Rss.Slashdot
Federal Approval of Microsoft's Insecure Cloud Raises Cybersecurity Concerns
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In late 2024, federal cybersecurity evaluators expressed serious concerns about Microsoft's Government Community Cloud High (GCC High) due to its inadequate security documentation, which left them unable to assess its security posture confidently. Despite these concerns, the Federal Risk and Authorization Management Program (FedRAMP) authorized the product, allowing Microsoft to expand its government business significantly. This decision came after Microsoft had been implicated in two major cybersecurity breaches involving Russian and Chinese hackers. The internal report described Microsoft's cloud offering as 'a pile of shit,' highlighting the risks associated with its use for sensitive government information. The approval process, intended to ensure the security of cloud services, revealed significant breakdowns and a troubling deference to Microsoft. As a result, federal agencies may remain vulnerable to potential cyber threats due to the lack of verified security measures in place.
Key Points: • Federal cybersecurity evaluators found serious security flaws in Microsoft's GCC High cloud. • Despite concerns, FedRAMP authorized the cloud service, allowing Microsoft to expand its government contracts. • The approval process revealed significant breakdowns in ensuring the security of sensitive government information.