking, Awareness, and Resources
Front-line awareness. Despite the opportunities that adversarial AI methods will provide to state and non-state actors for manipulating and disrupting critical AI systems and rising evidence of real-world attacks with adversarial AI, the idea of protecting AI systems from these attacks has been largely an afterthought. There is an urgency to be aware and to be ready to respond to adversarial AI threats, especially those used in critical areas such as defense. A Microsoft survey of 28 organizations in 2020 showed, despite the rise in attacks on AI systems, companies are still unaware of these kinds of intentional failures to AI systems and are massively underinvested in tools and processes to secure AI systems. Ryan Fedasiuk, a noted researcher at Georgetown’s Center for Security of Emerging Technology specializing in China’s AI operations, notes that Chinese military officers have explicitly called out that the U.S. defenses are susceptible to data poisoning, and even so far as calling data integrity as “the Achilles’ heel” of the U.S. joint all-domain command and control strategy.[69]
Resources and Engagement. Microsoft, along with MITRE and 16 other organizations created the Adversarial ML Threat Matrix to catalog threats to AI systems.[70] The content includes documentation of case studies where attacks have been made on commercial AI systems. For engineers and policymakers, Microsoft, in collaboration with Berkman Klein Center at Harvard University, released a taxonomy of machine learning failure modes.[71] For security professionals, Microsoft has open-sourced Counterfit, its own tool for assessing the posture of AI systems.[72] For the broader community of cybersecurity practitioners interested in AI and security, Microsoft hosts the annual Machine Learning Evasion Competition as a venue to exercise their muscle in attacking and securing AI systems.[73] Within the Federal government, the DoD has listed safety and security of AI systems in its core AI principles.[74] And there is encouraging activity by NIST on an AI Risk Assessment Framework to address multiple dimensions of AI systems, including robustness and security.[75]
Recommendations: Raise awareness and address vulnerabilities of AI systems
6. AI in Malign Information Operations
Advances in machine learning and graphics have boosted the abilities of state and non-state actors to fabricate and distribute high-fidelity audiovisual content, referred to as synthetic media and deepfakes. AI technologies for generating deepfakes can now fabricate content that is indistinguishable from real-world people, scenes, and events, threatening national security. Advances that could only be found with the walls of computer science laboratories or in demonstrations that surprised attendees at academic AI conferences several years ago are now widely available in tools that create audio and audiovisual content that can be used to drive disinformation campaigns.
6.1 Challenges of Synthetic Media
Advances in the capabilities of generative AI methods to synthesize a variety of signals, including high-fidelity audiovisual imagery, have significance for cybersecurity. When personalized, the use of AI to generate deepfakes can raise the effectiveness of social-engineering operations (discussed above) in persuading end-users to provide adversaries with access to systems and information.
On a larger scale, the generative power of AI methods and synthetic media have important implications for defense and national security. The methods can be used by adversaries to generate believable statements from world leaders and commanders, to fabricate persuasive false-flag operations, and to generate fake news events. A recent demonstration includes the multiple examples of manipulated and more sophisticated deepfakes that have come to the fore over the course of the Russian attack on Ukraine. This includes a video of President Volodymyr Zelenskyy appearing to call for surrender.[76]
The proliferation of synthetic media has had another concerning effect: malevolent actors have labeled real events as “fake,” taking advantage of new forms of deniability coming with the loss of credibility in the deepfake era. Video and photo evidence, such as imagery of atrocities, are being called fake. Known as the “liar’s dividend”, the proliferation of synthetic media emboldens people to claim real media as “fake,” and creates plausible deniability for their actions.[77]
We can expect synthetic media and its deployment to continue grow in sophistication over time, including the persuasive interleaving of deepfakes with unfolding events in the world and real-time synthesis of deepfakes. Real-time generations could be employed to create compelling, interactive imposters (e.g., appearing in teleconferences and guided by a human controller) that appear to have natural head pose, facial expressions, and utterances. Looking further out, we may have to face the challenge of synthetic fabrications of people that can engage autonomously in persuasive real-time conversations over audio and visual channels.
6.2 Direction: Digital Content Provenance
A promising approach to countering the threat of synthetic media can be found in a recent advance, named digital content provenance technology. Digital content provenance leverages cryptography and database technologies to certify the source and history of edits (the provenance) of any digital media. This can provide “glass-to-glass” certification of content, from the photons hitting the light-sensitive surfaces of cameras to the light emitted from the pixels of displays, for secure workloads. We pursued an early vision and technical methods for enabling end-to-end tamper-proof certification of media provenance in a cross-team effort at Microsoft.[78],[79] The aspirational project was motivated by our assessment that, in the long-term, neither humans nor AI methods would be able to reliably distinguish fact from AI-generated fictions—and that we must prepare with urgency for the expected trajectory of increasingly realistic and persuasive deepfakes.
After taking the vision to reality with technical details and the implementation of prototype technologies for certifying the provenance of audiovisual content, we worked to build and contribute to cross-industry partnerships, including Project Origin, the Content Authenticity Initiative (CAI), and the Coalition for Content Provenance and Authenticity (C2PA), a multistakeholder coalition of industry and civil society organizations. [80],[81],[82],[83] In January 2022, C2PA released a specification of a standard that enables the interoperability of digital content provenance systems.[84],[85] Commercial production tools are now becoming available in accordance with the C2PA standard that enable authors and broadcasters to assure viewers about the originating source and history of edits to photo and audiovisual media.
The final report of the NSCAI recommends that digital content provenance technologies should be pursued to mitigate the rising challenge of synthetic media. In Congress, the bipartisan Deepfake Task Force Act (S. 2559) proposes the establishment of the National Deepfake and Digital Provenance Task Force.[86] Microsoft and its media provenance collaborators encourage Congress to move forward with standing-up a task force to help identify and address the challenges of synthetic media and we would welcome the opportunity to provide assistance and input into the work.
 Recommendations: Defend against malign information operations
Summary
I have covered in my testimony status, trends, examples, and directions ahead with rising opportunities and challenges at the intersection of AI and cybersecurity. AI technologies will continue to be critically important for enhancing cybersecurity in military and civilian applications. AI methods are already qualitatively changing the game in cyber defense. Technical advances in AI have helped in numerous ways, spanning our core abilities to prevent, detect, and respond to attacks—including attacks that have never been seen before. AI innovations are amplifying and extending the capabilities of security teams across the country.
On the other side, state and non-state actors are beginning to leverage AI in numerous ways. They will draw new powers from fast-paced advances in AI and will continue to add new tools to their armamentarium. We need to double down with our attention and investments on threats and opportunities at the convergence of AI and cybersecurity. Significant investments in workforce training, monitoring, engineering, and core R&D will be needed to understand, develop, and operationalize defenses for the breadth of risks we can expect with AI-powered cyberattacks. The threats include new kinds of attacks, including those aimed squarely at AI systems. The DoD, federal and state agencies, and the nation need to stay vigilant and stay ahead of malevolent adversaries. This will take more investment and commitment to fundamental research and engineering on AI and cybersecurity, and in building and nurturing our cybersecurity workforce so our teams can be more effective today—and well-prepared for the future.
Thank you for the opportunity to testify. I look forward to answering your questions.
[1] https://www.microsoft.com/security/blog/2021/12/15/the-final-report-on-nobeliums-unprecedented-nation-state-attack/
[2] https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1-218.pdf, page 3
[3] https://www.microsoft.com/en-us/research/group/m365-defender-research/
[4] 2018-Webroot-Threat-Report_US-ONLINE.pdf
[5] Microsoft Digital Defense Report, October 2021
[6] https://www.microsoft.com/security/blog/2021/05/12/securing-a-new-world-of-hybrid-work-what-to-know-and-what-to-do/
[7] J. McCarthy, J., M.L. Minsky, N.  Rochester, N., C.E. Shannon, C.E. A Proposal for the Dartmouth Summer Project on Artificial Intelligence, Dartmouth University, May 1955. http://www-formal.stanford.edu/jmc/history/dartmouth/dartmouth.html
[8] https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
[9] https://www.isc2.org/News-and-Events/Press-Room/Posts/2021/10/26/ISC2-Cybersecurity-Workforce-Study-Sheds-New-Light-on-Global-Talent-Demand
[10] https://newsroom.trendmicro.com/2021-05-25-70-Of-SOC-Teams-Emotionally-Overwhelmed-By-Security-Alert-Volume
[11] https://www.av-test.org/en/statistics/malware/
[12] https://www.microsoft.com/security/blog/2021/07/27/combing-through-the-fuzz-using-fuzzy-hashing-and-deep-learning-to-counter-malware-detection-evasion-techniques
[13] https://www.microsoft.com/en-us/research/publication/urltran-improving-phishing-url-detection-using-transformers/
[14] https://dl.acm.org/doi/10.1145/3471621.3471858
[15] https://www.microsoft.com/security/blog/2020/07/23/seeing-the-big-picture-deep-learning-based-fusion-of-behavior-signals-for-threat-detection/
[16] https://www.microsoft.com/security/blog/2020/08/27/stopping-active-directory-attacks-and-other-post-exploitation-behavior-with-amsi-and-machine-learning/
[17] https://www.microsoft.com/security/blog/2019/12/18/data-science-for-cybersecurity-a-probabilistic-time-series-model-for-detecting-rdp-inbound-brute-force-attacks/
[18] https://www.microsoft.com/security/blog/2020/06/10/the-science-behind-microsoft-threat-protection-attack-modeling-for-finding-and-stopping-evasive-ransomware/
[19] https://www.microsoft.com/security/blog/2021/12/02/structured-threat-hunting-one-way-microsoft-threat-experts-prioritizes-customer-defense/
[20] https://www.microsoft.com/security/blog/2020/07/09/inside-microsoft-threat-protection-correlating-and-consolidating-attacks-into-incidents/
[21] https://www.microsoft.com/security/blog/2020/07/29/inside-microsoft-threat-protection-solving-cross-domain-security-incidents-through-the-power-of-correlation-analytics/
[22] https://www.microsoft.com/security/blog/2022/02/03/cyber-signals-defending-against-cyber-threats-with-the-latest-research-insights-and-trends/
[23] https://www.microsoft.com/security/blog/2021/05/12/securing-a-new-world-of-hybrid-work-what-to-know-and-what-to-do/
[24] https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting/
[25] https://dl.acm.org/doi/pdf/10.1145/3448016.3452745
[26] Cybersecurity Incidents (opm.gov)
[27] Russian Interference in 2016 U.S. Elections – FBI
[28] Characterizing networks of propaganda on twitter: a case study
[29] https://arxiv.org/pdf/2106.15764.pdf
[30] B. Buchanan, J. Bansemer, D. Cary, et al., Automating Cyber Attacks: Hype and Reality, Center for Security and Emerging Technology, November 2020.  https://cset.georgetown.edu/wp-content/uploads/CSET-Automating-Cyber-Attacks.pdf
[31] How cyberattacks are changing according to new Microsoft Digital Defense Report
[32] Intelligence, FireEye Threat. “HAMMERTOSS: Stealthy tactics define a Russian cyber threat group.” FireEye, Milpitas, CA (2015).
[33] Virtualization/Sandbox Evasion, Technique T1497 – Enterprise | MITRE ATT&CK®
[34] https://www.jmir.org/2021/5/e26933/
[35] See for example, see documentation of Deep Exploit, tools and demonstration showing the use of reinforcement learning to drive cyberattacks: https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
[36] https://www.defcon.org/
[37] J. Seymour and P. Tully, Generative Models for Spear Phishing Posts on Social Media, 31st Conference on Neural Information Processing Systems, Long Beach, CA, USA, 2017. https://arxiv.org/abs/1802.05196
[38] https://www.wired.com/story/ai-phishing-emails/amp
[39] Implications of Artificial Intelligence for Cybersecurity: A Workshop, National Academy of Sciences, 2019. https://www.nationalacademies.org/our-work/implications-of-artificial-intelligence-for-cybersecurity-a-workshop
[40] Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit – NDSS Symposium (ndss-symposium.org)
[41] B. Hitaj, P. Gasti, G. Ateniese, F. Perez-Cruz, PassGAN: A Deep Learning Approach for Password Guessing, NeurIPS 2018 Workshop on Security in Machine Learning (SecML’18), December 2018. https://github.com/secml2018/secml2018.github.io/raw/master/PASSGAN_SECML2018.pdf
[42] S. Datta, DeepObfusCode: Source Code Obfuscation through Sequence-to-Sequence Networks In: Arai, K. (eds) Intelligent Computing. Lecture Notes in Networks and Systems, vol 284. Springer, Cham. https://doi.org/10.1007/978-3-030-80126-7_45, July 2021.
[43] J. Li, L. Zhou, H. Li, L. Yan and H. Zhu, “Dynamic Traffic Feature Camouflaging via Generative Adversarial Networks,” 2019 IEEE Conference on Communications and Network Security (CNS), 2019, pp. 268-276, doi: 10.1109/CNS.2019.8802772.  https://ieeexplore.ieee.org/abstract/document/8802772
[44] C. Novo, R. Morla, Flow-Based Detection and Proxy-Based Evasion of Encrypted Malware C2 Traffic, Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security 2020, https://doi.org/10.1145/3411508.3421379.
[45] D. Han et al., “Evaluating and Improving Adversarial Robustness of Machine Learning-Based Network Intrusion Detectors,” in IEEE Journal on Selected Areas in Communications, vol. 39, no. 8, pp. 2632-2647, Aug. 2021, https://ieeexplore.ieee.org/abstract/document/9448103
[46] A botnet-based command and control approach relying on swarm intelligence – ScienceDirect
[47] https://www.darpa.mil/program/cyber-grand-challenge
[48] R. Rivest, Chaffing and Winnowing: Confidentiality Without Encryption,” CryptoBytes, 4(1):12-17, https://pdfs.semanticscholar.org/aaf3/7e0afa43f5b6168074dae 2bc0e695a9d1d1b.pdf
[49] https://www.nscai.gov/wp-content/uploads/2021/03/Full-Report-Digital-1.pdf. page 279.
[50] https://www.cvedetails.com/product/53738/Google-Tensorflow.html
[51] Xiao, Qixue, et al. “Security risks in deep learning implementations.” 2018 IEEE Security and privacy workshops (SPW). IEEE, 2018.
[52] Gu, Tianyu, Brendan Dolan-Gavitt, and Siddharth Garg. “Badnets: Identifying vulnerabilities in the machine learning model supply chain.” arXiv preprint arXiv:1708.06733 (2017).
[53] Jagielski, Matthew, et al. “Manipulating machine learning: Poisoning attacks and countermeasures for regression learning.” 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 2018.
[54] Yu, Honggang, et al. “CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples.” NDSS. 2020.
[55] Ziqi Yang, Ee-Chien Chang, Zhenkai Liang, Adversarial Neural Network Inversion via Auxiliary Knowledge Alignment, 2019
[56] https://www.nytimes.com/interactive/2021/06/22/technology/xinjiang-uyghurs-china-propaganda.html
[57] https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
[58] Finlayson, Samuel G., et al. “Adversarial attacks on medical machine learning.” Science 363.6433 (2019): 1287-1289.
[59] I.J. Goodfellow, J. Shlens, C. Szegedy, Explaining and Harnessing Adversarial Examples, ICLR 2015. https://arxiv.org/pdf/1412.6572.pdf
[60]N. Papernot, P. McDaniel, I. Goodfellow, et al., Practical Black-Box Attacks against Machine Learning, ASIA CCS ’17, April 2017. https://dl.acm.org/doi/pdf/10.1145/3052973.3053009
[61] M. Alzantot, B. Balaji, M. Srivastava, Did you hear that? Adversarial Examples Against Automatic Speech Recognition, Conference on Neural Information Processing Systems, December 2017. https://arxiv.org/pdf/1801.00554.pdf
[62] https://www.nscai.gov/
[63] “Upholding Democratic Values: Privacy, Civil Liberties, and Civil Rights in Uses of AI for National Security,” Chapter 8, Report of the National Security Commission on AI, March 2021. https://reports.nscai.gov/final-report/chapter-8/
[64] “Establishing Justified Confidence in AI Systems,” Chapter 8, Report of the National Security Commission on AI, March 2021. https://reports.nscai.gov/final-report/chapter-7/
[65] E. Horvitz J. Young, R.G. Elluru, C. Howell, Key Considerations for the Responsible Development and Fielding of Artificial Intelligence, National Security Commission on AI, April 2021. https://arxiv.org/ftp/arxiv/papers/2108/2108.12289.pdf
[66]Kumar, Ram Shankar Siva, et al. Adversarial machine learning-industry perspectives. 2020 IEEE Security and Privacy Workshops (SPW). IEEE, 2020.
[67] https://cacm.acm.org/magazines/2018/7/229030-making-machine-learning-robust-against-adversarial-inputs/fulltext
[68] A. Madry, A. Makelov, L. Schmidt, et al. Towards deep learning models resistant to adversarial attacks, ICLR 2018. https://arxiv.org/pdf/1706.06083.pdf
[69] https://breakingdefense.com/2021/11/china-invests-in-artificial-intelligence-to-counter-us-joint-warfighting-concept-records/
[70] https://atlas.mitre.org/
[71] https://docs.microsoft.com/en-us/security/engineering/failure-modes-in-machine-learning
[72] https://github.com/Azure/counterfit/
[73] https://mlsec.io/
[74] https://www.defense.gov/News/Releases/Release/Article/2091996/dod-adopts-ethical-principles-for-artificial-intelligence/
[75] https://www.nist.gov/itl/ai-risk-management-framework
[76] See: https://www.youtube.com/watch?v=X17yrEV5sl4
[77] The Liar’s Dividend: The Impact of Deepfakes and Fake News on Politician Support and Trust in Media | GVU Center (gatech.edu)
[78] P. England, H.S. Malvar, E. Horvitz, et al. AMP: Authentication of Media via Provenance, ACM Multimedia Systems 2021. https://dl.acm.org/doi/abs/10.1145/3458305.3459599
[79]E. Horvitz, A promising step forward on disinformation, Microsoft on the Issues, February 2021. https://blogs.microsoft.com/on-the-issues/2021/02/22/deepfakes-disinformation-c2pa-origin-cai/
[80] Project Origin, https://www.originproject.info/about
[81] J. Aythora, et al. Multi-stakeholder Media Provenance Management to Counter Synthetic Media Risks in News Publishing, International Broadcasting Convention 2020 (IBC 2020), Amsterdam, NL 2020 https://www.ibc.org/download?ac=14528
[82] Content Authenticity Initiative, https://contentauthenticity.org/
[83] Coalition for Content Provenance and Authenticity (C2PA), https://c2pa.org/
[84]C2PA Releases Specification of World’s First Industry Standard for Content Provenance, Coalition for Content Provenance and Authenticity, January 26, 2022,  https://c2pa.org/post/release_1_pr/
[85] https://erichorvitz.com/A_Milestone_Reached_Content_Provenance.htm
[86] Deepfake Task Force Act, S. 2559, 117th Congress, https://www.congress.gov/bill/117th-congress/senate-bill/2559/text
Tags: , , ,
Have the latest posts sent right to your inbox. Enter your email below.
By providing your email address, you will receive email updates from the Microsoft on the Issues blog.


Follow us:

source

Read more
No Comments

Tech and system related upgrades to China's dispute resolution … – Law.asia

When the going gets tough, inspirational thinking comes to the fore. Small wonder that the past couple of years have spawned an exciting amount of tech-related reform in China’s courts and arbitration institutions. Kevin Cheng reports
In October, the US government enacted sweeping restrictions over the export of technology, software and equipment used for producing advanced computing chips and supercomputers to China’s semiconductor and hardware industry, which has seen a streak of encouraging growth over the years but still relies considerably on imported know-how.
This is perceived as a drastic escalation from the ongoing trade war between the world’s two largest economies, which began in 2018, as well as a hefty roadblock to the global trade network, already plagued by geopolitical and macroeconomic impediments that seem to be popping up faster than they can be resolved.
Upon hearing the news, China-based entrepreneurs, overseas investors and legal professionals jotted down this unfortunate development onto their list of concerns, and promptly set out to schedule a top-down risk assessment of all existing and planned operations.
On that list, the new entry closely follows the recurring pandemic and potential lockdowns, the war in Ukraine and the Western world’s sanctions against Russia, deteriorating geopolitical stability, interest rate hikes and the looming recession, and shortages across the global supply chain.
Tested during these trying times is not only the business acumen of corporate executives determined to sail beyond the national border, but also the expertise of their law practising convoys and the wisdom of China’s evolving judicial system, dedicated to help maintain trade vitality when disputes are constantly one factor – beyond either party’s reach – away.
“These adverse macroeconomic factors, along with a growing phenomenon of generalising ‘national security’, manifested as wanton decoupling and other acts of reverse globalisation, are making it difficult for the world economy to recuperate and grow,” says David Jia, a Shenzhen-based senior partner at Long An Law Firm.
Referring to the “chip 4 alliance” advocated by the US to form a global semiconductor supply and co-ordination network comprising Japan, South Korea and Taiwan, Jia adds: “It not only concerns the interests of Chinese and American companies, but also how the chip industry chain will reform and develop on a global scale, which obviously will lead to more cross-border disputes.”
Jia is not alone in his observation that a volatile and unpredictable international business environment begets a growing number of cross-border disputes and challenges long-held precedents in international trade.
David Jia, Long An Law FirmDavid Jia, Long An Law Firm
According to Zhang Lixia, a founding partner of Huamao & Guigu Law Firm, more companies looking to consult or engage their services are claiming that due to the pandemic or the Sino-US trade breakdown, their contracts can no longer move ahead, or have met major obstacles, leaving lawsuits or arbitration their only recourse.
Likewise, Chen Xiaoshan, head of international arbitration at the Shanghai office of DLA Piper, sees an uptick in the frequency of cross-border disputes. “In the past year, due to covid-19, we have handled a large number of international trade disputes relating to the cross-border sale and purchase of personal protective equipment (PPE) and force majeure clause,” he says. “In the meantime, disputes directly or indirectly relating to the Russia-Ukraine war, especially those arising out of international trade and transportation, have also significantly increased.”
The trend is also reflected in the published statistics of leading arbitration venues, as with the 2021 work report of the China International Economic and Trade Arbitration Commission (CIETAC). According to the report, CIETAC handled a record high of 4,071 cases in 2021, a year-on-year increase of 12.6%, of which 636 were foreign-related (including those related to Hong Kong, Macau and Taiwan), representing a significant increase.
According to Cao Lijun, a partner at Zhong Lun Law Firm in Beijing, we have yet to see the peak of international disputes related to the Ukraine-Russia war or the pandemic. “Considering the hysteretic nature of disputes, the numbers are likely to continue climbing for some time,” he predicts.
Chris Zhang, the senior partner of Jincheng Tongda & Neal based in the firm’s Shanghai office, looks at macroeconomic factors from a dialectical perspective. “On one hand, as foreign trade is riddled with uncertainties during the pandemic, China’s seen a decline in its total amount of cross-border business activities,” she says, but on the other hand, also as a result of the pandemic, what foreign trade there is has become more likely to produce disputes.
“Due to the war in Ukraine, and the numerous Western sanctions against Russia’s major exporters and their executives, Chinese businesses must sometimes breach their contracts with original partners to avoid being sanctioned by the EU and US,” says Zhang. “This adds to the likelihood of cross-border disputes.”
Even more damaging, the stagnation of the global supply chain has not only increased the volume of international disputes but also added to their complexity and difficulty.
Cao Lijun, Zhong Lun Law FirmCao Lijun, Zhong Lun Law Firm
During Shanghai’s two-month lockdown earlier in the year, Shanghai Port suffered from labour shortages, overpacked warehouses and logistics chain paralysis, which halted the circulation of domestic and international goods in their tracks, leading to a series of discords.
Zhang says that while the Civil Code and other laws and judicial interpretations have made force majeure a viable defence for pandemic-induced defaults, these cross-border contracts may not be governed by Chinese law.
“In addition, exports of masks, medical gloves, antigen testing and other anti-pandemic supplies were restricted, as they were required to be first distributed to covid-affected regions in China,” she observes. “Consequently, domestic vendors faced lawsuits and arbitrations from overseas buyers, and had to deal with a compromised reputation.”
Zhang Guanglei, a partner at the Beijing head office of Jingtian & Gongcheng, believes that macro headwinds have made contract performance a challenge, and whether that is enough to trigger force majeure, or constitute a “change of situation”, may become the focal point of cross-border disputes. “Furthermore, these adverse factors have made it difficult to obtain evidence in cross-border proceedings,” he adds.
Ray Liu, a global partner at Dorsey and head of its Beijing office, believes the surge in disputes reflects, to a degree, China’s rapid development in both traditional and new-tech sectors, contributing to their stronger presence on the international stage that has now fallen victim to macroeconomic uncertainty.
“Covid-19 cut down the opportunities for courts, clients and other parties to meet face to face, which makes it hard to regulate the procedure and for parties to negotiate in the same room,” says Liu. “With uncertainties seeping into the global economy, many enterprises have seen a sharp decline in their revenue, leading to a series of contractual, labour and financing-related disputes.”
Chris Zhang, of Jincheng Tongda & Neal, holds incompatibility between foreign and Chinese laws as one of the chief catalysts for cross-border strife, citing Cadence Design Systems v Syntronic (2022) as one such case.
The California Northern District Court ordered the defendant to send 24 computers from China to the US for inspection, to which the defensive lawyer argued that, as these computers contained the protected personal information of the employees, according to article 39 of the Personal Information Protection Law (PIPL), they can only be moved out of China with employees’ individual consent.
However, the judge deemed that the exception under the clause – permission to transfer personal information “where necessary to fulfil statutory duties and responsibilities or statutory obligations” – should apply to foreign legal obligations, and persisted with his decision.
Cross-border transfer of data and personal information has in recent years quickly ascended to the highest tier of corporate legal concerns. The Cyberspace Administration of China promulgated the Measures for Security Assessment for Outbound Data Transfer in July 2022, and is currently seeking public comment on the amendment to China’s five-year-old Cybersecurity Law. The rise of the compliance threshold is matched by the challenge in transferring evidence to overseas courts.
“With the strict discovery rules in the US, Chinese companies may be required to collect and provide relevant evidence as a party to the case, or a third party, and failure to follow such rules may incur adverse consequences” says Ray Liu at Dorsey. “On the other hand, with China building up its own data security governance and privacy protection systems, transfer of data overseas is subject to an unprecedented level of requirements and restrictions.”
Similarly, Cao at Zhong Lun cautions that compliance matters related to cross-border transfer of data may significantly affect document disclosure in international arbitration. “Lawyers in international arbitration must take data compliance into prudent consideration when disclosing documents,” he says.
While it seems more likely than ever that engaging in foreign-related dealings will end in unpleasant lawsuits, legal risks can usually be avoided, or at least abated, with shrewd safety mechanisms and meticulous planning.
“Most mature enterprises in China have gained sufficient understanding of the risks in overseas investments and how to address them,” notes Xiao Jin, a Beijing-based partner at King & Wood Mallesons. “But in view of the complicated international situation, outbound assets further face multiple levels of regulatory and political risks, for which enterprises must remain vigilant.
“Bilateral investment treaties [BITs] may be the last valid defence for protecting investors’ overseas interests,” says Xiao. “Outbound investors should make good use of these treaties to ward off regulatory and political pitfalls.”
Xiao Jin, King & Wood MallesonsXiao Jin, King & Wood Mallesons
Regarding BITs as a protective shield for outbound investors, as well as an important basis for relief, Cao adds: “If China has not entered into a BIT with the investment home country, or the BIT is insufficient, companies may consider setting up a special purpose vehicle [SPV] in a third country with whom China has a valid BIT, which in turn would grant investment protection.”
Zou Wen, who recently joined the Shenzhen office of Fangda Partners as a partner, advises outbound enterprises to not only engage a local law firm that provides high-quality legal services, but also to choose an experienced Chinese law firm as a long-term ally and consultant. “This is a tried and true practice among foreign enterprises,” says Zou. “When multiple overseas lawsuits are happening across many jurisdictions, foreign enterprises often engage a single legal adviser to oversee litigations across the globe, and help select local law firms. This helps the companies manage litigation costs and better co-ordinate with services provided by overseas lawyers.”
Chen Xiaoshan, of DLA Piper, cautions against potential political pitfalls. “Given the cross-border nature of these disputes, we would recommend that, instead of looking at the whole case solely from the PRC law perspective, clients should have an in-depth understanding about how one legal issue works under different rules in different jurisdictions,” he says. “In the meantime, given the sensitivity, some disputes are no longer relating to pure legal issues only.”
Chen says that Chinese companies should pay more attention to internal document management. “It is my experience that when it comes to the stage of discovery in foreign legal proceedings, Chinese companies always face a lot of difficulties due to a lack of internal policies on the management and retention of internal documents, which may lead the courts and arbitral tribunals to draw an adverse inference.”
Chen Xiaoshan, DLA PiperChen Xiaoshan, DLA Piper
Mishandling of documents appears to be a widespread but understated pain point among Chinese companies, one liable to cause disproportionate legal hardships down the line.
“When handling disputes related to funds, investments, insurance and construction, I have encountered many enterprises that had trouble producing evidence, simply because they improperly managed internal personnel transfer, evidence preservation and filing,” says Zhang Lixia, of Huamao & Guigu. “It is my belief that standardisation of file management in terms of contracts, transaction logs and performance records is vital for companies to address potential disputes.”
Fortune favours the prepared. For Chinese enterprises operating at an international level, or planning to do so, it is vital that they remain up to date about legal, political and economic situations, as well as business practices, most pertinent to the other side of the negotiation table.
David Jia, of Long An, urges Chinese companies to closely follow global developments, especially legal and policy updates, as well as trends in jurisdictions relevant to the industry in which they operate. “Diligently develop compliance of the company, and remember to put ‘compliance interests’ above general commercial interests,” he advises.
In times of uncertainties, Ray Liu at Dorsey cautions outbound enterprises in China to take great care with risk prevention, explicitly distinguish contractual parties’ rights, obligations and sharing of risks, and to the greatest extent possible avoid disputes arising from unclear contractual stipulations, or different understandings of contract terms. “In times of dispute, it is vital to comprehend the rules of the game, and to make full use of pre-action negotiation and mediation, so as to save unnecessary costs,” he says.
“Lastly, outbound enterprises should be more proactive in resorting to legal means to protect their rights and interests when they are violated,” he concludes.
Chris Zhang, Jincheng Tongda & NealChris Zhang, Jincheng Tongda & Neal
On a positive note, Xiao Jin, of King & Wood Mallesons, observes that with restrictive foreign investment policies sprouting up around the world, Chinese companies have visibly raised their awareness of rights protection, and quickly learned to defend their overseas legal rights.
“With the global situation being ever unpredictable and trade protectionism on the rise, more disputes are going beyond simple commercial disagreements between companies, but have instead become hybrid conflicts mixed with the actions of local governments,” says Xiao, stressing the importance to accurately judge the nature of a cross-border dispute and identify legal remedies beyond litigation and arbitration, while cautioning that such remedies may be mutually exclusive.
With the world changing at an almost dazzling pace, laws and rule books are under increasingly intense scrutiny for their continuing suitability. In China, court and arbitration practices are becoming more internationally aligned, industry-specific and tech savvy.
Amendments to the Civil Procedure Law (CPL), which came into effect on 1 January 2022, reflect these directions. They have broadened the application of the sole-judge panel to include ordinary and second-instance hearings, improving judicial efficiency, and have optimised the standards of small claim procedure.
“With the amendment, cases involving small claims are more specific, their applicable standards more reasonable, and the procedures further expedited,” says Chris Zhang, of Jincheng Tongda & Neal. “Besides further reducing litigation costs, these measures promote the separation of complex and simple cases, which represents another step towards the true democratisation of the justice system.”
Furthermore, for the first time in China, the amended CPL officially recognised online proceedings as equally valid as the offline version. It also allowed for electronic delivery of judicial documents, and shortened the term for service of process by public announcement from 60 to 30 days.
Zhang Lixia points out that content related to judicial reviews in foreign-related business dealings and arbitration, in the Minutes of the Symposium on the Trial of Foreign-related Commercial Cases by Courts Nationwide issued by the Supreme People’s Court (SPC) in January 2022, have a great impact on commercial arbitration, while demonstrating a comprehensive support to develop arbitration as a means of dispute resolution. “The minutes represent a swift attitude change toward ‘arbitration before litigation’ clauses,” she says.
“Courts used to make independent decisions on whether contracts containing such a clause should go through arbitration or litigation, but now the SPC treats the ‘arbitration before litigation’ arrangements as valid arbitration agreements, as in only the agreement on litigation is deemed invalid, without affecting the validity of arbitration agreement.”
Judicial bodies and adjudicators have innovated by opening other fronts to make dispute resolution overall more pragmatic and cost-efficient. Ray Liu, of Dorsey, is especially impressed with the SPC’s “one stop” diversified resolution platform for international commercial disputes.
“The platform allows for information sharing and connection between the litigation, mediation and arbitration mechanisms of the China International Commercial Court,” he says. “Since its inception, it has included numerous prominent international commercial arbitration and mediation institutions, and this year it connected with the Hong Kong International Arbitration Centre [HKIAC] for the first time.
“As a distinctive mechanism that organically connects litigation, mediation and arbitration with one another, it provides effective judicial support throughout international commercial disputes for Chinese and foreign parties alike, demonstrating the labours of China’s ‘smart court’ development and its competitive edge in international dispute resolution.”
Smart court, as mentioned by Liu, refers to the modernisation of China’s court system and capacity with big data, cloud computing, artificial intelligence and other cutting-edge technologies. “By allowing online filing of cases and online court hearings, smart courts offer a lot of convenience to both lawyers and their clients,” says Zhang Guanglei.
Similarly, China’s burgeoning sector of arbitration is trail blazing on the digital front. Zhang Guanglei, of Jingtian & Gongcheng, cites the 2022 edition of arbitration rules of Shanghai Arbitration Commission (SHAC), enacted on 1 July, and the arbitration rules of the Shenzhen Court of International Arbitration (SCIA), amended in February 2022, as prime examples.
Zhang Lixia, Huamao & Guigu Law FirmZhang Lixia, Huamao & Guigu Law Firm
The SHAC rules provide that “unless the parties agreed to the contrary, arbitral tribunals may elect to conduct hearings on online video or video-conferencing platforms according to the needs of the case,” while the SCIA rules provide that the arbitral institution or tribunal may require parties to submit documents, and arrange the case filing, service, hearing and cross-examination through the online arbitration service platform, unless they agreed to the contrary.
Besides developments towards “smart arbitration”, SHIAC’s new arbitration rules made other strides to match the international pace, including requiring the disclosure of third-party funding (TPF) and including international investment disputes into the jurisdiction of arbitration.
Forming a clear pattern, the new arbitration rules of the Beijing Arbitration Commission (BAC), effective from 1 February 2022, recognised the validity of online hearings and electronic services. It further revamped rules on the composition of an arbitral tribunal by allowing two arbitrators to jointly elect a presiding arbitrator, in the event that the parties failed to do so first.
“Diversification of how presiding arbitrators are produced has positive effects on the arbitral tribunal’s independence and credibility of the institution,” says Zhang Lixia.
Chen Xiaoshan, of DLA Piper, reserves particular praise for the HKIAC’s Case Digest system launched at the end of 2021. “This database includes anonymised and summarised procedural decisions made by the HKIAC under various procedural rules,” he says. “It offers parties and their representatives insight into the procedural decision-making of the HKIAC’s proceeding committee and the appointments committee. It also helps parties and their representatives better understand the relevant HKIAC rules.”
Starting from 1 June 2022, CIETAC enacted its Special Relief Arrangements on Arbitration Fees Responding to the Covid-19 Pandemic, which set out scenarios where arbitration fees may be reduced or returned if the parties are affected by the pandemic. “By alleviating the cost concerns of parties, especially for SMEs, it is undoubtedly a welcome policy for those seeking legal relief to defend their lawful rights,” says Cao.
Furthermore, the China Marine Law Association (CMLA) and China Maritime Arbitration Commission (CMAC) jointly published the CMLA Ad Hoc Arbitration Rules and CMAC Rules as Appointing Authority in Arbitration on 18 March 2022.
Ad hoc arbitration, conducted without recourse to institutional arbitration rules and without the oversight of an arbitral institution, is often seen as a less costly, more flexible option. Previously, it had been elusive in China’s relevant legislations, although overseas ad hoc arbitral awards may be recognised and enforced, according to the SPC’s interpretations to the CPL.
“These are the first ad hoc arbitration rules formulated and promulgated in China, as an important step to match with international practice,” says Zhang Lixia. “The debut of domestic ad hoc arbitration rules is a bold, innovative move that will set valuable precedents to the amendments of the Arbitration Law.” The addition of “ad hoc arbitral tribunal” in last year’s draft of the amended Arbitration Law was perceived as the first sign of importing the practice at long last.
Between the amended CPL affirming the validity of online litigation, and its top arbitration venues revising their rules to facilitate online hearings, it is safe to conclude that online dispute resolution (ODR) continues to thrive in China. But where does it go from here?
Zhang Guanglei, Jingtian & GongchengZhang Guanglei, Jingtian & Gongcheng
Since the outbreak of covid-19, online alternatives to in-person events, formerly considered to be relatively niche, quickly entered mainstream and in many cases became pillars that supported their forms of activity through the toughest times.
However, some would argue that the toughest times are behind us. Offline events have made a resounding comeback in 2022, especially in countries and regions where gathering and travel restrictions have been eased. According to a recent Bloomberg analysis, many billionaires who found their fortunes exponentially increase due to covid-induced market restructurings have now watched the same numbers plummet by as much as 80% as the needs for their products recede.
These include the chairman and CEO of Zoom, operator of the popular video-conferencing software; the co-founder of Carvana, an e-commerce platform for used cars; and the founder of Coupang, often referred to as the “Amazon of South Korea”.
These trends seem to indicate that, while the value and popularity of virtual events cannot be denied, they may have been somewhat expanded by the extraordinary circumstances of the past few years. But is that the case for ODR?
“Personally, I believe the need for ODR will decline after the pandemic, but not necessarily to the pre-covid level,” says Cao, who proposes to base the form of hearings on the specific type of dispute. “For certain complicated disputes, especially tech-related ones, offline hearings allow arbitration attorneys to better state the case, and for the tribunal to better sort out the convoluted facts,” he says.
By comparison, disputes involving relatively small amounts or less complex circumstances benefit little from physical proceedings,” he adds. “Parties may opt for online or hybrid hearing in order to conserve both costs and time.”
Zhang Guanglei agrees that the demand for ODR will remain above pre-covid levels even with the pandemic coming under control and offline events mounting a robust return. “While online hearings still risk being incompatible with highly specialised or technical cases, it can still subsist as a viable option with technological improvements, or the adoption of an ‘online plus offline’ mode,” he says.
“Just in the first half of 2022, we have conducted a number of hybrid arbitration hearings, where arbitrators or attorneys sometimes patch in via online access, which to a large degree prevented delays caused by incompatible time arrangements between all participants.”
Ray Liu points out that the innate advantages of ODR will endure even with the resumption of physical hearings. “To lawyers, ODR is expedient, efficient and fast, free from spacial constraints; while for clients, especially SMEs, ODR saves costs in transportation and printing, while also consuming less time.”
On the other hand, he does not believe that ODR is on a path to completely overtake the more traditional format. “ODR makes it difficult to verify party identities, give testimonies and present evidence, and is especially limited when the cases are complex or the parties suffer from bad internet connection,” he points out.
Ray Liu, DorseyRay Liu, Dorsey
“I believe that ODR is at its most useful and efficient in small claim cases such as cross-border e-commerce disputes or domain name infringements, while traditional offline procedures are more suitable to complicated cases involving a lot of witnesses and physical evidence.”
Apart from practicality, ODR’s post-covid rise to prominence may have irrevocably altered the general habit of legal professionals. To Ji Xuefeng, the director of Tianjin office of Anli Partners, ODR exceeded her expectations in terms of efficiency and ease of use. “I believe that in the future, even when the pandemic is a distant memory and life has resumed a normal pace, ODR will still enjoy a significant presence,” she says, “especially as it makes long-distance proceedings so much more efficient by taking traffic time out of the equation.”
Zhou Zhiming, a Shanghai-based partner at Guantao Law Firm, acknowledges that social perception of ODR has changed, and that the pandemic helped its spread and development by allowing its strengths and value to shine. He says that in prior surveys he conducted in his capacity as the director of the civil and commercial litigation committee of the Shanghai Bar Association, many lawyers reported that due to technical constraints and inconsistent ODR capacity at each court and arbitration venue, the ODR experience overall fell short of its offline counterpart.
Nevertheless, Zhou is optimistic about the long-term applicability and accessibility of ODR. “To parties or lawyers participating in online lawsuits or arbitrations, my advice is to explore the option of submitting in-trial comments to the court or tribunal beforehand,” he says. “During the trial, it is important to keep expressions concise and accurate. In addition, pre-hearing preparations should cover not only the case itself, but also the internet connection, equipment and environment, and make any necessary adjustments.”
In many ways, China’s explorations of technology-based judicial proceeding have gone beyond the use of video-conferencing and the digitisation of evidence. In 2017, the first internet court in the world was inaugurated in Hangzhou. Beijing and Guangzhou soon followed suit.
“Internet courts, incorporated with technologies related to identity authentication, electronic data input, online evidence presentation and electronic delivery, are fully online unless parties applied to conduct certain procedures offline,” says Chris Zhang.
As internet courts are designed to handle internet and technology-related cases such as disputes over online service contracts, domain names, blockchain, cryptocurrency and non-fungible tokens (NFTs), they form a unique ecosystem to use technologies to resolve tech-related disputes, giving rise to a series of valuable legal precedents.
“The Hangzhou Internet Court gave online judgments to China’s first unfair competition case involving big data products, the first case to confirm the legal review method of blockchain electronic certificates, the first Bitcoin ‘mining machine’ dispute, and the first NFT infringement,” says Ray Liu. “Evidently, internet courts are innovative not only in its procedures, but also in terms of the types and nature of the disputes.”
In July 2020, the Hangzhou Internet Court officially launched its cross-border trade tribunal, being the first in China to specialise in cross-border digital trade disputes. The first case it heard, a lawsuit filed by a Singaporean user against Tmall, China’s biggest B2C e-commerce platform, was broadcast live across dozens of media and watched by 8 million viewers.
“I believe that AI, blockchain and such technologies will profoundly transform ODR and internet courts, and fundamentally affect the procedural, or even substantive, rules of court proceedings, including how services are delivered and how evidence is presented,” says Liu.
!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement(“script”);o.async=1,o.id=n,o.src=”https://e.infogram.com/js/dist/embed-loader-min.js”,d.parentNode.insertBefore(o,d)}}(document,0,”infogram-async”);
China Business Law Journal reveals the law firms that have excelled in the past year
We asked some of our elite A-list lawyers to provide us with keywords that others might use to rise to the top of their game
After months of intensive market surveys and research, China Business Law Journal’s editorial team unveils our In-house Counsel Award winners
Top arbitration institutions examine the evolution of the sector in China
General counsel hold the keys to unlocking sound investment opportunities in troubled times
Join our mailing list for legal news and alerts

source

Read more
No Comments

Data blind: Universities lag in capturing and exploiting data – Science

Data blind: Universities lag in capturing and exploiting data  Science
source

Read more
No Comments

5 best talent management software systems in 2023 – TechTarget

The need for organizations to automate their talent management processes increased dramatically in recent years, especially when the COVID-19 pandemic forced companies to implement work-from-home policies. The shift to a predominantly remote workforce made in-person, manual processes difficult, if not impossible.
Talent management software continues to be not just useful, but essential, even as workers return to the office. Besides helping to automate talent processes and provide self-service options to employees and managers, talent management software systems enable companies to stay engaged with current, potential and past employees, no matter where they live and work.
Often driven by the HR department and supported by people managers, talent management spans an employee’s entire lifecycle at a company. It includes all the processes, guidelines and systems used to attract, retain, develop and manage employees.
Talent management encompasses all of the tools and processes needed to meet the human capital needs of the enterprise, including hiring people with the right skill set, training workers on new technologies and tracking employee information.
This article is part of
Download this entire guide for FREE now!
Talent management software refers to all the systems and applications needed to manage the employee lifecycle in an organization. Multiple systems may be part of a company’s landscape, with some offering specific functionality: for example, a core HR system that tracks basic employee data, another system for performance management and a third for learning management. But some products — the comprehensive suites that are the focus of this roundup — can provide most or all of the talent management functions in one system that has a consistent look and feel.
Talent management software features are often categorized by modules, each of which handles a specific function. A compensation module, for example, is used specifically to manage pay raises and to plan strategies for rewarding employees. Though it’s ideal to have a comprehensive package to manage talent, it’s often not possible to implement the whole system at once. Also, depending on company culture, size, budget, industry and priorities, some of the functions available on the market may not be needed.
What follows is an explanation of the modules and some of their key features to consider when choosing talent management software systems. The standard functionality is often similar among vendors, so the focus here is on capabilities that may not be provided by every vendor.
There’s a plethora of talent management software products to choose from. Consider the following key factors when selecting a talent management platform vendor:
When evaluating an all-in-one package, consider how the vendor enables its customers to use data across multiple modules. Skills data, for example, might be valuable in multiple situations, such as rating employees in performance management, looking for internal candidates to fill open positions and auto-assigning development training to employees.
Along these lines, we’ve narrowed the list to the five best talent management software packages that provide support for all or most of the employee lifecycle.
This software supports all aspects of talent management, including the payroll functions that ADP is known for. Candidates can apply through the applicant tracking module, complete all the new hire forms in the onboarding module, view and update personal information, and manage performance and compensation.
Key features
Similar to Workforce Now, Dayforce supports the entire employee lifecycle, including payroll. Ceridian has spent years making an HR system that supports companies with employees in multiple countries with various currencies.
Key features
Developed for smaller organizations, BambooHR offers many features to support the employee lifecycle, with a UI that’s intuitive to employees and the HR team. The system provides a comprehensive set of features and is easy to integrate with many niche vendors that have pre-built interfaces with BambooHR.
Key features
One of the biggest vendors in the HR software market, Workday offers a comprehensive and configurable SaaS talent management package for domestic and international customers.
Key features
Like Workday, SAP SuccessFactors offers all the functionality needed for talent management, but under the umbrella of human experience management (HXM). Targeted at large organizations, the suite is configurable and has a consistent look and feel across the platform.
Key features
Whether the choice is a single vendor providing an all-in-one package or multiple vendors offering niche applications, automating the entire talent management process is imperative for companies juggling remote and hybrid workforces, battling to attract and retain highly skilled talent, and continuing to compete at a high level.
Talent management software provides many advantages in the areas of recruitment, performance management, training and education, and compensation management. Companies can collect, centralize, track, store, report and analyze employee data, while receiving automated reminders and notifications. Prospective and current employees have access to self-service options to complete tasks when convenient, without depending on the HR team or their managers.
How are recruitment and talent acquisition different?
9 keys to a killer recruitment marketing strategy
Employment background checks shift to continuous
6 trends in recruiting technologies
Critical SAP vulnerabilities are a constant concern and are increasing as SAP systems open more due to digital transformation and…
SAP Build, a new low-code platform that debuted at SAP TechEd, is designed to enable business users to create apps, but it’s …
SAP Sustainability Control Tower enables companies of all sizes to gather and manage ESG data. The revamped SaaS model focuses on…
With its Cerner acquisition, Oracle sets its sights on creating a national, anonymized patient database — a road filled with …
Oracle plans to acquire Cerner in a deal valued at about $30B. The second-largest EHR vendor in the U.S. could inject new life …
The Supreme Court ruled 6-2 that Java APIs used in Android phones are not subject to American copyright law, ending a …
The analytics vendor and open source tool have already developed integrations that combine self-service BI and semantic modeling,…
Free Ingest encourages the vendor’s customers to use its data import tools, rather than a third party’s, to reduce the complexity…
In addition to an easy-to-use BI platform, keys to developing a successful data culture driven by business analysts include a …
Content management trends — AI, cloud deployment, knowledge management and data privacy — can help organizations automate …
When it comes to ECM, there are myriad vendors to consider. Delve into 10 platforms to understand their capabilities and …
PIM systems help retailers manage product information across channels. Key PIM system benefits include improved employee …
Expect more organizations to optimize data usage to drive decision intelligence and operations in 2023, as the new year will be …
These 10 roles, with different responsibilities, are commonly a part of the data management teams that organizations rely on to …
These eight challenges complicate efforts to integrate data for operational and analytics uses. Here’s why, plus advice on how to…
All Rights Reserved, Copyright 2017 – 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

Read more
No Comments

Startups to Watch in 2023 for Unicorn Valuations – The Recursive

Search for…

2022 was another strong year for unicorn creation in Central and Eastern Europe. It saw the rise of eight new unicorns in the wider CEE region, moving the total to 44. Startups with $1B+ valuations included Bulgarian fintech Payhawk, Czech enterprise software company Productboard, and Croatian automaker Rimac Automobili. 
Despite the economic downturn, a total of €5.3B VC money flooded in the region, making it one the fastest growing regions for VC funding in Europe.
What is in the cards for 2023? The Recursive scouted for the tech startups to watch in 2023, as they have the biggest chances to become the next unicorns of Central and Eastern Europe. 
We selected startups with an estimated valuation between $200-950M, the last funding year being at least 2017, and with headquarters or founding place in Bulgaria, Romania, Greece, Western Balkan countries, The Czech Republic, or Poland. Valuations estimates are provided by Dealroom, unless otherwise indicated.
 
In 2021, fintech startup Payhawk, which was on our previous soonicorns listbecame the first unicorn originating from Bulgaria. Four years after founding, the company raised a $100M round in March 2022, extending its previous historic Series B. Another Bulgarian private tech company rumored to have a valuation of over $1B is SiteGround, the web hosting company founded in 2004. The rest of startups to watch in 2023 follows the candidate list from last year.
 
Founders: Dilyan Pavlov
Headquarters: Massachusetts, US
Industry: Enterprise Software
Solution: Asset management and reporting software for alternative assets.
Total funding: N/A
Estimated valuation: $900M
Last round: Strategic growth investment in 2021, undisclosed amount
 
Founders: Krasimir Marinov, Peter Brodsky, Vladimir Tzankov
Headquarters: New York, US
Industry: Enterprise Software
Solution: Data automation technology to improve operational efficiency.
Total funding: $289M
Estimated valuation: $400—600M
Last round: $100M Series E in December 2021
Founders: Ivan Osmak, Jordan Angelov, Radoslav Georgiev, Bo Pedersen
Headquarters: Colorado, US
Industry: Enterprise Software
Solution: A software and services company offering a data-drive OKR platform where companies can track their most important metrics to improve decision making.
Total funding: $160.6M
Estimated valuation: $480—720M
Last round: $120M Series C in December 2021
 
Founders: Snejina Zacharia
Headquarters: Massachusetts, US
Industry: Financial Services, Insurance
Solution: Virtual insurance platform for auto, home, and life insurance using AI and predictive analytics.
Total funding: $130M
Estimated valuation: $400—600M
Last round: $100M Series B in 2021
 
Over the years, Romania has produced two unicorns: publicly listed RPA company UiPath, and privately owned blockchain and crypto startup MultiversX (formerly Elrond). Privately owned e-commerce giant eMAG is also valued at over €1B+. Among the potential unicorn startups to watch in 2023, we see the rise of companies aiming to digitize and modernize the financial services system.
 
Founders: Florin Talpeș
Headquarters: Bucharest, Romania
Industry: Cybersecurity
Solution: Cybersecurity solutions for end users and businesses.
Total funding: $187M
Estimated valuation: $600M
Last round: $180M, secondary market, 2017
 
Founders: Eduard Oneci, Vasile Burcin
Headquarters: Nicosia, Cyprus
Industry: Fintech, Crypto
Solution: A crypto liquidity platform that enables instant card issuance for purchases at any merchant.
Total funding: $75M
Estimated valuation: $300—450M
Last round: $75M late VC series in November 2022
 
Founders: Sergiu Negut, Teo Blidarus 
Headquarters: London, UK
Industry: Financial services
Solution: Low-code solutions for the digital transformation of the finance industry.
Total funding: $81.3M
Estimated valuation: $281M
Last round: $60M Series B in 2021.
 
Founders: Chris Turlica, Nick Haase 
Headquarters: San Francisco, California
Industry: Enterprise Software
Solution: Tools for preventive maintenance and control of daily business operations.
Total funding: $42.8M
Estimated valuation: $156—234M
Last round: $39M Series B in 2021
 
So far, the accelerating Greek tech startup ecosystem has produced two unicorns: learning certification company PeopleCert and neobank Viva Wallet, which recently completed its partial acquisition by JP Morgan. 
In 2022, automotive leasing company FlexCar made one step further towards becoming the next unicorn company from Greece, after a €210M VC round. An industry fellow company, Spotawheel, joined the ranks with a €100M growth equity round.
 
Founders: Konstantinos Davaris, George Desyllas
Headquarters: Athens, Greece
Industry: Automotive
Solution: Automotive leasing solutions that make car ownership flexible and minimize advance payments.
Total funding: $326M
Estimated valuation: $924M—1.4B
Last round: €210M late VC round in 2022
 
Founders: Alex Chatzieleftheriou, Penny Papakonstantinou, Alexis Maragkos, Andreas Nezeriti
Headquarters: New York, US
Industry: Real estate
Solution: Proptech rental company offering a platform for booking flexible stays.
Total funding: $251M
Estimated valuation: $560—840M
Last round: Undisclosed late VC round in November 2022
 
Founders: Charis Arvanitis, Kiriakos Agadakos 
Headquarters: Néa Ionía, Greece
Industry: Automotive
Solution: Dealership platform for used cars.
Total funding: $138M
Estimated valuation: N/A
Last round: €100M growth equity VC stage in April 2022
 
Founders: Alexis Pantazis, Emilios Markou
Headquarters: Maroussi, Greece
Industry: Financial services
Solution: Offers car, motorcycle, and home insurance solutions.
Total funding: $50.9M
Estimated valuation: $141-211M
Last round: €32M late VC round in 2021
In 2022, Western Balkan countries welcomed a new unicorn – Croatian automotive company Rimac Automobili, after raising a €500M Series D round. Rimac thus became the second company with a >$1B valuation in Croatia after communication software company Infobip.
Other success stories in the region include Serbian gaming company Nordeus$378 million acquisition in 2021. Several Croatian and Serbian companies raised further rounds and 2022 and made our list of startups to watch in 2023 for unicorn valuations.
 
Founders: Aleksandar Čabrilo, Dusan Kosic
Headquarters: California, US; founding location – Serbia
Industry: Enterprise Software
Solution: Consulting, software engineering and digital product development services.
Total funding: $140M
Estimated valuation: N/A
Last round: $140M initial round at the beginning of 2022
 
Founders: James Isilay, Stjepan Buljat
Headquarters: London, UK; founding location – Croatia
Industry: Enterprise software, Marketing, AI
Solution: Sales intelligence software that uses AI tools to extract sales and recruitment leads from big data.
Total funding: $128M
Estimated valuation: $350—525M
Last round: $87.5M Series C in January 2022
 
Founders: Deniz Kural, Igor Bogicevic; CEO: William Moss
Headquarters: Massachusetts, US; founding location – Serbia
Industry: Biotechnology
Solution: Specializes in software and data analytics to drive healthcare research.
Total funding: $113M
Estimated valuation: $250M
Last round: $15M closing of a $30M Series C in 2021
 
Founders: Davor Tremac, Filip Sturman, Ivan Ivankovic
Headquarters: Dublin, Ireland; founding location – Croatia
Industry: Enterprise software, Fintech
Solution: Solution for tax automation and compliance for companies to streamline the transactional chain.
Total funding: $85M
Estimated valuation: $240—360M
Last round: $60M Series B in July 2022
 
Founders: Mario Vuksan, Tomislav Peričin
Headquarters: Massachusetts, US; founding location – Croatia
Industry: Enterprise Software
Solution: Threat detection solutions for the software supply chain.
Total funding: $81M
Estimated valuation: $224-336M
Last round: €48M Series B in 2021
 
Founders: Andrej Bencic, Miljan Tekic, Bogdan Habic, Nebojsa Urosevic
Headquarters: San Francisco, California; founding location – Serbia
Industry: Enterprise software, Fintech
Solution: An Ethereum Developer Platform for real-time monitoring, alerting, debugging, and simulating of smart contracts.
Total funding: $55.3M
Estimated valuation: $250M
Last round: $40M Series B in March 2022
 
After becoming the first Czech unicorn in 2021, Rohlik Grouo raised a further €220M Series D  this year. 2022 also saw the rise of San-Francisco-based Productboard, after it raised a $125 million Series D. The company’s valuation now sits at $1.725 billion. Logistics provider ShipMonk is also estimated to have a valuation of over $1B, after closing a $290M round in 2020. In January 2021 they raised another $65M growth equity VC round and at the beginning of 2022 they acquired competitor Ruby Has Fulfillment. Several companies with valuations over $500M and recent fundraising rounds could become the country’s next unicorns.
 
Founders: Dr. Ben Maruthappu, Marek Sacha
Headquarters: London, UK
Industry: Healthcare
Solution: A digital-first home healthcare company offering care, nursing, telehealth and repeat prescriptions.
Total funding: $303M
Estimated valuation: $686M—1B
Last round: £130M in debt and £130M from VCs in August 2022
 
Founders: Richard Valtr
Headquarters: Amsterdam, The Netherlands
Industry: Enterprise Software, Travel, Fintech
Solution: A SaaS-based property management system that simplifies hotel operations, from reservations to payments and others.
Total funding: $230M
Estimated valuation: $865M
Last round: $185M Series C round in 2022, one of the largest funding rounds in the Czech Republic in 2022
 
Founders: Jan Mrazek, Michal Klaus
Headquarters: Toronto, Canada
Industry: Enterprise Software, Deep tech
Solution: A software company that specializes in solutions for data quality, master data management, and data governance.
Total funding: ~$152M
Estimated valuation: $550M
Last round: $150M growth equity VC in 2022, one of the largest funding rounds in the Czech Republic in 2022
 
Founders: Tomas Gogar, Petr Baudis, Tomas Tunys
Headquarters: London, UK
Industry: Enterprise Software, Legal, AI
Solution: A cloud document gateway for automated business communication using AI.
Total funding: $106M
Estimated valuation: $400—600M
Last round: $100M Series A in October 2021
 
Founders: Marcin Cichon, Martin Dr. Wricke
Headquarters: Pfaffenhofen, Germany
Industry: Enterprise Software, Marketing
Solution: A provider of full suite price management and CPQ SaaS solutions.
Total funding: $126M
Estimated valuation: $260—390M
Last round: $65M Series C in 2020
 
Founders: Tomas Kratky
Headquarters: New York City, NY
Industry: Enterprise Software, Big Data
Solution: Offers a central hub of all data flows in the organization.
Total funding: $52.5M
Estimated valuation: $140—210M
Last round: Late VC round in December 2022, following a Series B of $35M in May 2022, one of the largest funding rounds in the Czech Republic in 2022
 
Founders: Jiri Kobelka, Samuel Sramko
Headquarters: Miami, Florida
Industry: Fintech, Web3
Solution: Empowers web 3.0 developers to build apps fast.
Total funding: $41.7M
Estimated valuation: $166—249M
Last round: An early VC stage round of $41.5M in October 2022, one of the largest funding rounds in the Czech Republic in 2022
 
Founders: Michal Mensik
Headquarters: Prague, Czech Republic
Industry: Logistics, Transportation
Solution: Delivery solutions for businesses of any kind.
Total funding: $66M
Estimated valuation: $264—396M
Last round: €60M Series B in May 2022, one of the largest funding rounds in the Czech Republic in 2022
 
The Polish startup ecosystem has vast tech talent and a growing pool of VC funding, key ingredients for breeding future unicorns. So far, healthcare startup DocPlanner is the country’s sole official unicorn. Another private tech company valued at over $1B is e-commerce player Modivo (formerly eobuwie.pl). 2022 saw several Series B to Series D funding rounds, bringing new contenders to the unicorn status.
 
Founders: Rafał Modrzewski, Pekka Laurila
Headquarters: Helsinki, Finland
Industry: Space tech
Solution: Micro-satellites for the capture of images from space. A spin-off from Aalto University.
Total funding: $302M
Estimated valuation: $544—816M
Last round: $136M Series D in February 2022
 
Founders: Michał Borkowski, Tomasz Kraus, Łukasz Haluch
Headquarters: Krakow, Poland
Industry: Education
Solution: The world’s largest peer-to-peer learning community for students, parents and teachers.
Total funding: $152M
Estimated valuation: $320—480M
Last round: $80M Series D in 2020
 
Founders: Piotr Pisarz 
Headquarters: London, UK
Industry: Fintech
Solution: A revenue-based finance provider, which allows founders to raise growth capital without giving up control of their business.
Total funding: $117M
Estimated valuation: $320—480M
Last round: Support program from Tech Nation and a Series B of $80M in 2021
 
Founders: Konrad Howard, Stefan Batory
Headquarters: San Francisco, California
Industry: SaaS, e-commerce
Solution: A beauty marketplace for finding, scheduling, and managing appointments, enabled by a SaaS mobile app.
Total funding: 148M
Estimated valuation: €255—382M
Last round: $70M Series C in January 2021
 
Founders: Przemek Kowalczyk, Szymon Sypniewicz
Headquarters: London, UK
Industry: Fintech, Web 3.0
Solution: A non-custodial fiat-crypto exchange infrastructure that makes it easy for users to jump on and off of Web3 from anywhere.
Total funding: €123M
Estimated valuation: €255—382M
Last round: $70M Series B in November 2022
 
Founders: Wojtek Sadowski, Patryk Kabaj, Konrad Kwiatkowski, Arkadiusz Wasilonek
Headquarters: Warsaw, Poland
Industry: Packaging, Retail
Solution: Online marketplace that simplifies ordering and management of branded packaging.
Total funding: $56.3M
Estimated valuation: $176—264M
Last round: €40M Series B in 2021
 
Founders: Martin Markiewicz, Julia Markiewicz
Headquarters: Singapore, Singapore
Industry: Fintech, AI, Legal
Solution: Explainable AI that enables you to solve more screening alerts in less time and with greater accuracy
Total funding: $55M
Estimated valuation: $160—240M
Last round: $40M Series B in March 2022
Over 1 million people from all over the world have learned about the tech ecosystem in Central and Eastern Europe thanks to The Recursive. In order to keep our content free for everyone, we need your help. If you believe what we do is important and have the means to do so, support us in giving a voice to Central and Eastern Europe with as little as €7. Thank you!
Every single contribution of yours helps us guarantee our independence and sustainable future. With your financial support, we can keep on providing constructive reporting on the developments in the region, give even more global visibility to our ecosystem, and educate the next generation of innovation journalists and content creators.
Find out more about how your donation could help us shape the story of the SEE entrepreneurial ecosystem!

One-time donation
You can also support The Recursive’s mission with a pick-any-amount, one-time donation. 👍

The Recursive
Address: Sofia 1504, 6 Shipka Str.
For news stories, reach out to: [email protected]
For content marketing partnerships: [email protected]

© 2020 – 2022 – Recurisve Media JSC | All rights reserved Web Development by Vipe Studio – WordPress Agency
AI
Blockchain
Cybersecurity
Dev Tribe
Health
Edtech
Mobility
Gaming
Agritech
Climate Tech
Social Impact
Smart Cities
AI
Blockchain
Cybersecurity
Dev Tribe
Health
Edtech
Mobility
Gaming
Agritech
Climate Tech
Social Impact
Smart Cities

source

Read more
No Comments

Trello vs. Asana: Which project management software reigns … – Business Management Daily

Enter your email address to instantly generate a PDF of this article.
Whether you’re a freelancer or supervise small teams for enterprise-level companies, project management tools are a must if you want to stay efficient and organized. Today, two apps that dominate the project management workspace are Trello and Asana. Both are industry-leading applications used by both startups and Fortune 100 companies for team collaboration, and they each feature free versions that you can start using right now.
Yet, the two have critical differences in functionality, integrations, workflow, pricing, and features.
At a glance, Trello is the go-to platform if your primary project management tool is a kanban board, as that’s what it undoubtedly does best. Its kanban board is highly user-friendly, and you can add other functionalities to Trello through power-ups.
If you’re after more features and flexibility, you may prefer Asana.
Why is that?
It’s because Asana lets you break down projects into specific categories and groups of tasks with particular assignees. Other features include Gantt charts (starting with the Business Plan), subtasks, and customizable dashboards.
Asana also has kanban-style planning, but it’s not as robust as Trello.
However, neither application can do everything, so it’s crucial to familiarize yourself with both to determine which is best for you. That’s why I’m pitting Trello vs. Asana in a detailed breakdown of each platform’s features, pricing, and support.
If you’ve never used any project management apps before, you may not know anything about Asana or Trello. Both offer project management solutions for freelancers and companies, but the key difference lies in the features they focus on. In particular, Trello relies heavily on its kanban board for work management.
What’s a kanban board?
It’s a visualization tool that uses cards to represent tasks (along with due dates for each card), columns to represent workflow stages, and swimlanes to represent different teams and activities. A kanban board is one of the most effective ways to monitor progress on a project due to its simplicity, and it’s what Trello focuses on the most.
Asana, on the other hand, also features a kanban board, but it’s not the main focus of the application. Instead, Asana has more robust features for task management, including lots of customizability.
With Asana, users can assign individual tasks to assignees in a feature, story, or project. There’s also a calendar view and a to-do list for each team member containing their current tasks (as well as their deadlines).
In short, Asana works better for more complex projects requiring lots of teamwork, while Trello excels at more straightforward tasks. As such, which app you choose will depend heavily on the scope of your project.
Due to its simplicity, Trello is excellent for freelancers wanting to keep track of a few daily assignments. It’s also an excellent tool for smaller teams that don’t want to spend much time dealing with a steep learning curve.
That’s because the Trello board view is so user-friendly and simplistic that anyone can learn how to use it without needing tutorials.
If you’d prefer to hit the ground running on a new project instead of learning the ins and outs of Asana’s more robust features, Trello is an excellent option. It’s also free to use (as long as you don’t add any power-ups), making it even more appealing to freelancers and small businesses.
Yet, if your work is a bit more complex and involves many moving parts, Asana may be the better choice.
If you’re juggling managing a ton of tasks and projects at once, Asana can help you keep track of it all. Compared to Trello, Asana can do much more with task dependencies.
What are those?
In project management, task dependencies refer to the specific order in which certain tasks must be completed.
An example would be specifying that a blog article cannot proceed to the publishing phase until editing/image creation is complete. Another example is stating that electrical work can’t begin until the drywall installation is done.
With Asana, you can easily add dependencies to any task, which is a definite plus. That way, you won’t have to worry about certain phases of the project getting done out of order.
That’s why many large companies choose Asana over Trello due to the wide variety of features and customizable options.
Now it’s time to take a closer look at the core features of both applications to determine which suits your needs better.
Right off the bat, it’s crucial to note that Asana offers more features out of the two by default. While it’s possible to add more capabilities to Trello, they involve power-ups (either by Trello or a third party), and these tend to be hit-and-miss.
Trello’s key features
As stated previously, Trello’s interface revolves around its kanban-style features, which consist of:
Boards. Trello’s kanban board is where every project lives. They keep all your tasks organized along each stage of the project, from ‘things to do’ to ‘completed tasks.’ The boards are highly visual in nature and are easy to read, even if you’ve never used a kanban board before.
Lists. Each board will also have a list view, which represents the stages of each project. These include to-do, doing, and done — but you can also create custom fields. That way, if your project has unique stages, you can edit the list to reflect them.
Cards. Lastly, the cards on each board represent individual tasks. Each card contains all the information that a team member needs to get the job done, including the due date and any special requirements. To visualize progress on each task, you move the cards through each stage (to-do, doing, done).
As you can see, Trello provides an extremely straightforward approach to project management that’s effortless to pick up and use.
Each Trello card contains tons of helpful information, including:
Members. These are the assignees for each task, letting you know who’s in charge of completing what at all times.
Due dates. Keep your team members motivated and on track by including clear deadlines for every Trello card.
Attachments. This is a convenient feature, as it lets you attach anything to the card as you would to an email. That way, your team will have all the files, resources, and attachments they need to get the job done straight from Trello.
Checklists. This feature allows you to break tasks into smaller ones on Trello. You can provide a checklist for each card containing all the stages to completion. That will enable you to monitor progress in real-time, which comes in handy.
Besides these core features, Trello also boasts some impressive integrations, including:
Salesforce
Slack
Dropbox
Outlook
Gmail
InVision
Jira
These integrations make tracking your team’s progress effortless without having to change any of your regular tools. For instance, if your team regularly uses Salesforce, integrating it with Trello will allow you to send info easily between the two.
project management software-450x400px-1
If you’re a fan of Trello’s simple visual style but want more features, you can opt for its power-ups. These are integrations that come from both Trello and third-party developers.
For this reason, Trello’s power-ups can vary in quality, sometimes drastically. On average, the power-ups provided by Trello tend to be the most reliable and high-quality. Third-party power-ups are more of a risk, but that doesn’t mean that all of them are bad.
It just means that it can be tough to tell if a power-up will be worth it or not, which is a risk you won’t have to take with Asana.
With that said, here’s a look at some of the most popular power-ups you can add to Trello.
Calendar. The most downloaded Trello power-up is Calendar, an app that places all your active projects on one central calendar. That makes it easy to identify projects and tasks that are falling behind schedule so you can get them back on track. The Calendar app also incorporates color-coded organization to Trello cards, and you can export your calendar to integrate with other third-party apps.
Board Sync. Another popular power-up is Board Sync, which lets you sync projects together (including all cards, lists, and boards).
Crmble. Do you wish your project management software could double as a CRM (customer relationship management)? If so, Crmble is the power-up for you. It’s an easy-to-use CRM that you can use straight from Trello, which means you never have to leave the app to manage customer relations.
Plenty of other power-ups are available, including Google Drive integrations and Gantt charts.
It’s crucial to note that not every Trello power-up is free. Some are, but a majority are considered premium power-ups and require an additional fee. Considering this, Asana has the advantage here as all its features come by default without the need to spend money on add-ons.
Instead of a kanban board, Asana centers around its patented Asana Work Graph® model. It uses a series of graphs, boards, and calendars to visualize your work projects, your team, and the people doing the work.
In particular, Asana represents your work timeline as a graph that’s filled with all your tasks.
You can assign each task to an assignee — as they have their own dashboard. There, they can see their assigned tasks, the deadline, and lots of other information about the project.
You can include attachments and hotlinks in each task description to ensure your team has everything they need to complete the project.
The timeline view is completely adjustable and uses drag-and-drop controls, so you’re able to make tweaks to it on the fly (such as for unexpected setbacks or getting ahead of schedule). You can use these timelines to streamline marketing campaigns, event planning, product launches, and more.
Other features include:
Convert spreadsheets into Asana timelines. A highly useful feature (especially if you’re migrating from using Excel as your project management tool) is importing a CSV file and converting it automatically into an Asana timeline. That way, you can quit using cumbersome spreadsheets without having to input them into Asana manually.
Powerful automation tools. With Asana, you can automate much of the busy work involved with project management. You can automatically direct new tasks to the right project, auto-assign teammates, automate due dates, and more.
Built-in calendar view. Unlike Trello, Asana comes with a calendar view that you can use without downloading an add-on. Its visualization tools make it easy to identify gaps and overlaps in your schedule, which is a plus.
Like Trello, Asana can integrate with many third-party applications and tools, including:
Microsoft Office 365
Slack
Jira
Zapier
Canva
YouTube
Loom
Adobe Creative Cloud
Many others
To see a complete list of apps Asana can integrate with, click here.
Asana has so many valuable and customizable features that it easily wins this matchup. Yet, if simplicity is what you value above all else, you may prefer Trello.
Now it’s time to compare Trello vs. Asana in terms of pricing. First, I’ll start by comparing Trello and Asana’s free plans.
In this regard, Asana is the winner. That’s because you get a lot more features from its free plan than you do from Trello (once again, power-ups are what’s holding it back).
With Asana’s free plan, you get the following:
A list view
A calendar
A kanban board
Unlimited projects
Unlimited cloud storage
With Trello’s free plan, you get:
A kanban board
10 projects
Unlimited cloud storage
Two-factor authentication
As you can see, you get unlimited projects with Asana’s free plan (Trello limits you to 10), as well as a handful of other features missing from Trello.
Here’s a look at Trello’s paid plans:
Standard plan. Tello’s first paid option is the Standard plan, which is $6 per month or $60 annually ($5 per month). The pay is on a per-user basis, so you’ll need to pay for additional users. With the Standard plan, you get unlimited boards, advanced checklists, custom fields, single-board guests, 1,000 workspace command runs each month, and saved searches.
Premium plan. Next up is the Premium plan, which is $12.50 per month or $120 annually ($10 per month). New features include unlimited workspace command runs, table, and calendar workspace views, workspace-level templates, collections, observers, and priority support.
Enterprise plan. Lastly, the Enterprise plan runs $17.50 per month, or $210 annually (still $17.50). Exclusive features for this plan include unlimited workspaces, organization-wide permissions, multi-board guests, attachment permissions, and free SSO and user provisioning.
Realistically, there isn’t much use for the Premium or Enterprise plans for most users. If you’re a freelancer or small team using Trello, 9 times out of 10, the Standard plan or free plan will suffice.
Asana’s pricing structure looks like this:
Premium plan. Above the free plan is the Premium plan, which costs $13.49 per month or $131.88 annually ($10.99 per month). Exclusive features include unlimited essentials, four project views, automated workflows, reporting, community support, and scaled security.
Business plan. Next up is the Business plan, which is $30.49 per month or $299.88 annually ($24.99 per month). Features include advanced workflows and advanced reporting.
Enterprise plan. Like Trello, Asana also has an Enterprise plan. Yet, it’s not a standard plan and requires you to contact their sales department to learn more. This plan is for larger companies that need more visibility, control, and support than Asana’s Premium and Business plans.
As you can see, Asana’s plans are a bit pricier than Trello, but they tend to offer more functionality, especially the Premium plan.
Lastly, let’s compare how both applications handle customer support. After all, if nobody is around to answer your questions, why even bother downloading the app? Here’s a look at the support options for both platforms.
In this category, Trello is the clear winner by a long shot.
Why is that?
It’s because Trello has a far more robust and active customer support system in place. Should you have a question, you can get an answer relatively quickly through live chat or over the phone.
On the other hand, Asana places almost all its support focus on its knowledge base, which consists of guides and tutorials. Should you have questions, you can contact support, but they tend to reply slower than Trello.
By now, we’ve looked at Trello vs. Asana in terms of features, pricing, and support – so it’s time to look at the judge’s scorecards for a final verdict.
Let’s tally it up:
Features: Asana
Pricing: Asana
Support: Trello
While both applications are project management powerhouses, Asana takes the win by a split decision. It’s a more robust and customizable tool than Trello, which is why it gets the nod. Yet, Trello remains the ideal app if kanban boards are your thing and your projects aren’t too complex.
Instantly access free expert advice, management strategies and real-life examples of workplace success.

source

Read more
No Comments

Pharma Knowledge Management Software Market to Hit USD 5.15 … – GlobeNewswire

October 11, 2022 07:00 ET | Source: Market Research Future Market Research Future
New York, New York, UNITED STATES
New York, US, Oct. 11, 2022 (GLOBE NEWSWIRE) — According to Market Research Future (MRFR),”Global Pharma Knowledge Management Software Market, By Software, By Deployment Type, By End-Users  – Forecast 2030”, the global market is poised to touch USD 5.15 billion by 2030, registering an 18.2% CAGR throughout the assessment period (2020 -2030).
Pharma Knowledge Management Software Market Overview
Using pharma knowledge management software helps optimize manufacturing processes in real time. With the growing competition among pharma companies, knowledge management software is becoming increasingly critical to efficient and compliant product development. Rapid digitization and the use of advanced technologies & processes across pharmaceutical companies impact market growth positively.
Top Key Players leading the global pharma knowledge management software market are,
Get Free Sample PDF Brochure: 
https://www.marketresearchfuture.com/sample_request/4269
Pharma knowledge management software features document management solutions for effective & collaborative workspaces connected through the internet and networked systems. It allows sharing of ideas, experience, and knowledge among team members, contractors, and associates. Over recent years, knowledge management solutions have become crucial for pharma companies to share scientific data and other R&D information securely. Pharma companies are boosting investments to deploy sophisticated knowledge management tools to enhance, retain, and transfer knowledge extracted from their R&D.
The global pharma knowledge management software market is expected to gain significant traction in the next few years. The growing demand for robust knowledge management platforms from pharma companies worldwide is a critical driving force. Besides, the spurring rise in healthcare and pharmaceutical industries boosts the market size. Pharmaceutical firms worldwide are increasingly embracing automation.
Today, most pharmaceutical companies and research institutes use these systems to protect the knowledge extracted from their R&D activities and manufacturing professionals during information sharing among various departments across the organization and partnering companies. With the rising demand for these solutions to increase productivity and improve the engagement & performance of employees, the market is projected to perceive significant growth over the past few years.
business continuity, eliminating commute times, expanding the talent pool, and encouraging diversity.
Pharma Knowledge Management Software Market Report Scope:
Browse In-depth Market Research Report (100 Pages) on Pharma Knowledge Management Software Market:
https://www.marketresearchfuture.com/reports/pharma-knowledge-management-software-market-4269
Pharmaceutical and biotech companies need to handle large amounts of complex data extracted from their R&D processes and specialized researchers. The knowledge management system also helps salespersons with accurate information when pitching a specific drug and collects & stores the feedback and data accessed from physicians. AI-powered pharma knowledge management solutions are trending.
The pharma industry is vulnerable to cyber-attacks due to the involvement of vast innovations, massive R&D investments, and intellectual property on patient health data. The risk of intellectual data theft is significantly higher in pharma and biotech companies. Resultantly, the pharma industry is rapidly turning to knowledge management software to securely manage and share their critical data within the organization and with partnering companies during mergers & acquisitions and licensing deals. 
Pharma research and drug development processes are extensively complex and require multiple clinical trials. Therefore, drug development companies need a robust system that can help them recognize unusual patterns in vast clinical trial data and ensure no critical information is overlooked. Pharma companies are increasingly adopting AI-powered knowledge management solutions to enhance their research processes. 
Pharma Knowledge Management Software Market Segments
The pharma knowledge management software market report is segmented into software/solutions, deployment types, end-users, and regions. The software segment is sub-segmented into iOS, Android, Windows, and many others. The deployment type segment is sub-segmented into hybrid, cloud, and on-premise.
The end-user segment is sub-segmented into environmental biotechnology, animal biotechnology, medical biotechnology, forensics biotechnology, agricultural biotechnology, academics, and others. The region segment is sub-segmented into the APAC, Americas, MEA, Europe, and rest-of-the-world.
Ask for Discount:
https://www.marketresearchfuture.com/check-discount/4269
Pharma Knowledge Management Software Market Regional Analysis
North America dominates the global pharma knowledge management software market. The growing adoption of pharma knowledge management software across pharma enterprises drives the pharma knowledge management software market growth. Besides, the early uptake of knowledge management systems in pharma companies of all sizes boosts the market size, supporting interaction & information sharing among scientists and pharma researchers.
The rapidly growing competition and vast demand for multi-disciplined processes among pharma firms in this region escalate the market demand. The growing need for integrating and delivering external & internal scientific data for decision-making and attaining organizational goals influences the market size. Additionally, increasing R&D investments in developing other related technologies, cloud solutions, and economic growth accelerates pharma knowledge management software market revenues. 
Pharma Knowledge Management Software Market Competitive Advantage
The global pharma knowledge management software market appears highly competitive due to several notable players forming a competitive landscape. Industry players initiate strategic approaches such as mergers & acquisitions, collaborations, expansions, and technology/product launches to gain a larger competitive share.
Also, they make significant investments to drive research & development activities and expansion plans. Technology providers employ continuous improvement strategies to analyze product updates, implement improvements, and launch new technologies to meet the changing consumer needs. 
Software developers are increasingly collaborating with biopharma manufacturing to develop automation technologies. Such deals strengthen their position as crucial software & solutions providers. Pharma companies developing biologics, small molecule, and new drug modalities create significant market demand for well-developed knowledge management software to optimize biopharma manufacturing processes in real-time. 
Ask To Expert:
https://www.marketresearchfuture.com/ask_for_schedule_call/4269
For instance, on Sept. 29, 2022, TetraScience, a leading scientific data cloud company, announced a partnership with Scilligence, an industry leader in unified informatics solutions for small molecules and biologics, to enable its customers to access the Tetra Scientific Data Cloud to accelerate productivity and scientific outcomes. Scilligence is committed to helping customers use their scientific data more effectively. 
Its proprietary technologies address three main areas of Life Science informatics needs, including knowledge management and collaboration. TetraScience primarily transforms the way scientific data is used, making it actionable and available for advanced analytics. The partnership will enable TetraScience to help customers gain operational efficiencies, more powerful insights, and better outcomes across the pharma value chain, leveraging the value of all their scientific data. 
Related Reports:
Knowledge Management Software Market Research Report: Information By Type, By Deployment Type, By Organization size By End User and Region—Forecast Till 2030
Clinical Practice Management Software Market Information, By Mode Of Delivery, End User – Forecast Till 2030
Healthcare Revenue Cycle Management Market Research Report, By Type, By Component, By Deployment and By End-user – Global Forecast till 2027
About Market Research Future:
Market Research Future (MRFR) is a global market research company that takes pride in its services, offering a complete and accurate analysis regarding diverse markets and consumers worldwide. Market Research Future has the distinguished objective of providing the optimal quality research and granular research to clients. Our market research studies by products, services, technologies, applications, end users, and market players for global, regional, and country level market segments, enable our clients to see more, know more, and do more, which help answer your most important questions.
Follow Us: LinkedIn | Twitter

source

Read more
No Comments

The Best Tools for Interactive Online Collaboration – Carousel News & Trader

Remote work has become increasingly common in the past few years, but with it comes the challenge of keeping remote teams connected and ensuring everyone is on the same page. Fortunately, various tech tools are now available to ensure that online collaboration is engaging and interactive. Let’s take a look at some of the best ones out there.
Messaging platforms like Slack and Microsoft Teams are great for sending quick, real-time messages to your team. Both allow users to create various channels, making organizing conversations and staying on top of any project updates easier. These tools also offer video conferencing and file-sharing capabilities, making it easier to keep everyone in the loop. These platforms also offer integration with other software, such as Google Drive and Asana.
Teams that need more powerful collaboration capabilities should look into Zoom. This platform offers features like private chat rooms and virtual whiteboards, making it easier for multiple people to work together on the same project. They also provide breakout rooms for smaller group discussions and screen-sharing capabilities.
Sometimes, the best way to collaborate is with a hands-on approach. Remote access software can make this possible even when team members work from different locations. TeamViewer and AnyDesk are two of the most popular tools out there, offering secure remote connection capabilities that allow users to collaborate on projects easily. Their remote desktop apps allow users to share files, chat and even view each other’s screens while they work.
Collaborators can use these desktop-sharing tools to access software and resources only available on specific computers, making it easier to get the job done. Some of these platforms offer additional services, such as online meetings and remote printing. They’re great for teams with members located in different parts of the world.
Many project management tools offer collaboration features that make it easier to stay organized and keep everyone on the same page. Asana is one of the most popular platforms out there, offering features like task lists and to-do’s that can help teams stay on top of their goals. It also offers file-sharing capabilities and a communication center where team members can discuss their progress.
Trello is another popular platform, offering project boards that make it easy to visualize progress and assign tasks. There’s also a commenting system so team members can provide real-time feedback and updates. And its integration with Slack is perfect for teams that use both platforms. Users can send messages and project updates via Slack without switching between different tools.
Document collaboration tools are essential for teams that need to work on documents together. Google Docs and Microsoft Word Online offer easy-to-use features that allow multiple people to work on documents simultaneously. They also include real-time commenting and messaging capabilities, so that team members can provide feedback without waiting for someone to respond.
These platforms can also be used for document storage, making it easier for teams to access documents from anywhere in the world. This can be especially helpful for virtual teams, as it allows them to access the same files without transferring them between different devices. Even better, these tools offer version control capabilities that help teams keep track of any changes to the document.
Wiki software is a great way for teams to share information in an organized and secure way. It can also be used for collaboration, as users can quickly create and edit wiki pages to keep everyone up-to-date. Compared to document collaboration tools, wiki software often offers more features and functionality by providing version control, user permissions, and the ability to link pages.
MediaWiki is one of the most popular wiki platforms out there. It’s free, open-source, and has a user-friendly interface that makes creating and editing pages easy. Its powerful search engine also lets users quickly find the information they’re looking for. Plenty of third-party extensions add additional features and functionality to the platform, making it even more powerful.
Remote work isn’t always easy, but having the right tools makes all the difference in staying productive and connected with your teammates while working from home. Always make sure to do your research and find the tools that best fit your team’s needs. With the right online collaboration tools, your remote team can be just as productive and efficient as if they were all in the same office. Remember, collaboration starts with communication, and having the right tools can help you stay connected no matter where your team is located.

Copyright © 2020 Carousel News | All Rights Reserved.

source

Read more
No Comments

The Best Document Management Software of 2023 … – Business News Daily

Document management software is an important tool for any business. Depending on the service, it can help save time, increase data security, ensure regulatory compliance and improve collaboration. To help you find the best document management software for your business, we assessed various document management services on the market. We considered features like security, mobile functionality, usability, document sharing and collaboration and version control. We also analyzed different prices and payment options and compared cloud-based to on-premise software to determine which is best for your business.
Rubex by eFileCabinet Online is a cloud-based solution that allows remote employees to log in from any computer with internet access and have the same functionality as they would have when working from the office. We previously selected Rubex by eFileCabinet as the best document management system for businesses with a remote workforce.
Editor’s Score: 97/100
We liked that Rubex offers a sophisticated mobile app that provides access to every stored file, unlike some of the other document management software we reviewed. The system uses a traditional cabinet-folder filing structure and provides several ways to search for documents. Rubex by eFileCabinet Online is available in three pricing plans, which vary in features and storage.
M-Files is a comprehensive document management system with an intuitive and easy-to-learn interface. M-Files contains numerous tools that we found helpful for organizing documents seamlessly, digitizing large volumes of physical papers and automating workflow processes. For example, we loved the automatic metadata suggestions DocuWare offers as well as its version control features, which simplify the storage and retrieval process.
Editor’s Score: 94/100
M-Files can also integrate with Parashift, a deep-tech company that specializes in ML document retrieval, so you can accelerate and simplify your document management processes further. Instead of classifying documents and reading data manually, you can process a wide variety of structured, semi-structured and unstructured documents automatically. It’s also a versatile system that can serve a variety of industries, such as accounting, business consulting, construction, engineering, energy, financial services, manufacturing, professional services and real estate.
For businesses that use many different types of software, DocuWare may be the best choice for a document management solution. Integration helps support consistency and organization and offers real-time updated data. This kind of automation ensures that the team’s valuable time is spent on projects that matter rather than day-to-day tasks.
Editor’s Score: 96/100
DocuWare can integrate with over 500 different applications, ensuring that no matter the industry, you can keep track of your documents automatically while maintaining work output. We found DocuWare’s support for different methodologies of integration especially useful, from deep API-based integrations to simple point-and-click integrations. We also liked that DocuWare offers dedicated connectors for SAP, Outlook and other leading software platforms.
Those looking for scalable document management software should consider FileHold. With several pricing tiers and room to add or subtract users, we found FileHold flexible enough to support the needs of businesses of any size. Those looking to add specific features to their document management systems can do so with FileHold, choosing between standard, optional or custom features. Interested customers can sign up for a 30-day free trial to test its various features before making a final decision.
Editor’s Score: 94/100
FileHold also offers FileHold Cloud, allowing teams to upload documents remotely and work from anywhere in the world where there’s an internet connection. This service supports remote teams and collaboration, ultimately saving time and money. We especially liked this feature given the remote or hybrid nature of many teams in the modern business environment.
DocuPhase offers teams a document management solution that supports productivity and helps team members stay on-task. We found this cloud-based system to be very customizable — your team will be invited to try a curated demo before purchasing the software and pricing is based on factors specific to your team. We liked the level of attention DocuPhase pays to your unique needs since every business is different.
Editor’s Score: 92/100
DocuPhase has a lot of standout tools and features that help teams stay organized and productive. Auto-indexing technology allows team members to preset tags and sort incoming files automatically using artificial intelligence, a feature we found particularly useful and uncommon among other document management software. Advanced search functions help teams quickly find information, facilitating simple document retrieval. Automatic file routing shares information with the appropriate people and ensures that documents don’t get lost in the shuffle. We found these tools to be helpful in boosting productivity and reducing the time it takes for a user to accomplish tasks within the system.
isoTracker provides the best customer support out of all the document management software providers we reviewed. Interested customers are connected with a live agent via chat once they access the website. Then, under the “contact” page, customers have the option to either call a customer service representative or fill in a contact form where there is room to describe either a question or a problem. We liked how quickly this process connects you with a representative and found each interaction with an isoTracker team member to be helpful and supportive.
Editor’s Score: 85/100
Another very customer-friendly feature we liked can be found on the pricing page. While prices aren’t explicitly listed, customers are able to fill in key information about their document management needs to get an estimated price, even before connecting with an agent. This allows prospective customers to compare prices per user, storage and other features outlined on the website. Using this tool, you can know ahead of time whether isoTracker will suit your needs and budget.
The most secure solution on the list belongs to Canon USA, a company that may be more well-known for its cameras. However, Canon provides a top-tier document management system as well, ensuring that documents remain protected. We liked its robust array of security features, many of which are customizable and can be designed to fit the needs of your team.
Editor’s Score: 83/100
Our favorite feature that Canon provides is its Cloud Remote Monitoring, which can help track devices in real time and ensure they’re being used by authorized personnel. Additionally, there are many built-in security solutions that help protect your documents. Using the imageRUNNER ADVANCE DX platform guarantees your data’s confidentiality, accessibility and availability. There are also many optional authentication features that can be used as an added level of security, which we found increasingly important in the age of remote work.
The Kyocera Cloud Information Manager offers unique features that help your team stay on-task and save time wasted on tedious tasks. We believe it’s best for automation because of all the simple and advanced features the software has to offer. One of our favorites is its ability to analyze documents using OCR and extract keywords to help label documents with one click. This tool streamlines the process of uploading and organizing documents, reducing the work needed by the user.
Editor’s Score: 82/100
We also liked that the Kyocera Cloud Information Manager offers one-click indexing too, saving time when searching for requested documents. Documents can stay organized easily using the “drag and drop” function to immediately get scanned documents onto the web. These automation tools help save time and boost productivity in a way few other solutions we reviewed could.
Dropbox offers great solutions for those looking for document management software, whether you’re a solopreneur or a large team. It may be one of the more common document management solutions because of its free plan option, but it is also well-known for its mobility, allowing remote team members to work seamlessly in the system. We liked that Dropbox offers these capabilities with its free version as well, giving small teams and bootstrapped startups an accessible document management solution.
Editor’s Score: 87/100
Dropbox makes moving documents around simple and saves time when doing so. Users are able to complete an eSignature with the click of a button or request an email signature from someone else. We especially liked that Dropbox can also be used anywhere, so teams that work remotely can connect and search for documents as if they were working in the office. When working remotely, Dropbox offers mobile offline folders. We also liked that it comes with the option of a remote account wipe, which can help you remove sensitive data from a lost or stolen device before it falls into the wrong hands. Whether your team is often on-the-move or the documents you work with are, Dropbox’s mobility features will help your team stay on-task.
Document management software can vary widely in pricing and cost structure. The first and perhaps most important factor in the cost of your document management system is whether you select a cloud-based or on-premises version.
Cloud-based software takes the infrastructure maintenance and burden of security off your business and places it with a third-party company. While this reduces the expense and challenge of managing it in-house, you’ll just have to trust that the company is handling your data properly. Cloud-based software is typically paid for on a subscription basis. For most document management software, this could range from $15 to $200 per month per user, depending on the complexity of the solution you choose.
On-premises versions of document management software require your own servers and, generally, a dedicated information technology staff for maintenance. Your business is wholly responsible for the security of your data, but this also means you have full control over your own data. With on-premises solutions, you generally have to purchase a license for each user. Each license can cost $1,000 or more, but it is a one-time fee. However, on-premises solutions typically charge an additional fee for technical support and software updates after the first year, which is usually about 20 percent of the initial licensing cost.
For small businesses looking for software that is easy to manage and not a large overhead expense, we recommend a cloud-based solution. However, make sure your provider adheres to the best cybersecurity practices to protect your data.
The actual price for document management software varies by company. Systems with more complex features tend to cost more while costs for basic document management software without extra features (such as task management tools and workflow automation functions) can be pretty low. Also, the more users you add to a cloud-based system, the higher the monthly subscription price will be.
Key TakeawayKey takeaway: Cloud-based document management software typically costs between $15 and $200 per user, per month. The price varies on how many features and tools you want access to.
While all document management systems digitize and organize documents, making them easy to retrieve and revise for users with permission, many other features might be built into your document management software. Here’s a look at some of the tools and aspects you might want to consider when choosing a document management system.
One of the most important elements of any software is usability. It could offer all the features in the world, but they won’t do you any good if the system isn’t user-friendly. Many document management systems offer free trials that allow you to test them before buying. If possible, allow your team to try out the software during the free trial period and offer their feedback on what they like and dislike about it. Since everyone has to use the system, be sure all stakeholders get the opportunity to test it out and provide insight about their experience before buying.
While the primary function of a document management system is to digitize and organize files, most modern software also allows users to share files and collaborate on editing them. Some document management software allows users to edit a document simultaneously while others rely on a check-in/checkout feature that guarantees only one user can work on a document at a time. Others offer both options. Determine which is best for your team’s workflow and the types of documents you collaborate on together.
Version control, sometimes referred to as “versioning,” is a critical feature of document management software that lets you keep track of changes to a document. The best document management software even maintains an archive of old versions, letting you see how documents have changed over time and revert to an old version if needed. This is especially important when collaborating to edit documents as human error could result in important information being altered or deleted. With version control, you can revert to an old version of the document and recover any lost information easily.
Image scanning and OCR are useful features for businesses that have a lot of paper records they would like to digitize. Scanning is the first step in turning a paper record into a digital file that can be imported into the software. OCR is a more advanced feature, but it’s a necessity for streamlining large digitization projects. OCR reads the text of an image and makes the content of the image searchable. The best document management systems use OCR to fill out metadata automatically and make it even easier to search for the document later.
Document management software is often home to files that require a manager’s signature, such as purchase orders (POs). Many document management systems integrate with an e-signature tool, such as DocuSign, to allow electronic signatures. You can often send a document to a recipient with a request for their signature through the software. This can improve efficiency when it comes to getting clients to sign important documents or when onboarding new employees to the company, helping you to sign and store files in one central location.
Workflow automation features move tasks along automatically. Take a PO workflow as an example: You could set up workflow automation so that once a PO is generated, it goes to the appropriate manager automatically for their signature. The manager will receive a notification, and when the task is complete, the next relevant team member, such as someone in the accounting department or the manager’s supervisor, will be notified. If more action is necessary, you might be able to build that into the automated workflow as well. The best document management systems allow you to customize workflows to suit the way your teams work together.
TipTip: Automated workflows can help streamline your business processes and maintain legal compliance.
An essential element of document management software is the ability for administrators to set individual user permissions. Permissions allow certain users to view or edit files while others can be prevented from even seeing those documents in the system. Not only is this useful for efficiency purposes, but it is also an important security measure. The best document management software allows administrators to set permissions by specific groups, as well as to change permissions on the fly if you need to make an exception while keeping the default permissions settings the same.
Many document management systems have a dedicated mobile app. Others rely on web browsers or online portals. Make sure the mobile version of any document management software you are considering is truly mobile-friendly. Even if you personally don’t use it on mobile devices, it is likely other members of your team will.
Not every document management system checks all these boxes while others offer all of them and more. When choosing your document management software, consider which tools and features would be most useful to your business. It is important to strike a balance between comprehensiveness and usability. Some systems can do it all but are a challenge to navigate (not to mention more expensive than simpler software).
Data security is a vital part of any document management system. As an increasing number of businesses go digital, more customers are entrusting sensitive personal information to the companies they do business with. Your organization is responsible for ensuring sensitive information is safe and protected from a data breach.
Did you know?Did you know?: Look for document management services that offer encryption and compliance tools, auto-updates, data redundancy and backups.
Researching the document management market will help you understand the most common and important features of document management software. Understand the most basic document management software elements like centralized document storage, built-in collaboration and task management, mobile functionality and data security. Identify market leaders and vet your options before selecting the right software for your organization.
Understand your unique document management needs as a business. For instance, maybe you’re seeking a digital archive that can be updated periodically, or perhaps you’d prefer software that enables the daily creation and editing of new documents. Weigh the benefits of a locally hosted, on-premises solution in relation to a cloud-based solution managed by your vendor partner or a third party. Get specific with what you require in a system before searching.
A good document management system is also easy to implement and scale. The complexity of the software should be based on your team’s technical know-how, allowing them to store and locate documents easily as needed. Your team should be able to share documents and collaborate within the platform, even when they are using mobile devices.
Although every document management system should have security protocols, access controls and file versioning, these features are especially important for those operating within heavily regulated industries. Other features that lend to a document management system’s usability are metadata and tagging options, keyword searching, document editing history and restoration, automatic document retention and deletion, image scanning, optical character recognition and customizable workflows. The best software can also integrate with your other business platforms.
Once you understand what you need from document management software, ask the following questions to software providers:
Additionally, read through customer reviews to get a more grounded understanding of each service’s pros and cons. This is where you’ll get the most authentic and holistic view of a particular software and its offerings.
Once you choose document management software and are ready to sign a contract, closely read any legal documents and ensure everything you’ve discussed is in writing, including which features you are getting for your money. Additionally, ensure there is a fair exit strategy included in your contract that does not threaten you with outrageous fees.
Once you start using your document management software, regularly test your performance with it to optimize your workflow. Do this by inputting and storing documents, granting access to your team to make edits or updates to documents and testing document security to ensure your data is safe. Should you run into any issues, address your concerns with the software provider. If they are unable or unwilling to resolve these issues, consider terminating your contract.
Key TakeawayKey takeaway: Assess your options and consider your unique needs as a business before deciding which document management software is best for you.
A document management system can improve efficiency for you and your staff by organizing all of your files and making them easy for anyone in the organization to find. A good document management software is more than just a file cabinet, but an interactive depository for all the files your organization needs.
If you are currently using a manual system, you are costing yourself hours that could otherwise be spent on other, more pressing business matters. A document management system automates many aspects of document management, taking that responsibility off your hands.
A document management system is more flexible than a traditional paper filing system. It accommodates your business’s growth easily, and your indexing system can be adjusted with a few clicks. For growing businesses, most document management software providers offer multiple pricing tiers, so you can increase your storage capacity as the size of your organization increases.
Ensuring that your information is secure is critical, from customer payment information to company trade secrets. Document management systems come with built-in security and access controls so you determine who can access certain documents. In addition, you can see all activity on any given document. In the event of a disaster, like a fire or flood, your files are stored safely in the cloud, away from physical harm.
Searching for the right document can be difficult and time-consuming; it can even cost you money. With the right indexing system, finding a document can take mere seconds, and employees can access the documents they need remotely. The best systems apply appropriate metadata and tagging automatically to make finding documents even easier, without much need to classify them on the front end.
Did you know?Did you know?: Organizations can lose thousands of hours of productivity each year due to poor document management. Discover some other benefits of a paperless office.
Compliance requirements for many business documents can be complex and demanding, but a document management system can help you avoid fines, revoked licenses or even criminal liability by automating key documents within the requirements. For example, HIPAA and the Sarbanes-Oxley anti-fraud law have strict security and policy regulations regarding documents and records. The best document management systems automatically follow those guidelines, so you can rest easy knowing your business is compliant and has an auditable trail of required documents.
A document management system makes sharing information and collaboration easy, allowing documents from different sources to be accessed from multiple locations. Users can also share documents, monitor workflows, grant or deny access to certain documents and see what
Document management systems are used for several things, including securely storing important documents, tracking changes made to documents and sharing documents easily between members of an organization.
A document management system also makes it easy to find certain files by assigning keywords and tags to each document. These systems can also help companies ensure compliance for sensitive documents, such as the Health Insurance Portability and Accountability Act, by providing required security and permission restrictions on certain key documents.
A document management system captures the document, which is done by scanning the physical document or downloading a digital version via email or using other applications. Next, the document is indexed, meaning it is classified with tags, keywords and metadata that make it so it can be searchable. Finally, the document is organized and placed in a folder, where it can be accessed by the appropriate employees.
Most document management systems are cloud-based, so once a file is appropriately secured into the system, it can be accessed from anywhere with an internet connection.
Did you know?Did you know?: Some document management software providers offer mobile apps, which give users even more flexibility and convenience in accessing documents.
The best document management system should be easy to use; it should allow for document sharing; and it should have collaboration tools, mobile functionality and version control. The first two features allow your team to work together on critical documents without needing to be in the same office. Version control maintains a log of every change (and who made it) to your company’s documents.
You’ll also want to make sure the software you choose offers airtight security protocols to ensure that only those with the right permissions can access files.

source

Read more
No Comments

Free Scanning and 2FA Enhance GitHub Software Ecosystem – TechGenix

Microsoft subsidiary, GitHub, rolled out its secret scanning service to all users on Dec. 15. This service was previously available only to GitHub Enterprise Cloud users with a GitHub Advanced Security license. GitHub’s secret scanning looks through public repositories for over 200 token formats. In 2022, GitHub alerted its partners to over 1.7 million security exploits. 
“Secret scanning alerts notify you directly about leaked secrets in your code. We’ll still notify our partners for your fastest protection, but now you can own the holistic security of your repositories,” read the GitHub blog.
Users will also get two-factor authentication (2FA) security feature in March 2023. GitHub had previously announced that it’d implement 2FA for high-impact package maintainers in Nov. 2022. However, it recently outlined 2FA’s wide-scale implementation across its 94-million user base. 
The rationale behind GitHub’s free scanning tool is to prevent secrets and credentials compromises. A “secret” is a token or an authentication tool. Developers rely on them for communication with external services. Secret scanning takes place in Git history and all its branches. 
As per the GitHub document, the secret scanning tool looks for known security vulnerabilities. This is something to keep in mind as a caveat, given that vulnerabilities can also be unknown (found only months after they occur). 
That said, users can implement secret scanning alerts through “Code security and analysis” settings. Already exposed secrets are present under the “Vulnerability alerts” section. When you select any of the exposed secrets, you can view the exposure type and the remedial action you need to take. 
Users and partners get different forms of secret scanning on GitHub. Users constitute:
On the other hand, partners get an alert when the same file has two keys. GitHub works with a number of partners to find exposed secrets. GitHub automatically alerts its partners when secret scanning detects a secret in a GitHub commit. The platform currently works with over 100 partners, including Adobe, Azure, Atlassian, Dropbox, Discord, Hubspot, Meta, Shopify, Stripe, etc. 
According to IBM, leaked credentials are the most common type of data breach. These data breaches cost more than $150,000 than the average data breach and take 327 days to identify. The IBM report, cited by GitHub, highlighted that 83% of companies could suffer from one or more of these data breaches. The report further recommends using automation tools, which can cut threat identification times by 74 days. 
Leaked secrets are especially worrying in the context of the software supply chain. Google recently released a report concerning the software supply chain and open-source dependencies. With open-source software in wide circulation, a compromised commit can affect all developer dependencies. Moreover, the line between commercial and public software is growing thinner as commercial entities begin relying on open-source code. 
Companies using open-source code allow cybercriminals an increasing number of attack vectors. Sadly, organizations cannot reduce these dependencies without also reducing operational efficiencies. Enforcing 2FA can be the best bet for companies in such a situation. And that’s what GitHub is working on implementing in the next phase to reduce the damage from attacks that target related software systems. 
In addition to free secret scanning, GitHub is also rolling out 2FA from March 2023 to all code contributors. 2FA increases network security by asking users for an additional passcode before logging them into an application. This stops cybercriminals from compromising a network unless they gain access to either the physical device or application. 
The following user classes will be able to use 2FA:
By the end of 2023, 2FA will be mandatory for all users, including people who publish code on the platform — everyone will have to fulfill a 2FA login. Users who fail to enable 2FA will have 45 days before they’re blocked from using GitHub features. Overall, 2FA will make the software ecosystem safer for all parties. As a bonus to this, GitHub, like Google, is also adding passkey support, which is an alternative to passwords
Alex Weinert, Microsoft’s Director of Identity Security, said that an account using 2FA is 99.99% less likely to be compromised, whereas cybercriminals always compromise passwords. Microsoft research further stated that using powerful passwords doesn’t prevent compromises, but it’s still better than weaker passwords.
Google research also indicated that “adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation.”
Identity management is a significant issue. The debate around it will get even more heated as we increase the adoption of online authentication. GitHub has committed itself to protect its users’ and partners’ identities by rolling out 2FA and secret scanning, laying down an example for us all to follow. 
The CEO of Zurich Insurance, one of Europe’s largest insurance companies, has said that cybercrime could soon become uninsurable, warning that the risks surpassed climate…
Read More »
Facebook owner, Meta, has agreed to a $725 million settlement in relation to the longstanding Cambridge Analytica scandal that first emerged in 2018. Facebook allowed…
Read More »
Ireland’s Data Protection Commission (DPC) has launched a Twitter inquiry after a breach affected over 5.4 million users through an API vulnerability. DPC launched the…
Read More »
A recent report from Prodaft has unveiled FIN7 as one of the deadliest cybercrime groups on the planet, with a particular emphasis on breaching corporate…
Read More »
Your email address will not be published. Required fields are marked *


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

document.getElementById( “ak_js_1” ).setAttribute( “value”, ( new Date() ).getTime() );
Join Our Newsletters
Learn about the latest security threats, system optimization tricks, and the hottest new technologies in the industry.
TechGenix reaches millions of IT Professionals every month, empowering them with the answers and tools they need to set up, configure, maintain and enhance their networks.
Copyright © 2022 TechGenix

source

Read more
No Comments