cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack

9 Replies
Early_Adopter
Community Champion

A failure cascade,
Systemically flawed,
Fit for purpose? No.

Knowing this, how many boards can justify using Microsoft for Office, Email, Storage, LLMs, IaaS, Databases, BI et Al?

How is the status quo justified? The writing might be on the wall but those charged with the responsibility of protecting their companies don’t seem to be reading it…

At the very least companies reliant on IP for their success should be seriously considering alternatives.
Caute_cautim
Community Champion

@Early_Adopter  

 

Government policies - go for the discounts best value for money?  Does it pay off in the end, when things like this occur?  

 

Regards

 

Caute_Cautim

Early_Adopter
Community Champion

Yeah, mostly rhetorical, as in we know the answer, however we probably require someone to regulate the service provider… do we know if Google is any better? Or just not worth attacking yet as not enough customers..?
Caute_cautim
Community Champion

@Early_Adopter    This also suggests that NIST SP800 53 R5 or NIST Cybersecurity Framework including SOC 1, SOC 2 reviews are inadequate for these circumstances - more rigorous measures need to be put in place and not precluding penalties or legal cases.

 

Regards

 

Caute_Cautim

Early_Adopter
Community Champion

Frankly I think at this stage we need to have massive increase to scope, depth and frequency on penetration testing.

Another concern is the temptation to shortcut for profits. We do need separation - you design it … ok you don’t build it, … you built it you don’t run it… you run it? We get someone else to test.

This last, the security testing needs to embrace all the techniques out there, be continuous and there needs to be a live score running for the consumers. Ubique
Caute_cautim
Community Champion

Hi All

 

This is an interesting consolidation on the Microsoft security issue:

 

https://www-securityweek-com.cdn.ampproject.org/c/s/www.securityweek.com/microsofts-security-chicken...

 

This could take years to resolve from a cultural perspective, certainly not overnight.

 

Regards

 

Caute_Cautim

 

Caute_cautim
Community Champion

HI All

 

Another piece about the Microsoft issue:  A lot of questions to ask our respective Governments:

 

https://www.theregister.com/2024/04/05/microsoft_government_contracts/?utm_source=daily&utm_medium=n...

 

Regards

 

Caute_Cautim

Early_Adopter
Community Champion

Yup, takes a while to turn that mindship around.
Caute_cautim
Community Champion

Hi All

 

Have a look at this subsequent analysis too:

 

https://accelerationeconomy.com/cloud-wars/microsoft-cybersecurity-disaster-triggers-customer-doubt-...

 

Regards

 

Caute_Cautim