Download a lifetime license to Microsoft Office at a deep discount with this deal. Stack Social If you need access to Microsoft Office but don’t want to pay the yearly fee to access Office 365, you’re in luck: Stack Social is offering a lifetime license for Microsoft Office Professional 2021 for Windows or Mac, starting […] More

Google Cloud has published the results of a survey that it says shows the pervasive use of Microsoft tools in government is making workers less secure.The company, via the pollster Public Opinion Strategies, asked workers about their thoughts of the US government’s reliance on Office and Microsoft’s productivity software like Word, Teams, Outlook, and OneDrive. 

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

Respondents were asked: “Do you believe the federal government’s reliance on products and services from Microsoft makes it more vulnerable or less vulnerable to hacking or a cyberattack?”SEE: Cloud computing is the key to business success. But unlocking its benefits is hard workThe 2,600 people surveyed by Google Cloud included 600 workers from the D.C. metro area and 338 federal, state, or local governments employees from across the US.Nationwide, 60% of government employees said the government’s reliance on Microsoft’s productivity tech does make it more vulnerable. In the D.C. metro area, 57% of government employees thought so too. Workers in general, however, were more divided on the question: 51% of all workers nationwide said it does, while 49% in D.C. thought it does. While the results from the survey are finely balanced, Google Cloud’s take on the results was “Government workers say Microsoft tech makes them less secure.” “More than half of all respondents said that the government’s reliance on these Microsoft products actually made the federal government more vulnerable to hacking or cyberattacks,” says Jeanette Manfra, Google Cloud’s senior director of global risk and compliance, in a blogpost. Manfra, who joined Google Cloud in 2020 after a senior role at the US Cybersecurity and Infrastructure Agency (CISA), said the US government was hobbled by legacy software and a “legacy mindset”.”Many government agencies continue to rely on the same legacy productivity software,” said Manfra. But Microsoft’s corporate Vice President of Communications Frank X. Shaw said it was “unhelpful” to create divisions in the security community at a time when everyone should be working together on heightened alert. “We will continue to collaborate across the industry to jointly defend our customers and government agencies, and we will continue to support the U.S. government with our best software and security services,” he said in a statement.SEE: Cloud computing: Spreading the risk with the multicloud approachThe survey also asked respondents why government IT continues to rely on Microsoft, questioning them as to why their employer chooses Microsoft tools, and the responses did not suggest a huge enthusiasm for change. More than half (55%) of workers said it was because the tools are the most effective at helping them do their jobs; 45% said it was because their employer has always used those same products and services and doesn’t want to change.  But Manfra says the respondents believed the choice of Microsoft had “more to do with inertia than innovation”.Manfra argues this trend could be leading workers to use services at work that aren’t approved by IT departments aka “shadow IT”. Google Cloud’s survey found 35% of D.C. metro government employees have used shadow IT at work and as many as 41% of workers age 20 to 34. Manfra also notes its survey found that 70% of government workers use Gmail outside of work.   Microsoft Office 365’s rival is Google Workspace, which achieved FedRAMP High authorization in November. Google also earned IL4 authorization from the Defense Information Systems Agency (DISA) in November: Microsoft points out that Office 365 is accredited to IL6.  More

A new study from HP has highlighted the precarious — and often contentious — situations IT teams are facing when trying to improve cybersecurity for remote workers.  The new Rebellions & Rejections report from HP Wolf Security surveyed 1100 IT decision-makers and also gleaned insights from a YouGov online survey of 8443 office workers who now work from home.  The study found that IT workers often feel like they have no choice but to compromise cybersecurity in order to appease workers who complain about how certain measures slow down business processes. Some remote workers — particularly those aged 24 and younger — outright reject cybersecurity measures they believe “get in the way” of their deadlines.  More than 75% of IT teams said cybersecurity took a “backseat to business continuity during the pandemic,” and 91% reported feeling pressured into compromising security for business practices.  Nearly half of all office workers under the age of 24 said cybersecurity tools were “a hindrance”, and 31% admitted to outright bypassing certain corporate security policies to get work done.  Unfortunately, almost half of the office workers of all ages believe cybersecurity measures waste their time, and the figure increases to 64% among those under the age of 24. The survey found that 54% of 18-24-year-olds cared more about their deadlines than causing a data breach.  Researchers found that 39% of respondents did not fully know what their organization’s security policies are, causing 83% of all IT workers surveyed to call remote work a “ticking time bomb” for data breaches. 

Ian Pratt, global head of security for personal systems at HP, said the fact that workers are actively circumventing security should be a worry for any CISO.  “This is how breaches can be born,” Pratt said. “If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows with unobtrusive, secure-by-design and user-intuitive technology. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up.” IT leaders have had to take certain measures to deal with recalcitrant remote workers, including updating security policies and restricting access to certain websites and applications.  But these practices are causing resentment among workers, 37% of whom say the policies are “often too restrictive.” The survey of IT leaders found that 90% have received pushback because of security controls, and 67% said they get weekly complaints about it.  More than 80% of IT workers said, “trying to set and enforce corporate policies around cybersecurity is impossible now that the lines between personal and professional lives are so blurred”, and the same number of respondents said security had become a “thankless task.”  Nearly 70% said they were viewed as “the bad guys” because of the restrictions they impose to protect workers.  “CISOs are dealing with increasing volume, velocity and severity of attacks. Their teams are having to work around the clock to keep the business safe while facilitating mass digital transformation with reduced visibility,” said Joanna Burkey, HP’s CISO. “Cybersecurity teams should no longer be burdened with the weight of securing the business solely on their shoulders; cybersecurity is an end-to-end discipline in which everyone needs to engage.” Burkey added that IT teams need to engage and educate employees on the growing cybersecurity risks while understanding how security impacts workflows and productivity.  Cybersecurity experts like YouAttest CEO Garret Grajek said every new access method, user pool and technology adds attack vectors and vulnerabilities for hackers.  “We just saw that even the best WFH plans might be vulnerable w/ over 500k of Fortinet VPN users being exposed,” Grajek noted. “As with the other attack vectors, enterprises have to assume they will be breached and then ensure that rogue users access and actions are mitigated or limited.” More

Credit: Microsoft
Microsoft released a new Windows 11 Insider build on October 27 — Windows 11 Build 22489. In the release notes for this Dev Channel build, Microsoft officials disclosed there’s going to be yet another way to update Windows outside of major OS updates called “Online Service Experience Packs.” The mention of this new update pack was in the context of the “Your Microsoft Account” settings page, which Microsoft is now testing as part of some future update to Windows 11. A subset of Dev Channel Insiders is getting the new Your Microsoft Account setting page as part of Build 22489. This new page will display information related to users’ Microsoft Account, such as subscriptions to Microsoft 365, links to order history, payment details and Microsoft Rewards. Via this page, users will be able to access their Microsoft Accounts directly in the Settings in Windows 11. The details about what Online Service Experience Packs are and what, exactly, they’ll be updating are sparse right now. Microsoft officials said in today’s blog post about the new build: “Over time, we plan to improve the Your Microsoft account settings page based on your feedback from Feedback Hub via Online Service Experience Packs. These Online Service Experience Packs work in a similar way as the Windows Feature Experience Packs do, allowing us to make updates to Windows outside of major OS updates. The difference between the two is that the Windows Feature Experience Packs can deliver broad improvements across multiple areas of Windows, whereas the Online Service Experience Packs are focused on delivering improvements for a specific experience such as the new Your Microsoft account settings page.” Under Windows Update, users ultimately will see “Online Service Experience Pack – Windows.Settings.Account” with a version number. Microsoft execs have said fairly little about Windows Feature Experience Packs. These packs, introduced with Windows 10, have included the updated Snipping Tool, text input panel, and shell-suggestion UI.In addition to the new Your Microsoft Account settings page, Microsoft also has added support in today’s test build for “Discovery of Designated Resolvers.” This feature, which builds on DNS over HTTPS, allows Windows to discover encrypted DNS configurations from a DNS resolver known only by its IP address. Microsoft also is updating the name of the “Connect” app to “Wireless Display.” And it is splitting the Apps & Features in settings to two pages under Apps: Installed Apps and Advanced App Settings. The rest of Microsoft’s post about today’s build lists a bunch of fixes and known issues.Earlier this month, Microsoft introduced yet another Windows-updating-related feature to Windows Insiders. That mechanism, called Update Stack Packages, is designed to “deliver update improvements outside of major OS updates, such as new builds.”  Officials declined to say more about what exactly these Update Stack Packages are at this point. More

gremlin/Getty Images Some people update to the latest version of an operating system as soon as it’s available. Others hang on to their old operating system until it’s covered in cobwebs and dust. Red Hat lets you do both. First, the Linux and hyper-cloud leader released its newest flagship Linux distro — Red Hat Enterprise Linux (RHEL) […] More