News

Fingerprint Bank Card

Posted on by Andy Miller

RBS is reportedly about to hold trials of a new, more secure biometric bank card where customers can use their fingerprint instead of a PIN to verify purchases.

April

The trial, which will involve some 200 RBS and NatWest UK-based customers, is due to begin in April this year and will and last for three months. Although this is the first time this kind of advanced card technology has been trialled in the UK, a similar trial has already taken place in Cyprus.

Partners

RBS is working on the biometric fingerprint-verified card project in partnership with digital security company Gemalto, Visa, and Mastercard.

Advantages

The advantages of a biometric card of this kind include improved security, speed and convenience for customers with no need to worry (as with contactless) about the £30 limit because the biometric card will be able to verify payments of larger amounts.

Already Used For RBS App

RBS already offer their customers a mobile banking app that uses fingerprint log-in on iPhone, iPad or Android.

Fingerprint Sensor On The Card

Gemalto, one of the partners in the new RBS project explains that the fingerprint card works by using a fingerprint sensor on the card body.  When paying, a customer places the card next to the POS terminal (as with contactless) and places their finger on this part of the card.  This securely authenticates their fingerprint and enables the transaction to go through without the need for a PIN.  Gemalto says that the user’s biometric data never leaves the card, so is kept secure.

Enrolment

In order to activate and start using such a card, customers would have to record their fingerprint with an enrolment procedure.  This is likely to be possible from home a self-enrolment sleeve shipped with the card with activation which is then completed at the first transaction at the POS, or by going to a go bank branch and using a secure enrolment tablet or kiosk.

Own Research

Gemalto’s own research has found that 54% of UK cardholders who have evaluated the information about the card would get one today if it were available from their bank, and 82% said it would become their preferred payment card.

Security Concerns

Although biometrics are preferred over password verification systems in terms of security, there is still concern about where a person’s biometric data is stored, and how securely that data is stored.  Also, biometric voice-activated systems have already shown themselves to be vulnerable.  For example, back in May 2017, a BBC Click reporter was able to fool HSBC’s biometric voice recognition system by passing his brother’s voice off as his own.

What Does This Mean For Your Business?

Biometric authentication and verification systems appear to be much more secure than password and PIN systems, which is why banks and credit companies are already adopting and using them.  The popularity of contactless cards with businesses and users is clear, and introducing a more secure authentication method e.g. fingerprint, is a way of getting customers to feel more comfortable with spending over £30 amounts with a quick, contactless system.  This could bring benefits to a wider range of businesses, and contactless has mainly favoured those retail businesses with typically lower value transactions.

Many people are already getting used to mobile apps that use biometric authentication, so a card that uses a similar idea is not a big step, plus the unique nature of fingerprints would make card fraud less likely, which should please the banks and users.

Other types of biometric systems e.g. voice activated systems have run into problems and some opposition (e.g. privacy groups) challenging the lawfulness of HMRC’s Voice ID system which has collected and stored more than 7 million “audio signatures”.

This new type of fingerprint card is still awaiting its trial in the UK, but the signs are that it looks like it could be an acceptable next step for bank customers who want to use a more secure contactless card system that works for everything.

Businesses Delayed Security Breach Disclosure

Posted on by Andy Miller

An FoI request to the Information Commissioner’s Office (ICO) has revealed cause for concern over whether businesses on the run up to the implementation of GDPR were preventing, detecting and responding to security threats and breaches in a good and compliant way.

Delay In Identifying and Reporting

An FoI request to the ICO by threat detection and response firm Redscan found that, in the year leading up to the implementation of GDPR on 25th of May, many UK businesses appeared to be routinely delaying data breach disclosure to the ICO.

The data revealed in the request indicated that companies took an average of 60 days to identify that they’d been a victim of a data breach and an average 3 weeks after discovery to report a breach to the ICO.  The worst offending business (in the data revealed) took a massive 44 months to identify a breach, and some organisations took an average of 142 days to report their breaches to ICO.

Financial and Legal Quicker at Identifying & Reporting Breaches

The FoI data did, however, show that financial and legal sector organisations were better at identifying and reporting breaches.  For example, financial services firms took 37 days to identify a breach and legal firms took 25 days.  These figures compare favourably to the general business category where companies took 138 days to identify breaches.

Also, when it came to reporting the breaches, financial services companies took an average of 16 days and legal firms an average of 20 days.  These figures, again, compare favourably to ‘general business’ category organisations which took 27 days on average to report breaches to the ICO.

Full Impact Not Reported

The requested data also showed that 9 out of 10 businesses did not fully specify the nature and impact of the breach to the ICO.

Dates Not Reported

The same figures showed that 21% of businesses did not report the breach incident date, and 25% did not report the breach discovery date to the ICO. It may be fair to assume that these figures could indicate that businesses may have either lacked awareness about the breaches or perhaps made a conscious decision to withhold important information due to fear of the consequences.

Most Hacks Happen At Weekends

The FoI data also showed that hackers tend to prefer attacking at the weekends as this is most likely to be the time when many Monday to Friday businesses are not monitoring for threats and essentially have their guard down, and attackers have two days to break into systems.  For example, the requested data showed that more than three-quarters of incidents happen on a Saturday.

What Does This Mean For Your Business?

This data relates to behaviour before the introduction of GDPR, but with GDPR now in place, and with the legal risks (big fines) and reputational stakes now escalated, businesses need to make sure that they can be compliant going forward.

Attacks are getting more diverse in nature, are occurring across a wider front, and are becoming more sophisticated.  Businesses must, therefore, make sure that they have the appropriate skills, technology, controls and procedures in place to identify a breach in the first place

Also, businesses now need to make sure that they report identified breaches in enough detail, and within 72 hours of becoming aware of the breach, where feasible.  These things are now vitally important as reporting requirements are much stricter under GDPR.

The fact that most businesses are hit by hackers at weekends indicates that businesses need to ensure that they have 24/7, 7-day-a-week controls, defences and procedures in place to be able to protect their systems and the data they hold.

Serious Windows 7 Bug Reported

Posted on by Andy Miller

Google has warned those who are still using Windows 7 that they are at risk of hackers being able to take over their computer by exploiting the combination of a flaw in the Window 7 OS and Google’s Chrome Browser.

Google Alert

The threat to Windows 7 comes from combined flaws in its OS, and a flaw in Google Chrome.  It was Google that announced the discovery of the zero-day vulnerability CVE-2019-5786 in Chrome.

A zero-day vulnerability is one that gives Google, for example, zero days to find a fix because it is already being exploited.  In this case, Clement Lecigne, a security researcher at Google, discovered the vulnerability which resides in the Chrome web browsing software and could impact upon all major operating systems, not just Windows 7, although Windows 7 is vulnerable because it’s a 10-year-old OS in its final year of official support from Microsoft.

Details of the exact nature of the flaw in Googles’ Chrome are not abundantly clear at this point, but it has been described as a use-after-free vulnerability in the FileReader component of the Chrome browser. The FileReader is a standard API that enables web applications to asynchronously read the contents of files stored on a computer.  This essentially means that the flaw in Google’s Chrome provides a way in for hackers who can use it to transfer attack code from Chrome into other applications to help them compromise a machine.

The Windows 7 Side

The flaw in Windows 7 is reported to be in the very core elements that are supposed to stop the data in one program interacting with anything outside that application.

Combined

The combination of these two flaws means that hackers could use Google’s Chrome Browser to take over a computer running Windows 7.

What Can You Do?

The advice from security commentators is (unsurprisingly) to upgrade to Windows 10.  The advice from Google is to make sure that Google Chrome is up to date. You can do this by clicking on the three stacked dots (top right) in Chrome, selecting ‘Help’ and ‘About Google Chrome’, which takes you to the settings page chrome://settings/help.  If it says that you’re running Version 72.0.3626.121 (Official Build) you have the updated version.  If not, you need to update Chrome to the latest version.

What Does This Mean For Your Business?

According to Mr Lecigne, the Google security researcher, there is only evidence of active exploitation against Windows 7 32-bit systems, but it is alarming that a security flaw exists in the core elements of the OS. Since the real risk comes from the combination of a flaw in both Chrome and Windows 7, updating Chrome, which only takes a matter of minutes should provide protection (for the time being) from this risk, although it’s not possible to know what other zero-day bugs are waiting to be discovered.

This story shows the importance of keeping software up to date and patched and is likely to put more pressure on those businesses still using Windows 7 to make the switch to Windows 10.  The fact is though that Windows 7 is still a popular operating system with 37% market share and switching to Windows 10 has cost and time implications in terms of identifying any issues in individual environments and project planning.  The 14th Jan 2020 end of official support date for Windows 7 and the discovery of this kind of OS flaw being made public may now mean that businesses that have been holding out may simply feel that it’s time to bite the bullet and start the shift to Windows 10.

Chatbot Supports Students

Posted on by Andy Miller

Lancaster University has announced that it has launched a chatbot “companion” for students which allows them to ask almost any question about their university experience, from student life, and welfare, to academic studies and more.

Ask L.U.

The chatbot service, called ‘Ask L.U.’, was built on Amazon Web Services (voice) and delivers a voice interface that interacts with users.

The chatbot companion was designed and built by Lancaster University’s Information Systems Services (ISS) and enhances the existing iLancaster mobile app with a range of student-focused voice services.

The chatbot project also includes special facilities for disabled students, developed in conjunction with the University’s Disability Service.

Asked Students

In order to make the chatbot as relevant as possible to students, the University’s developers surveyed Lancaster University students to gauge which questions they were most likely to ask. From this information, they were able to compile a list of more than 300 queries that could be divided into categories such as learning & teaching and campus activities & social.  All of these could then be put to Ask L.U.

Access

The chatbot can be accessed via the iLancaster App on mobile phones and tablets, or by asking “Alexa, Ask L.U.” on any Amazon Echo device.  Amazon Cognito is used to authenticate user data via the Echo providing a completely personalised experience.

Whole Suite of AWS Used

The Chatbot project uses the whole suite of AWS services, including AWS Cloudwatch, AWS Virtual Private Cloud and AWS ElasticSearch.  The natural speech is provided by Amazon Lex and Amazon Alexa.

Fast and Convenient

The chatbot companion is intended to enable students to get information in a fast, easy and convenient way, and delivering information via voice activation fits in well with the packed academic and social lives of students.

Chatbots

Chatbots are now used by many organisations, in conjunction with AI, to help deal with common enquiries, to save costs and resources, to free-up time for human staff to work on other aspects of the business, and to enable businesses to offer 24-hour customer service.

There has been criticism of bots where transparency is lacking and where they may possibly lead users to believe that they are talking to a human.  This is why the state of California passed laws to make AI bots ‘introduce themselves’ (i.e. identify themselves as bots).

What Does This Mean For Your Business?

Many of us are now used to encountering chatbots on websites and voice-activated digital assistants, and this innovative new chatbot from Lancaster University shows how these new technologies can be put together in a value-adding and easy to access way, and in a way that is compatible with its target market.  It may also enable the university to save time and money, and free up valuable resources, and offer 24/7 help to student users.

Bearing in mind that it has been made at a University, it is also a good way of showcasing the technology skills of the university, and the voice activation aspect means that it has been built with an eye on the future.

This kind of chatbot could also have applications in many other businesses, organisations, venues, events, and experiences, and could help improve and support services where there are large numbers of users whose experiences could be enhanced by being able to get on-the-spot spoken answers to popular questions.

Tech Tip – Save Your Passwords Securely on Mobile Devices

Posted on by Andy Miller

If you’d like to be able to save all your login credentials in a secure and safe manner on your mobile device, an app like the ‘LastPass’ password manager may prove very helpful.  It’s one of many such apps, but it’s been rated highly.

LastPass is a ‘freemium’ model password manager that stores encrypted passwords online.

– Download the LastPass Mobile App from Google Play or Apple’s App Store.

– Follow the app instructions.

– Log in with the same LastPass account to sync data between devices, or you can swipe into the LastPass app with your fingerprint for extra security.

There is a built-in random password generator so all your passwords can be different.

Your passwords can be stored and viewed in a secure vault and the app offers autofill, sharing of passwords securely, password auditing, and the ability to keep digital notes with the passwords for e.g. memberships, prescription etc.

See https://www.lastpass.com for details.

New 1TeraByte (Yes, TeraByte) MicroSD Cards Launched

Posted on by Andy Miller

Both Micron and Western Digital’s SanDisk brand have announced at the Mobile World Congress that they are launching the first 1TB microSD cards.

A First

Up until now, companies haven’t been able to produce anything above 128GB, so the jump to a 1TB capacity card is a big jump that could mean less reliance on the Cloud for storage, and better performance from smartphones and other devices.

Micron

Micron Technology, Inc., the US global corporation based in Idaho has announced the launch of the c200 1TB microSDXC UHS-I card, an innovative removable MicroSD Card that boats a terabyte of A2 grade storage with V30 certification.  This should mean that although it can seriously ramp-up the performance of a smartphone, it could suitable for any number of devices and gadgets.  The new card uses an (up to) 100MB/s read-write rate, which means that it can support and can store up to 40 hours of 4K HDR video, thousands of 40MP+ photos, and mobile.

Micron reports that the new card leverages 96-layer 3D quad-level cell (QLC) NAND technology, thereby providing cost-effective storage for consumer electronic devices.

The Micron website says that the new c200 1TB microSD card “gives consumers the freedom to capture, share, store and enjoy more content while supporting their mobile-centric lifestyles.”

When For Micron?

Micron can only say that the new MicroSD should be broadly available, sometime in Q2 2019.

SanDisk

Western Digital’s SanDisk Extreme “microSDXC™ UHS-I” MicroSD card is available in both 512GB and 1TB capacities, and can reach speeds up to 160mb/s with A2/V30.  It can be used in Android™ smartphones, action cameras and drones, and offers supports 4K UHD video recording, full HD video and high-resolution photos.

Also A2 rated, the card reads up to a reported 160MB/s, and writes up to 90MB/s, thereby providing fast app performance on smartphones.  Its fast read speeds should mean that users can save a lot of time e.g.when transferring high-resolution photos and video.

When For Sandisk?

Reports indicate that it will not be available until April, and as a guide, expect a price tag of $449.99 for the 1TB version, and $199.99 for the 512GB version.

What Does This Mean For Your Business?

The huge storage capacity and the speed of these new cards is, of course, good news in terms of versatility and flexibility, saving time, and requiring less reliance on moving and storing everything in the cloud. A card like this is, however, likely to set you back around £375 but you may decide that this is a price worth paying for the extra capacity, speed and convenience.

Although these two new cards are A2 standard, so are suitable for running applications, most microSD cards are slower in practice than stated in the tech spec, and most devices don’t try to run applications from SD cards.  Also, being removable cards, they can still be lost or stolen, and could, therefore, be a security/data security risk depending on what you have stored on them, not to mention the expense of having to buy another one. You may decide that a fast, standard microSD card is still good enough, and you’re prepared to still rely upon secure cloud storage for most things.

It is also worth remembering that a new, super-fast SD Express standard, part of the wider SD 7.1 strategy, could soon be introduced, and could deliver read speeds of up to 985MB/s (if there were products that lived up to the standard).

Nest Locking Customers Out Over Suspected Security Breach

Posted on by Andy Miller

Nest Labs, the US manufacturer of smart home products is reported to have been locking some customers out of their accounts over possible password breaches.

Nest

Nest Labs (founded by iPod inventor Tony Fadell and purchased by Google back in 2014) is a manufacturer of smart home gadgets, including thermostats, cameras, a video doorbell, a smoke and CO2 alarm, and the Nest Aware system where customers can monitor all activity at their home via an app.

What’s Happened?

Nest has recently been the subject of several hacks e.g. there have been reports of Nest cameras being hacked, such as the family in Northern California who reported their camera giving a message (from hackers) warning them of a fictional North Korean missile attack.  Also, more recently in the US, on Superbowl Sunday, a mother reported an unknown male hacker talking to her 5-year-old son through the Nest security camera in his bedroom.

Advice From Google

In the light of the increase in hacks, in the early part of February, Google emailed out a warning to the owners, urging them to secure their login credentials with measures such as two-factor identification and stronger passwords. In the email, Google said that there hadn’t been a breach, but that it was simply reminding users that breaches are possible and that there are measures they can take to help protect themselves and get the most out of Nest products.

Google says that the recent reports of hacks are based on customers continuing to use compromised passwords i.e. passwords that have been exposed through breaches on other websites, and probably shared and sold-on among the hacking fraternity.

Locked Out

The lock-outs of accounts that some customers are now experiencing appear to be strong reminders from what is essentially a security app to those who are known to still be using compromised passwords and who haven’t yet set-up 2-factor authentication, that now is the time to address these issues.

One added bit of motivation to do so could be the relatively high monthly fees for Nest products and services that customers will be paying for nothing if they don’t act now.

Other Troubles

Nest has also found itself in hot water recently after it was discovered that a “secret” microphone is incorporated in Google’s Nest Guard product that has not been listed in the product’s  tech spec.  This has led to a serious backlash, and calls from a Senator for action to be taken to help protect users from the privacy and security threat that some smart products can pose.

What Does This Mean For Your Business?

Even though these are security related products, their basic protection has been through the use of passwords.  Due to the number of hacks of other sites, and the fact that people often use the same password for multiple sites, and due to the bizarre and terrifying nature of some of the hacks of Nest speakers, it is not a surprise that the company is taking strong action to try and force users to set up a secure, new password, and the extra security layer of 2FA.

This story is a reminder that it is not a good idea to use the same passwords on multiple websites, as hackers now have software to enable them to quickly try the same password details in multiple websites (credential stuffing).

Although 2FA does add another relatively solid layer of security to online accounts, Google (Nest) has said that it is also considering new security measure to prevent this kind of hacking from happening with Nest’s products again.

Response To Freedom of Information Requests Concerning Brexit Involves ICO

Posted on by Andy Miller

Two government departments and a Kent-based Brexit planning group are reported to have given local councils advice on how to avoid releasing information about the no-deal Brexit plans, prompting UK. Gov and the ICO to intervene.

What Happened?

Kent Online reported that at the end of January, a leaked report showed that local councils were being given advice about how to handle Freedom of Information requests relating to the councils’ work and plans towards a no-deal Brexit, in a way that would not cause public harm.

It has been alleged that the threat of a no-deal Brexit situation has led to an increase in the amount of FIOA requests that councils receive about their plans for it, but that certain government departments and others may have sought to manage the amount of information making its way into the papers by issuing tips on how to keep emergency plans secret.

A blanket approach of this kind would go completely against FOIA laws.

Who?

According to Kent Online, the leaked report came from the Kent Resilience Forum, which is a group co-ordinating the strategy in the county for how it would deal with disruption in the event of a no-deal Brexit. Also, guidance issued by the Department for Exiting the EU DExEU was also cited in the report, as was guidance by the Cross-Border Delivery Group.

What Kind of Guidance?

The ‘guidance’ in question, mentioned in the leaked report, is alleged to include:

  • The DExEU suggesting that councils and other organisations should refuse FOIA requests in relation to their emergency planning and, in some circumstances, that they should not confirm whether they hold information.
  • Guidance from the DExEU leading to emergency services and councils being given a ready-made template for FOIA requests on Brexit plans.
  • Local Resilience Forums or individual partner organisations being told to argue that disclosure would not be in the public interest as it “would undermine the effective conduct of public affairs”.
  • Guidance that has led to the government tying ports to non-disclosure agreements, which prevent them from releasing any details about their discussions. Recommendations from the Cross-Border Delivery Group mean that while port authorities can share information with other organisations, these non-disclosure agreements are in effect for general disclosure to the public domain.

ICO Involved

The idea that FOIA requests could be treated in this way has prompted the involvement of the Information Commissioner’s Office. It has been reported that the ICO’s director of FoI, Gill Bull, has written to DExEU, the local government department, and the Kent Resilience Forum to express the ICO’s concern about the guidance.

The Council Says…

Kent Council has said that “We are keen to provide our partners with advice on how they can prepare for a worst-case EU Exit scenario”. The council has also said that it will soon be issuing an updated partner pack without the previous FOIA guidance.

The Government Says…

It has been reported that a government spokesperson has said that the original advice has now been revised, and new, updated guidance has now been issued.

What Does This Mean For Your Business?

Brexit is a complicated and divisive subject, but a Freedom of Information Request is an important legal right in the UK that allows for greater transparency in the way that companys and organisations operate, and each FOIA request should be considered individually.  It is worrying that advice should be given by government departments and other organisations, supposedly in the public interest, that appears to go against the Freedom of Information Act, by suggesting that some kind of blanket response, designed to withhold information should be applied. Businesses would not be able to behave this way without being held to account in a very damaging way, and it is understandable, therefore that the ICO has stepped in.

Potential £ 1 Million Court Bill Over £1 Uber Receipt

Posted on by Andy Miller

A millionaire barrister who raised crowdfunding money to fight ride-sharing company Uber in court over a £1.06 VAT receipt has lost attempts to limit his court costs liability and could face a £1 Million legal bill.

What Happened?

The initial reason given for tax lawyer Jolyon Maugham QC bringing the case against Uber was that he was not given a VAT receipt for £1.06 for his £6.34 taxi journey which he could have reclaimed from HMRC as a business expense and that Mr Maugham QC believed that Uber was undercharging VAT on its taxi services.

However, as commentators have noted there may be a wider angle to this story as the barrister accepted that the VAT receipt amount that he sought was trivial and that it may be more about establishing whether Uber as a company is subject to VAT.  If Uber is found to be subject to VAT, Mr Maugham QC’s action could trigger a £1bn VAT bill against Uber.

More Than Half Raised From The Black Cab Trade

Even though Mr Maugham QC managed to raise £107,650 to bring the case, one of the factors that appears to have influenced Mr Justice Trower’s rejection of Mr Maugham QC’s attempt to shield himself from the £1M legal bill and his attempt to appeal against the rejection is the proportion of money raised from the black cab trade to fight Uber. For example, the judge pointed out that “well in excess of 50%” of the crowdfunding money came from the black cab trade, and this included a donation of £20,000 from just one unidentified black cab source.

Income A Factor

Even though Mr Maugham QC wanted to limit his legal costs liability to £20,000 in the High Court case he brought against Uber, some commentators have noted that Mr Maugham QC’s alleged net annual income of £400,000, and his ownership of two properties may also have been a factor in the judge deciding not to stop Uber from recovering its estimated £1 million legal costs if it wins the main case.

The VAT Argument

This case was originally intended to focus on VAT, and one thing it has done is to shine a light on an argument about whether it is the individual Uber drivers who need to be VAT registered to give a VAT receipt, or whether Uber now has a large VAT liability.

What Does This Mean For Your Business?

The case was originally based on an assertion that Uber may be undercharging VAT on the taxi services it offers, and that HMRC may be treating big US multinationals such as Uber with kid gloves and an allegation that Uber could be thought by some to have a business model that’s designed to minimise its tax liability, and to minimise the workers’ rights that it has to offer to its drivers.

According Jolyon Maugham QC, in his statement via the Good Law Project, the decision to reject his attempt to limit his liability for legal costs could be seen as an example of how corporations can use the threat of costs liability to somehow dodge legal accountability, thereby making it difficult for other individuals or organisations to hold them to account.

Although Mr Maugham QC’s personal income and property assets may have had a bearing on the Judge’s decision not to grant him protection from an estimated £1 million legal bill if Uber wins, the outcome could also send a warning to businesses that taking on a big company/corporation in court could be make or break and could have serious financial implications.

New, Free Windows 10 Microsoft Office App Launched

Posted on by Andy Miller

Microsoft has announced the launch of its new “Office” app for Windows 10 which is an update to the former My Office app, will come preinstalled on Windows 10 machines and will provide access to an online version of Office for those who don’t have a subscription for Office 365.

Simply “Office”

The new, free app simply named “Office” can be used with ‘almost’ any version of Microsoft Office means that those who do have a 365 subscription and have Microsoft’s apps installed on their device can open Office from the Office app, and those who don’t have a subscription will be automatically directed to the online version.  Like Google Drive, this online version features the user’s recent documents on the home screen, which is in keeping with the idea that users should be able to find what they want quickly. Users can also share files with each other and can find content relevant to them but created by colleagues within their organisation.

Features

The new app includes helpful features such as tutorials and tricks for Microsoft’s apps and services, and users can see every Office app available to them by clicking on “Explore all your apps”.

Office also allows customisation so that businesses can brand it. Users also have access to third-party apps and Microsoft Search.

When and How?

Microsoft says that the Office app will become available to users on a rolling basis over the next few weeks and that it will be installed automatically as an update to the MyOffice app, which comes pre-installed as part of Windows.

You can search for “Office” in the search bar of the Windows start menu to open the app. The new app can also be downloaded from the Microsoft Store if needed.

Users can sign in to the app with their work, school, or free personal Microsoft Account to get started.

The Office app should work with any Office 365 subscription, Office 2019, Office 2016, and Office Online (the free web-based version of Office).

What Does This Mean For Your Business?

Launching this Office app is a way of Microsoft being able to publicise, raise awareness about, and get more people using its free online versions of Office.

The app, which also allows Microsoft to compete with its rival Google Drive, should be quite appealing to business users thanks to features such as the ability to customise and brand it, the fact that it allows access third-party apps using AAD through the Office app, and the Microsoft Search feature that works across the organisation in addition to the user’s own apps and documents.

Having a free Office app that’s available without the need for an Office 365 subscription will also help address the problem of a mistaken assumption from many people that Office simply comes as part of Windows.