The part of the story I hate the most:
Asked about experts’ arguments that Microsoft’s strategy of profiting off of cybersecurity is incompatible with a security-first mindset, Faehl says, “We would disagree with that characterization.”
I’m not going to argue strongly for this, but there’s a certain irony that if the defender suite (defender for identity, defender for cloud apps, fervently for office, and defender for endpoint) was instantly unlocked in their plan 2 version for every subscriber for free, that would kill a huge segment of the security market including some of the industry leaders like SentinelOne huntress labs, and even SEIM providers like splunk and Arctic wolf and dozens more. The XDR and identity management industry would instantly be forced into an anti competitive environment.
There’s an argument for ‘but if they built it secure, then you wouldn’t need to bolt on detections’. I think a relevant metaphor is you buy a house, but then you add detection like cameras and intrusion detection. Make sure the locks on the doors and windows aren’t bypassed.
So I would think there is some nuance. And frankly for small business the cost for m365 business premium which has all of that, including a bunch of information protection and data loss prevention. You just actually have more of a configuration requirement that nearly none of my customers I onboard ever have done…
Bruh, how incompetent they are.
This is the best summary I could come up with:
When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company.
It was another reminder of how insulated Microsoft has become from virtually any government accountability, even as the Biden administration vows to make powerful tech firms take more responsibility for America’s cyberdefense.
In 2023, China broke into the email accounts of 22 federal agencies, spying on senior State Department officials and Commerce Secretary Gina Raimondo ahead of multiple US delegation trips to Beijing.
As by far the biggest technology provider for the US government, Microsoft vulnerabilities account for the lion’s share of both newly discovered and most widely used software flaws.
As part of its Secure Future Initiative launched in November, Faehl says, Microsoft has improved its ability to automatically detect and block abuses of employee accounts, begun scanning for more types of sensitive information in network traffic, reduced the access granted by individual authentication keys, and created new authorization requirements for employees seeking to create company accounts.
Microsoft has also redeployed “thousands of engineers” to improve its products and has begun convening senior executives for status updates at least twice weekly, Faehl says.
The original article contains 930 words, the summary contains 206 words. Saved 78%. I’m a bot and I’m open source!
I guess so many countries are in the same position. Of course none of them is exactly in the same position, but almost every country is using Microsoft products.
To me this sounds crazy as you could have two enemies relying on the same company to provide an OS for them.
In a way, it would make sense for every country to have their own Linux distribution, tailored to their needs. I’ve only heard about India, some states in Germany doing this, but it seems like the perfect strategy.
My country is really regarding about what its employees are doing with the citizens data, but I guess they’re still relying on Microsoft to store all that data in many different countries.