We’re excited to bring Transform 2022 back in person on July 19 and virtually July 20 – August 3. Join AI and data leaders for insightful conversations and exciting networking opportunities. Learn more about Transform 2022
A new investigation commissioned by Google Cloud has targeted Microsoft for the security of its platforms for government employees — suggesting that the battle for customers in cybersecurity is heating up between the two cloud giants, security industry executives told VentureBeat.
This line of reasoning — that Microsoft is a fundamental part of the cybersecurity problem, rather than the solution — has been made in the past by Microsoft security rivals such as CrowdStrike. But the survey seems to be the most outspoken criticism of Microsoft by Google Cloud yet.
The results of the study were published Thursday in a blog post by Jeanette Manfra, senior director for global risks and compliance. The headline of the post — “Government Employees Say Microsoft Technology Is Making Them Less Secure: New Research” — makes it abundantly clear what Google Cloud wants to convey, industry executives said in comments via email on Thursday.
“The poll itself is a transparent attempt to create a marketing message against Microsoft,” said John Bambenek, principal threat hunter at IT and security firm Netenrich. “While that means taking the conclusions with a grain of salt, it also means they’re taking an aggressive approach to supplant Microsoft using techniques more commonly seen in political campaigns.”
The language of the post seems geared to a government audience, as it is “very much at home in Washington, DC,” Bambenek said.
‘more vulnerable’
The study’s main finding was related to Microsoft: 60% of government employees who responded said they believe that “the federal government’s reliance on Microsoft products and services makes it more vulnerable to hacking or a cyber attack.” The poll was conducted by Public Opinion Strategies and surveyed 338 US federal, state or local government employees
Based on these findings, “it is clear that there is an over-reliance on legacy solutions” [in government]despite a track record of cybersecurity vulnerabilities and poor user perception,” Manfra said in the blog post.
With this research, it’s reasonable to conclude that Google has “a direct shot at Microsoft,” said Amit Yoran, chairman and CEO of cybersecurity firm Tenable.
That’s obvious, since Google, like Microsoft, makes its steps very deliberate and precise, especially when it comes to its public comments, Yoran said.
Ultimately, “this doesn’t seem like a random investigation, especially given Google’s acquisition of Mandiant,” Yoran said, referring to Google’s agreement announced this month to acquire prominent cyber company Mandiant for $5.4 billion. Microsoft reportedly looked into the Mandiant acquisition before talks fell through and Google intervened.
Casey Bisson, head of product and developer relations at BluBracket, a code security solutions company, said he agreed that this research is part of Google’s attempt to challenge Microsoft’s market position. Microsoft Azure is not only a dominant productivity application provider and now a major security vendor in its own right, but is also the second largest public cloud platform by market share (21%) — behind AWS (33%), but ahead of Google Cloud (10%) , according to Synergy Research Group.
With this tactic, Google is taking on Microsoft on the security front by “using their legacy against them,” Bisson said. “Google is following the same playbook that Apple used against Microsoft two decades ago in the consumer space.”
Response from Microsoft
In a statement, Frank Shaw, corporate vice president of communications at Microsoft, called the Google Cloud survey “disappointing but not surprising” — given a report today about a lobbying campaign funded in part by Google that Shaw claims is “small businesses misrepresents”. †
“It is also useless to create divisions in the security community at a time when we should all work together for heightened vigilance,” Shaw said in the statement. “We will continue to work together across the industry to jointly defend our customers and government agencies, and we will continue to support the US government with our best software and security services.”
Google Cloud declined to comment Thursday on Microsoft’s statement or comments from cybersecurity industry executives.
The new research — which surveyed a total of 2,600 U.S. employees, including 338 government employees — builds on an earlier study commissioned by Google Cloud, which found that Microsoft held an 85% market share in office productivity software. The Google Workspace productivity suite competes with the Microsoft 365 suite of productivity apps.
Due to a number of factors, including the near ubiquity of its platforms, Microsoft will “always be an easy target for rivals when it comes to security,” said Aaron Turner, vice president for SaaS Attitude at Vectra.
And while it’s true that Microsoft has recently suffered from “significant security vulnerabilities as a result of increasing attacks on Azure Active Directory,” Turner said, Google Cloud has yet to prove itself as a comparable security competitor.
Major Security Investments
However, Google appears to be working hard on it: in addition to its planned acquisition of Mandiant, the company has recently made a series of other investments, including the January acquisition of SOAR (security orchestration, automation and response) company Siemplify and a series of expansions to its Chronicle. security platform.
In a recent interview with VentureBeat, Sunil Potti, vice president and general manager of Google Cloud’s security operations, said the contrast between Google Cloud and Microsoft’s approach to security should be clear.
“Microsoft has been very clear that they want to compete with all partners and everyone on security,” Potti said. Google, on the other hand, has chosen “a few markets that we think only a cloud provider should drive,” offering first-party products only in those spaces, he said.
“But around each of those first-party products, we’re going to create an ecosystem that leverages partners,” he said. That is, again, “unlike Microsoft, which wants to touch everything,” Potti said.
Industry analysts said Google definitely had Microsoft in its sights with the deal to acquire Mandiant. “Microsoft has dominated the security industry for the past few years and this series of acquisitions by Google shows its interest in playing a bigger role in the industry,” Forrester analyst Allie Mellen previously told VentureBeat.
Bad security practices to blame?
In the bigger picture, though, Google’s core argument about Microsoft doesn’t quite hold up, said Phil Neray, vice president of cyber defense strategy at cyber firm CardinalOps.
“The reality is that most high-profile attacks are the result of poor security practices rather than vulnerabilities in office productivity suites,” Neray said.
He pointed to past incidents, such as the 2015 federal Office of Personnel Management breach, attributed to having “insufficient security monitoring to detect unusual activity in the network after attackers stole credentials from a government contractor.”
Meanwhile, the 2017 Equifax breach was “the result of poor web server patching practices. The SolarWinds breach came after attackers infected software updates for an IT application widely used in both government and civilian organizations. The DNC breach was the result of a phishing attack,” Neray said. “And in the case of the Colonial Pipeline ransomware incident, the attackers took advantage of the fact that the company had a large number of open remote access ports that could be accessed over the Internet.”
VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more about membership.
This post Google Cloud Security Survey Is ‘Aggressive’ Move Versus Microsoft
was original published at “https://venturebeat.com/2022/03/31/google-cloud-security-survey-is-aggressive-move-vs-microsoft/”