We’re excited to carry Remodel 2022 again in-person July 19 and just about July 20 – August 3. Be part of AI and information leaders for insightful talks and thrilling networking alternatives. Be taught extra about Remodel 2022


A brand new survey commissioned by Google Cloud brings pointed criticism towards Microsoft over the safety of its platforms for presidency staff — suggesting that the battle for purchasers in cybersecurity is heating up between the 2 cloud giants, safety trade executives informed VentureBeat.

This line of argument — that Microsoft is a basic a part of the cybersecurity downside, somewhat than the answer — has been made prior to now by Microsoft safety rivals akin to CrowdStrike. However the survey seems to be probably the most outspoken critique of this sort towards Microsoft by Google Cloud up to now.

The outcomes of the survey had been launched Thursday in a blog post by Jeanette Manfra, senior director for international threat and compliance. The put up’s headline — “Authorities staff say Microsoft tech makes them much less safe: new survey” — makes it abundantly clear what Google Cloud is aiming to convey, trade executives mentioned in feedback through electronic mail on Thursday.

“The ballot itself is a clear try and create a advertising message towards Microsoft,” mentioned John Bambenek, principal risk hunter at IT and safety operations agency Netenrich. “Whereas meaning taking its conclusions with a grain of salt, it additionally means they’re taking an aggressive method to displace Microsoft utilizing strategies extra typically seen in political campaigns.”

The language of the put up appears tailor-made to a authorities viewers, as it’s “very a lot at house in Washington, D.C.,” Bambenek mentioned.

‘Extra susceptible’

The survey’s key discovering associated to Microsoft: 60% of presidency workers who responded mentioned they consider that “the federal authorities’s reliance on services and products from Microsoft makes it extra susceptible to hacking or a cyberattack.” The ballot was carried out by Public Opinion Methods, and surveyed 338 staff employed by the federal, state or native authorities across the U.S.

Based mostly on these findings, “it’s clear that there’s an overreliance on legacy options [in government], regardless of a monitor file of cybersecurity vulnerabilities and poor consumer notion,” Manfra mentioned within the weblog put up.

With this survey, it’s honest to conclude that Google is “taking a direct shot at Microsoft,” mentioned Amit Yoran, chairman and CEO of cybersecurity agency Tenable.

That’s clear provided that Google, very similar to Microsoft, makes its strikes very intentionally and exactly — notably with regards to its public feedback, Yoran mentioned.

In the end, this “doesn’t look like a random survey, particularly contemplating Google’s acquisition of Mandiant,” Yoran mentioned, referring to Google’s settlement disclosed this month to accumulate outstanding cyber agency Mandiant for $5.4 billion. Earlier, Microsoft had reportedly checked out buying Mandiant, earlier than the talks fell by and Google stepped in.

Casey Bisson, head of product and developer relations at code safety options agency BluBracket, mentioned he agreed that this survey is a part of an try by Google to problem Microsoft’s market place. Together with being a dominant supplier of productiveness functions and now a serious safety vendor in its personal proper, Microsoft Azure additionally ranks because the second-largest public cloud platform by market share (21%) — behind AWS (33%) however forward of Google Cloud (10%), in response to Synergy Analysis Group.

With this tactic, Google is taking up Microsoft in safety by “leveraging their legacy towards them,” Bisson mentioned. “Google is following the identical playbook Apple used towards Microsoft within the shopper area twenty years in the past.”

Microsoft’s response

In an announcement, Frank Shaw, company vice chairman for communications at Microsoft, known as the Google Cloud survey “disappointing however not stunning” — given a report at the moment a couple of lobbying marketing campaign funded partially by Google, which Shaw claims has been “misrepresenting small companies.”

“It’s also unhelpful to create divisions within the safety neighborhood at a time after we ought to all be working collectively on heightened alert,” Shaw mentioned within the assertion. “We are going to proceed to collaborate throughout the trade to collectively defend our prospects and authorities companies, and we are going to proceed to assist the U.S. authorities with our greatest software program and safety providers.”

Google Cloud declined to remark Thursday on Microsoft’s assertion or the feedback by cybersecurity trade executives.

The brand new survey — which polled a complete of two,600 American staff, together with the 338 authorities workers — builds on a earlier Google Cloud-commissioned survey that discovered 85% market share for Microsoft within the workplace productiveness software program area. The Google Workspace productiveness suite competes with the Microsoft 365 suite of productiveness apps.

On account of various components, together with the near-ubiquity of its platforms, Microsoft “will all the time be a straightforward goal for rivals with regards to safety,” mentioned Aaron Turner, vice chairman for SaaS posture at Vectra.

And whereas it’s true that Microsoft has suffered from “important safety issues these days as a result of intensifying assaults on Azure Lively Listing,” Turner mentioned, Google Cloud has but to show itself as a comparable competitor within the safety area.

Huge safety investments

Google seems to be working arduous on it, although: Apart from the deliberate Mandiant acquisition, the corporate made a flurry of different investments not too long ago together with the acquisition of SOAR (safety orchestration, automation and response) agency Siemplify in January and a sequence of expansions to its Chronicle safety platform.

In a current interview with VentureBeat, Sunil Potti, vice chairman and normal supervisor for Google Cloud’s safety enterprise, mentioned the distinction between Google Cloud and Microsoft’s approaches to safety ought to be apparent.

“Microsoft has been very clear that they wish to compete in safety towards all of the companions, and all people,” Potti mentioned. Google, alternatively, has chosen “a couple of markets we consider a cloud supplier alone ought to drive,” and is providing first-party merchandise simply in these areas, he mentioned.

“However round every of these first-party merchandise, we’ll create an ecosystem that leverages companions,” he mentioned. That, once more, is “not like Microsoft, who desires to the touch all the pieces,” Potti mentioned.

Trade analysts mentioned that Google most undoubtedly had Microsoft in its sights with the deal to accumulate Mandiant. “Microsoft has been dominating the safety trade for the previous a number of years, and this string of acquisitions by Google reveals its curiosity in taking part in a much bigger position within the trade,” Forrester analyst Allie Mellen beforehand informed VentureBeat.

Poor safety practices accountable?

Within the bigger scheme of issues, although, Google’s core argument about Microsoft doesn’t completely maintain up, mentioned Phil Neray, vice chairman of cyber protection technique at cyber agency CardinalOps.

“The truth is that almost all high-profile assaults are the results of poor safety practices somewhat than vulnerabilities in workplace productiveness suites,” Neray mentioned.

He pointed to previous incidents such because the federal Workplace of Personnel Administration breach in 2015, attributed to having “inadequate safety monitoring to detect uncommon exercise within the community after attackers stole credentials from a authorities contractor.”

In the meantime, the Equifax breach in 2017 “was the results of poor net server patching practices. The SolarWinds breach occurred after attackers contaminated software program updates for an IT utility that’s broadly utilized in each authorities and civilian organizations. The DNC breach was the results of a phishing assault,” Neray mentioned. “And within the case of the Colonial Pipeline ransomware incident, the attackers exploited the truth that the corporate had a excessive variety of open distant entry ports accessible from the web.”

Source link