Google Raises Concern's about Microsoft Security: New Whitepaper shows
Google proposes a safer alternative.
Scathing report from DHS
Microsoft's security vulnerabilities reached a critical point recently, exposing U.S. and U.K. government customers in a series of high-profile attacks. Notably, a 2023 incident by Storm-0558 compromised sensitive government accounts across 22 organizations, impacting over 500 individuals and tens of thousands of emails. This breach triggered a scathing report from the Department of Homeland Security's Cyber Safety Review Board (CSRB). The report exposed a chain reaction of security failures and a corporate culture that downplayed both enterprise security investments and rigorous risk management.
Further amplifying concerns, a separate high-profile incident involved state-backed cyber actors known as Midnight Blizzard. This group successfully compromised Microsoft corporate email accounts, enabling them to steal email exchanges between Federal Civilian Executive Branch (FCEB) agencies and Microsoft. This critical breach prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue Emergency Directive ED 24-02.
What is the real target?
It's pretty obvious now that government agencies are a prime target for cyberattacks due to their sensitive data and many other factors. Most agencies heavily rely on Microsoft products. In a 2022 Google survey, 84% of all Washington, D.C. metro area employees use Microsoft products. Furthermore a broader survey from Omdia found 85% of all federal government employees use Microsoft.
Google Workspace has sizable market share in the business, education, and healthcare sectors - largely due to its ease of use, simple and intuitive interface, comprehensive billing, and most importantly advanced cybersecurity protections built-in.
Does that mean bad actors are targeting customers of Microsoft or going after specific targets of interest? That remains to be seen but likely a little of both. If the target is interesting enough it doesn't matter what platform or systems are used.
Another important question might be: if the tables were turned, Google happened to have higher market share in government, would the "scathing report" be about them? Of course Google doesn't think so.
Things to consider
No one is suggesting you haul off and switch you entire business or government agency from Microsoft to Google (oh, wait... no, that is exactly what Google is hoping for!) but, it might be a good opportunity for a deeper inspection and even a thorough evaluation/comparison of the two. At the least to see what the other has to offer. At least the whitepaper is compelling enough for customers to probe for more.
Considering such a decision is so big and impactful for everyone involved, consider outside help. A technology adviser or IT consultant can guide you through the process and introduce you to the right experts and partners.
Not all is lost
Google is certainly an option, and a pretty good one at that. Microsoft has made announcements addressing some of the concerns outlined in the report. They are making efforts to change the behavior and culture within Microsoft ranks. A recent Dark Reading article reports that at least a portion of executive compensation will be tied to meeting security goals.
About Cloud 9
Our advice always has been and remains: get the right partner in place. Having the right Microsoft or Google partner will have profound impact on your experience with either platform. Consider Cloud 9 your partner finder! That's all we do - connect our clients with the right partners, vendors, suppliers and service providers for Cybersecurity, Communications, Connectivity, and Cloud.