On-Prem

Public Sector

Microsoft is a national security threat, says ex-White House cyber policy director

With little competition at the goverment level, Windows giant has no incentive to make its systems safer


Interview Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it's fair to call Redmond's recent security failures a national security issue. 

Grotto this week spoke with The Register in an interview you can watch below, in which he told us that exacting even slight concessions from Microsoft has been a major fight for the Feds.

"If you go back to the SolarWinds episode from a few years ago … [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." 

Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. 

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." 

Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern. 

But what can be done to solve the problem when 85 percent of US government productivity software, by Grotto's reckoning, and even more operating system share, belongs to Redmond? 

"The government needs to focus on encouraging and catalyzing competition," Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up. 

"At the end of the day, Microsoft, any company, is going to respond most directly to market incentives," Grotto told us. "Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be." ®

Send us news
120 Comments

Microsoft's Brad Smith summoned by Homeland Security committee over 'cascade' of infosec failures

Major intrusions by both China and Russia leave a lot to be answered for

Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks

Also: Microsoft promises to git gud on cybersecurity; unqualified attackers are targeting your water systems, and more

Ten years ago Microsoft bought Nokia's phone unit – then killed it as a tax write-off

When bad management meets bad software, even great hardware is useless

Three years on from Biden infosec EO, and we're still trying to check all the boxes

It's taking time, but isn't a dead issue, US Government Accountability Office security director Marisol Cruz Cain says

Microsoft's carbon emissions up nearly 30% thanks to AI

Company will require certain suppliers to run on 100% carbon-free electricity ... by 2030

Return to office mandates had senior employees jumping ship

More stringent rules led to staff to find more remote options

Microsoft offers China-based engineers an option to relocate

Office could be decimated with around 800 offers reportedly made

Exchange Server SE set to debut just before 2019 version breathes its last

Administrators, start your engines

Spanish startups say 'no más' to Microsoft cloud dominance

Group alleges anticompetitive behavior

IBM Consulting bought into Microsoft's Copilot – now it'll help customers do the same

It's called Copilot Runway, not run away

Microsoft builds $3.3B cloud campus on Foxconn's failed Wisconsin LCD plant plot

A Pleasant spot to Mount an AI push

UK competition cops say Microsoft's stake in Mistral is not a merger

Watchdog drops official probe but IT giant's deal with Inflection AI and Amazon's with Anthropic still in play