Federal Cyber Experts Called Microsoft's Cloud "A Pile of Shit", yet Approved It
4 hours ago
- #Microsoft
- #Government IT
- #Cybersecurity
- FedRAMP was created to ensure the security of cloud technology for federal agencies.
- Microsoft's GCC High was authorized despite unresolved security concerns and lack of detailed documentation.
- Third-party assessors hired by Microsoft raised concerns but were limited by potential conflicts of interest.
- FedRAMP's review process was prolonged due to Microsoft's inability to provide required encryption details.
- The Justice Department and defense sector heavily rely on GCC High, despite known security risks.
- Microsoft faced criticism for using China-based engineers in government cloud systems, violating security protocols.
- FedRAMP's authorization of GCC High included a 'buyer beware' notice due to unresolved security issues.
- The program's budget and staff cuts under the Trump administration weakened its oversight capabilities.
- The Justice Department's cyber-fraud initiative targets companies misrepresenting cybersecurity practices, but no action has been taken against Microsoft.
- Former government officials, including Deputy Attorney General Lisa Monaco, were hired by Microsoft post-government service.