Is Microsoft a national security threat due to their deep integrations into Federal agencies and the private sector?
Microsoft is a national security threat, says ex-White House cyber policy director
Overview: Microsoft has a shocking level of control over IT within the US federal government — so much so that former senior White House cyber policy director AJ Grotto thinks it’s fair to call Redmond’s recent security failures a national security issue.
Area of Impact: Everyone running Microsoft systems in their enterprise environment and interested in logging processes tracking system behavior.
TRIAGE: Microsoft has always been one of the biggest players in the IT space — but it took quite a long time for a focus on the security side of things to become a reality. Now that we have a focus from them on security in general, we see service maturity issues — as called out here, a massive issue around monitoring systems being a paid service with multiple tiers granting different levels of views into the data. U.S. governmental organizations are not the only ones facing an issue with tiered views into data going across the wires and missing the ability to detect threats due to restricted views tied into their subscription levels, and so this is really a worldwide concern. When a company that makes the systems also provides monitoring for those systems being a giant paywall, you start to see concerns around a conflict of interest between profit and reasonable efforts to really help secure systems worldwide.
My weekly update on the Top 5 CTI stories you need to know:
