Lousy security culture, products as full of holes as a Swiss cheese, but "to big to fail and everyone is dependent". That's a description of Microsoft – not mine, but the tenor of the statements made by the former White House Director of Cyber Policy, Andrew J. Grotto, in an interview with
the British newspaper
The Register.
In terms of marketing, Redmond is at the top of its game, with a new pig being driven through the village every week: Cloud, Mobile First and now AI using Copilot. On the other hand, Microsoft has been conspicuous for years for its poor software quality and buggy updates, which then have to be corrected at great expense. And then there are the security incidents with Microsoft's cloud services, which are making Microsoft's customers nervous.
In the last 24 months, further security incidents have become known in which Microsoft servers were unprotected and accessible via the internet. I discussed the last case in the article
Unsecured Microsoft Azure Server exposes passwords etc. of Microsoft systems (Feb. 2024)).
Basically, the Microsoft Cloud is considered "compromised" and major customers in the US government are looking at how to reduce their dependencies on Microsoft. The US cyber security authority CISA has also issued an order requiring US authorities to check their systems for risks resulting from the Midnight Blizzard hack by the end of April 2024 (see
US CISA orders admins in authorities to mitigate the cyber risks of the Microsoft Cloud).
(But at the moment I doubt they will.)
