Updated After high-profile interference with Microsoft’s systems, Google has made a triumphant march and is demanding that companies abandon Exchange and OneDrive in favor of Gmail and Google Drive.
Google’s arguments are presented in a white paper [PDF] The 14-page study published today, titled “A Safer Alternative,” details everything the search giant says is wrong with Microsoft’s approach to security.
It relies largely on the findings of the US government’s Cyber Safety Review Board (CSRB), which last month detailed how Microsoft handled the June 2023 attack on Exchange Online.
The CSRB was not impressed, criticizing the Windows titan’s lack of knowledge about how and when China’s Storm-0558 attackers were able to obtain a security key that allowed the crew to break into Redmond’s Exchange Online-hosted email service and searching people’s inboxes, or why A key created in 2016 would still be valid seven years later.
Google also brings up Uncle Sam’s Cybersecurity and Infrastructure Security Agency (CISA) report on a separate Midnight Blizzard attack in November.
Google Cloud glitch sends Australian fund sinking for a week
READ MORE
In fact, for the most part, the advertising industry simply let CSRB and CISA do the talking, quoting and quoting the CSRB report on the June 2023 breach a total of 16 times. Google, which accidentally deleted an Australian pension fund’s cloud subscription earlier this month, felt no need to crack down on its own comments, citing “Microsoft’s ongoing security issues” and saying: “Microsoft is unable to do this.” “to protect your systems and therefore your customers’ data.”
In addition to not knowing how Storm-0558 obtained the key used in the attack, Google also criticizes Microsoft’s security priorities and inaccurate public statements, such as the theory that the key came from a hypothetical crash dump. which was later rejected by Microsoft itself March.
One company’s breach is another’s advertising opportunity
Of course, Google isn’t just throwing its rival into bankruptcy for fun, but is using the opportunity to strengthen its rival enterprise software. The second half of the paper describes from Google’s perspective what makes Workspace better than the Microsoft ecosystem.
Google highlighted the CSRB paper, which highlighted Google’s cybersecurity practices as an example of what Microsoft should have done. The CSRB praised how Google rotated its keys and shortened the validity period, and of course the search giant dedicated an entire page to the topic.
The white paper even makes use of Google’s 2009 Operation Aurora breach, illustrating how the tech giant used it as a diversion to fix security issues.
Google Workspace vulnerabilities allow plaintext passwords to be stolen
READ MORE
The white paper is accompanied by two blog posts, which were also published today. These blog posts thankfully don’t mention Microsoft by name, although there’s still a lot of talk about Workspace’s seemingly superior security.
To try and snag some Microsoft customers, which is what Google pointed out The registry represented 85 percent of the US public sector in 2021, the Chrome giant is launching a new promotion. Agencies with at least 500 employees can use their Workspace Enterprise Plus plan at a discount and get an additional year free when they sign a three-year contract.
While that’s all fine at the moment, Google’s boasting about its amazing security certainly raises the stakes if the company also falls victim to a successful cyberattack. ®
Updated to add
“Our Secure Future Initiative (SFI) brings together all parts of Microsoft to advance cybersecurity protection across our platforms and products. This will benefit customers around the world, including commercial and government companies, small businesses and individuals,” a Redmond spokesperson told us.
“In addition to the SFI milestones we recently announced, Microsoft continues to work closely with stakeholders across the cybersecurity community, including signing CISA’s Secure by Design pledge and sharing threat intelligence on sophisticated nation-state and cybercrime actors to the security community.”