This article was originally posted to the Microsoft Security blog.
With the dawn of the COVID-19 pandemic, state and federal agencies around the globe were looking at ways to modernize data intake for social services recipients. The government of a country of about 40 million citizens reached out to Microsoft and asked us to assist in this endeavor. Going paperless eliminates waiting in line at an agency office, and lowers the chance of COVID-19 transmission. The ability to make requests or apply for federal or local assistance online makes the process safer and more efficient, as once data is collected citizens should start receiving funds more accurately and quickly.
Security is a major concern of not only major governments but of other entities using Microsoft Power App intake forms. Organizations and agencies needed to be certain that Microsoft Power App intake forms could not be used to collect data from large, sensitive databases containing personal information like names, addresses, Social Security or national security identification numbers, telephone numbers, or bank account information for direct deposit. If internet-facing forms collect personal information, and are not securely implemented, bad actors can use those forms to cleverly gain access to millions—
We authored this white paper specifically for those agencies and organizations who are transforming data intake to partially or 100-percent paperless. Microsoft wants to ensure that customers are implementing our technologies with the most secure approach possible, and adhering to compliance with all data privacy laws. Microsoft is also making recommendations in the white paper regarding the best way to implement the NIST Cybersecurity Framework in order to identify, protect, detect, respond, and recover from cybersecurity attacks.
For more information on Microsoft Security Solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.