Security and Data Privacy Reinforced in Web Browsers

The browser has become the primary workspace for many enterprise end users -- it's a machine-independent way to access cloud-based apps -- and so security is a top priority. This past week, both Google and Microsoft made announcements emphasizing a new focus on browser security. One emphasized data security, the other browser attacks.

Google is now requiring third-party browser extensions to only request access to the appropriate data needed to implement their features, as opposed to just sucking down data because they can. In addition, the company posted about browser extensions and privacy policies:

"We’re requiring more extensions to post privacy policies, including extensions that handle personal communications and user-provided content. Our policies have previously required any extension that handles personal and sensitive user data to post a privacy policy and handle that data securely. Now, we’re expanding this category to include extensions that handle user-provided content and personal communications. Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data."

(As part of Google's Project Strobe, the company is revisiting all of the areas in which third-party developers have access to user data. This week, they also announced they're limiting the types of apps that have broad access to content or data via Drive APIs and spruced up their overall user data policy to require clear, prominent, prompt data-use disclosures from all developers.)

Microsoft is attacking a different security concern via the browser. "The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox," a blog post about browser-based security isolation announced. This means that if users are going to -- or redirected to -- a site that's not on a trusted list, the user is redirected to an isolated Microsoft Edge session. They can surf around but they can't access any sites that their enterprise uses or trusts while they're in that session. This way, potentially risky behavior is contained.

ALSO:

A United Nations report found that digital assistants often reflect and reinforce gender biases: "The type of action or assistance a speech technology provides often determines its gender," the report said, noting that virtual "assistants" like Siri and Cortana are positioned by their companies as female-presenting while virtual "authorities" like Watson present as male.

Salesforce is offering an AI anti-bias module on Trailhead, its free online learning platform. Kathy Baxter, architect of ethical AI practice at Salesforce, wrote in a blog post, "With the new Responsible Creation of Artificial Intelligence module, we aim to empower developers, designers, researchers, writers, product managers — everyone involved in the creation of AI systems — to learn how to use and build AI in a responsible and trusted way and understand the impact it can have on end users, business, and society."

Say goodbye to manual data entry jobs: Amazon announced its Textract service this week, which uses machine learning to automatically extract text and data, including from tables and forms.