Federal Approval of Microsoft's Insecure Cloud Raises Cybersecurity Concerns

Federal Approval of Microsoft's Insecure Cloud Raises Cybersecurity Concerns

First seen 18 Mar 2026, 16:44 UTC PropublicaRss.Slashdot 96% similarity 60.7

Article Content

Browse articles
ThreatCluster

In late 2024, federal cybersecurity evaluators expressed serious concerns about Microsoft's Government Community Cloud High (GCC High) due to its inadequate security documentation, which left them unable to assess its security posture confidently. Despite these concerns, the Federal Risk and Authorization Management Program (FedRAMP) authorized the product, allowing Microsoft to expand its government business significantly. This decision came after Microsoft had been implicated in two major cybersecurity breaches involving Russian and Chinese hackers. The internal report described Microsoft's cloud offering as 'a pile of shit,' highlighting the risks associated with its use for sensitive government information. The approval process, intended to ensure the security of cloud services, revealed significant breakdowns and a troubling deference to Microsoft. As a result, federal agencies may remain vulnerable to potential cyber threats due to the lack of verified security measures in place.

Key Points: • Federal cybersecurity evaluators found serious security flaws in Microsoft's GCC High cloud. • Despite concerns, FedRAMP authorized the cloud service, allowing Microsoft to expand its government contracts. • The approval process revealed significant breakdowns in ensuring the security of sensitive government information.

ThreatCluster AI

Timeline

2024-12-01
Federal cybersecurity evaluators express concerns about GCC High.
2024-12-15
FedRAMP approves Microsoft's GCC High despite security flaws.
2025-01-10
Microsoft implicated in Russian cyberattack on federal agencies.
2025-03-20
Chinese hackers infiltrate email accounts of U.S. officials.
2026-03-18
ProPublica publishes investigation into FedRAMP's approval process.

Community

Browse all →