Microsoft considered a national security risk by former White House cyber policy director
Last year, Microsoft managed to grab no less than $20 billion in revenue for its security services. According to the former senior White House cyber policy director, AJ Grotto, federal agencies were paying the tech giant headquartered in Redmond a few years ago to get logging capabilities that are now provided by default. However, the fact that Microsoft is so resilient to change and has no real competition in the market area that targets federal agencies turns out to be a liability.
In an exclusive interview with The Register, Grotto said that "The government needs to focus on encouraging and catalyzing competition" and highlighted that the authorities also need to stop covering Microsoft's mistakes. During this interview, Grotto mentioned the SolarWinds breach, the Exchange Online intrusion by the Chinese, as well as one Microsoft security flaw that allowed Russian cyber operatives to take a look at US government emails. Due to these major security failures, he said that classifying Microsoft (and its products) as a national security concern is something fair.
While the government might be very resilient to change, the business environment can usually switch from one provider to another much faster if the benefit is obvious. In this case, if Microsoft's corporate customers decide to start looking elsewhere and the company acts accordingly by improving the security of its products, the government would end up on the winning side as well.
Those working in this field might want to check out Peter Rising's Microsoft 365 Security, Compliance, and Identity Administration: Plan and implement security and compliance strategies for Microsoft 365 and hybrid environments, which is available for Kindle and also in physical form.