in

Government workers rely on Microsoft. That could be a security problem, Google claims

Google Cloud has published the results of a survey that it says shows the pervasive use of Microsoft tools in government is making workers less secure.

The company, via the pollster Public Opinion Strategies, asked workers about their thoughts of the US government’s reliance on Office and Microsoft’s productivity software like Word, Teams, Outlook, and OneDrive. 

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

Respondents were asked: “Do you believe the federal government’s reliance on products and services from Microsoft makes it more vulnerable or less vulnerable to hacking or a cyberattack?”

SEE: Cloud computing is the key to business success. But unlocking its benefits is hard work

The 2,600 people surveyed by Google Cloud included 600 workers from the D.C. metro area and 338 federal, state, or local governments employees from across the US.

Nationwide, 60% of government employees said the government’s reliance on Microsoft’s productivity tech does make it more vulnerable. In the D.C. metro area, 57% of government employees thought so too. Workers in general, however, were more divided on the question: 51% of all workers nationwide said it does, while 49% in D.C. thought it does. 

While the results from the survey are finely balanced, Google Cloud’s take on the results was “Government workers say Microsoft tech makes them less secure.” 

“More than half of all respondents said that the government’s reliance on these Microsoft products actually made the federal government more vulnerable to hacking or cyberattacks,” says Jeanette Manfra, Google Cloud’s senior director of global risk and compliance, in a blogpost. 

Manfra, who joined Google Cloud in 2020 after a senior role at the US Cybersecurity and Infrastructure Agency (CISA), said the US government was hobbled by legacy software and a “legacy mindset”.

“Many government agencies continue to rely on the same legacy productivity software,” said Manfra. 

But Microsoft’s corporate Vice President of Communications Frank X. Shaw said it was “unhelpful” to create divisions in the security community at a time when everyone should be working together on heightened alert. “We will continue to collaborate across the industry to jointly defend our customers and government agencies, and we will continue to support the U.S. government with our best software and security services,” he said in a statement.

SEE: Cloud computing: Spreading the risk with the multicloud approach

The survey also asked respondents why government IT continues to rely on Microsoft, questioning them as to why their employer chooses Microsoft tools, and the responses did not suggest a huge enthusiasm for change. 

More than half (55%) of workers said it was because the tools are the most effective at helping them do their jobs; 45% said it was because their employer has always used those same products and services and doesn’t want to change.  

But Manfra says the respondents believed the choice of Microsoft had “more to do with inertia than innovation”.

Manfra argues this trend could be leading workers to use services at work that aren’t approved by IT departments aka “shadow IT”. Google Cloud’s survey found 35% of D.C. metro government employees have used shadow IT at work and as many as 41% of workers age 20 to 34. Manfra also notes its survey found that 70% of government workers use Gmail outside of work.   

Microsoft Office 365’s rival is Google Workspace, which achieved FedRAMP High authorization in November. Google also earned IL4 authorization from the Defense Information Systems Agency (DISA) in November: Microsoft points out that Office 365 is accredited to IL6. 


Source: Information Technologies - zdnet.com

The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities

Zyxel urges customers to patch critical firewall bypass vulnerability