On-Prem

Public Sector

Microsoft is a national security threat, says ex-White House cyber policy director

With little competition at the goverment level, Windows giant has no incentive to make its systems safer


Interview Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it's fair to call Redmond's recent security failures a national security issue. 

Grotto this week spoke with The Register in an interview you can watch below, in which he told us that exacting even slight concessions from Microsoft has been a major fight for the Feds.

"If you go back to the SolarWinds episode from a few years ago … [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." 

Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. 

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." 

Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern. 

But what can be done to solve the problem when 85 percent of US government productivity software, by Grotto's reckoning, and even more operating system share, belongs to Redmond? 

"The government needs to focus on encouraging and catalyzing competition," Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up. 

"At the end of the day, Microsoft, any company, is going to respond most directly to market incentives," Grotto told us. "Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be." ®

Send us news
121 Comments

Euro cloud crew says we-won't-sue deal with Microsoft is 'off-track'

Overseas pals urge US tech giant to 'rapidly' work on Azure Local project to make things right – sans licenses

Cloud market working well ... if you're AWS and Microsoft

Brit monopoly plod files report on health of local sector, says technical barriers and Redmond's licensing practices hurting smaller rivals + customers

Microsoft wants to quit building Army VR goggles, hand contract to Anduril

Will the Pentagon get Luckey with a new IVAS vendor?

Microsoft quietly erases Windows 11 TPM 2.0 bypass workaround from help page

You'll upgrade that aging piece of kit and you'll like it

Microsoft open sources PostgreSQL extensions to muscle in on NoSQL

But will it set a real standard for MongoDB alternatives?

OpenAI, Microsoft urge judge to toss out Musk's 'fact-free' lawsuit

Lawyers argue billionaire's 105-page complaint 'lurches from theory to theory'

Microsoft 365 price rises are coming – pay up or opt out (if you can find the button)

It's not auto-enrollment. It's just your current plan with extra Copilot for more money. Completely different

Dems want answers on national security risks posed by hiring freeze, DOGE probes

Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know

Microsoft talks up 'significant capital investments' in AI as sector reacts to DeepSeek

Windows vendor posts more bumper financials, but markets shrug

Want Intel in your Surface? That’ll be $400 extra, says Microsoft

Makes you wonder, how bad could Windows-on-Arm really be?

Russia's Sandworm caught snarfing credentials, data from American and Brit orgs

'Near-global' initial access campaign active since 2021

February's Patch Tuesday sees Microsoft offer just 63 fixes

Don't relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins