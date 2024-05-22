



Governance and Risk Management, Government, Industry Specific

Tech giants vie for public sector customers amid Microsoft's latest breach Chris Riotta (@chrisriotta) • May 21, 2024 Google wants Microsoft's US federal business. (Image: Shutterstock)

Google attacks competitors in recent high-profile data breaches by offering new incentives to federal agencies to reduce the U.S. government's “overreliance on a single technology vendor.” It aims to steal away Microsoft's public sector customers.

The company released a white paper on Monday titled “A Safer Alternative,” stating that “Google Workspace offers a more secure alternative to Microsoft” amid continuing security challenges affecting the tech giant. he claimed. The paper echoes the Department of Homeland Security Cybersecurity Review Board's report on his 2023 breach of Microsoft by a Chinese cyberespionage attacker known as Storm-0558.

“Repeated security challenges with Microsoft have led businesses and public organizations to seek better alternatives,” the paper states, which describes Google's integrated set of work and collaboration apps as a more secure alternative.

The transition away from Microsoft will be a significant undertaking across the public sector, given how heavily federal agencies rely on a wide range of Microsoft software and services, from Windows and Office to Azure and specialized government solutions. Google argued that Microsoft is only just beginning to learn from a security incident perpetrated by the same attackers that targeted Google 14 years ago, prompting it to restructure its internal infrastructure and security approach.

Google urges the public sector to adopt a multi-vendor strategy to ensure interoperability, promote open standards, and include security as a key procurement consideration when purchasing only “securely designed” systems. I'm asking you to. The company, like Microsoft, signed a “secure by design” pledge with the Cybersecurity and Infrastructure Security Agency at his RSA conference earlier this month.

The CSRB report concluded that the Storm-0558 breach was “preventable and should never have happened.” The report said Microsoft's security culture was “inadequate” and needed an overhaul “especially given the company's centrality in the technology ecosystem.” (See: Report accusing Microsoft of security lapses in Chinese hacking).

The DHS review board found that Chinese hackers broke into Microsoft Exchange Online after the company made a series of “avoidable errors,” allowing the group to successfully target email accounts of senior U.S. government officials, including Commerce Secretary Gina Raimondo, the U.S. ambassador to China, and Rep. Don Bacon, a Nebraska Republican who is critical of the Chinese government.

Microsoft announced major updates to its security operations in May, amid exploding concerns about the cyber posture of global companies, including tying executive pay to achieving specific security milestones (see: Microsoft suffers major breach) (overhauled security practices). According to the announcement, Microsoft will adopt a “more fine-grained separation of identity signing keys and platform keys” to develop a system ready for a “post-quantum cryptography world.”

“Microsoft plays a central role in the world's digital ecosystem, which comes with a great responsibility to earn and maintain trust,” Charlie Bell, Microsoft's executive vice president of security, said in a blog post at the time. Ta. “We have to try harder and we will.”

Microsoft wins at least a quarter of its U.S. contracts without meaningful competition, according to a 2023 report published by IT consultant Michael Garland and sponsored by digital industry group NetChoice. did.

The report also includes an example in which the government spent more than $100 million to purchase Microsoft Office to avoid the assumed costs of switching products.

In April, Sen. Ron Wyden, D-Ore., announced a draft bill that would prohibit federal agencies from purchasing collaboration technologies, such as Microsoft products, that do not comply with standards set by the National Institute of Standards and Technology. The bill would also require government agencies to use end-to-end encryption and other measures to further protect U.S. government communications from foreign surveillance.

Wyden introduced the Secure and Interoperable Government Collaboration Technologies Act, describing the federal government's reliance on Microsoft technology as a national security risk.

“Vendor lock-in, bundling and other anti-competitive practices cost governments millions of dollars on insecure software,” Wyden said in a statement. “It's time to break the shackles of big tech companies like Microsoft on government software.”

