We are fired up to provide Transform 2022 again in-individual July 19 and just about July 20 – August 3. Sign up for AI and info leaders for insightful talks and thrilling networking possibilities. Understand a lot more about Renovate 2022
A new survey commissioned by Google Cloud delivers pointed criticism towards Microsoft around the security of its platforms for government staff — suggesting that the struggle for consumers in cybersecurity is heating up in between the two cloud giants, security field executives explained to VentureBeat.
This line of argument — that Microsoft is a essential component of the cybersecurity problem, fairly than the resolution — has been designed in the earlier by Microsoft security rivals this sort of as CrowdStrike. But the study appears to be the most outspoken critique of this sort against Microsoft by Google Cloud so far.
The success of the survey have been introduced Thursday in a weblog put up by Jeanette Manfra, senior director for world wide possibility and compliance. The post’s headline — “Government workers say Microsoft tech tends to make them considerably less safe: new survey” — tends to make it abundantly clear what Google Cloud is aiming to express, business executives reported in feedback through e mail on Thursday.
“The poll alone is a clear try to build a marketing message versus Microsoft,” reported John Bambenek, principal danger hunter at IT and safety functions organization Netenrich. “While that suggests taking its conclusions with a grain of salt, it also means they are using an aggressive strategy to displace Microsoft applying tactics far more often found in political strategies.”
The language of the write-up looks customized to a govt audience, as it is “very significantly at dwelling in Washington, D.C.,” Bambenek stated.
The survey’s crucial acquiring linked to Microsoft: 60% of governing administration workers who responded reported they believe that “the federal government’s reliance on products and companies from Microsoft helps make it more vulnerable to hacking or a cyberattack.” The poll was conducted by General public View Techniques, and surveyed 338 personnel used by the federal, point out or community governing administration all-around the U.S.
Based on these results, “it’s very clear that there is an overreliance on legacy alternatives [in government], even with a monitor report of cybersecurity vulnerabilities and weak person perception,” Manfra mentioned in the site publish.
With this study, it is good to conclude that Google is “taking a immediate shot at Microsoft,” reported Amit Yoran, chairman and CEO of cybersecurity agency Tenable.
Which is clear supplied that Google, a lot like Microsoft, makes its moves very intentionally and specifically — notably when it arrives to its community comments, Yoran stated.
In the long run, this “doesn’t seem to be like a random study, specially contemplating Google’s acquisition of Mandiant,” Yoran stated, referring to Google’s agreement disclosed this month to get prominent cyber business Mandiant for $5.4 billion. Before, Microsoft had reportedly appeared at buying Mandiant, right before the talks fell through and Google stepped in.
Casey Bisson, head of products and developer relations at code safety options firm BluBracket, said he agreed that this survey is section of an endeavor by Google to obstacle Microsoft’s marketplace posture. Together with getting a dominant company of efficiency programs and now a key stability seller in its possess correct, Microsoft Azure also ranks as the 2nd-most significant general public cloud system by marketplace share (21%) — at the rear of AWS (33%) but in advance of Google Cloud (10%), in accordance to Synergy Research Group.
With this tactic, Google is having on Microsoft in security by “leveraging their legacy from them,” Bisson reported. “Google is following the similar playbook Apple utilised towards Microsoft in the customer house two decades ago.”
In a statement, Frank Shaw, corporate vice president for communications at Microsoft, identified as the Google Cloud survey “disappointing but not surprising” — specified a report nowadays about a lobbying campaign funded in aspect by Google, which Shaw claims has been “misrepresenting tiny businesses.”
“It is also unhelpful to produce divisions in the stability group at a time when we really should all be performing alongside one another on heightened alert,” Shaw explained in the statement. “We will keep on to collaborate across the business to jointly defend our shoppers and authorities agencies, and we will go on to assistance the U.S. authorities with our finest software package and protection providers.”
Google Cloud declined to comment Thursday on Microsoft’s statement or the remarks by cybersecurity marketplace executives.
The new study — which polled a overall of 2,600 American staff, including the 338 governing administration employees — builds on a earlier Google Cloud-commissioned survey that uncovered 85% sector share for Microsoft in the business office efficiency computer software house. The Google Workspace efficiency suite competes with the Microsoft 365 suite of productiveness apps.
Owing to a quantity of elements, like the in the vicinity of-ubiquity of its platforms, Microsoft “will always be an straightforward concentrate on for rivals when it will come to protection,” claimed Aaron Turner, vice president for SaaS posture at Vectra.
And when it is correct that Microsoft has suffered from “significant protection troubles these days owing to the intensifying assaults on Azure Energetic Directory,” Turner mentioned, Google Cloud has nonetheless to verify alone as a equivalent competitor in the protection area.
Massive security investments
Google seems to be doing work really hard on it, nevertheless: In addition to the prepared Mandiant acquisition, the corporation produced a flurry of other investments not too long ago such as the acquisition of SOAR (stability orchestration, automation and reaction) company Siemplify in January and a sequence of expansions to its Chronicle protection platform.
In a modern interview with VentureBeat, Sunil Potti, vice president and standard supervisor for Google Cloud’s safety small business, mentioned the contrast in between Google Cloud and Microsoft’s strategies to security must be obvious.
“Microsoft has been pretty distinct that they want to contend in protection in opposition to all the companions, and most people,” Potti claimed. Google, on the other hand, has selected “a few marketplaces we believe a cloud company by itself really should push,” and is giving very first-occasion goods just in all those spaces, he claimed.
“But about just about every of these initially-occasion products and solutions, we’ll generate an ecosystem that leverages associates,” he said. That, yet again, is “unlike Microsoft, who would like to contact everything,” Potti claimed.
Industry analysts reported that Google most surely had Microsoft in its sights with the deal to obtain Mandiant. “Microsoft has been dominating the safety industry for the earlier numerous years, and this string of acquisitions by Google demonstrates its desire in actively playing a even larger role in the market,” Forrester analyst Allie Mellen beforehand explained to VentureBeat.
Weak safety procedures to blame?
In the bigger scheme of factors, even though, Google’s core argument about Microsoft does not solely keep up, explained Phil Neray, vice president of cyber defense tactic at cyber business CardinalOps.
“The truth is that most significant-profile attacks are the outcome of lousy stability practices somewhat than vulnerabilities in workplace productiveness suites,” Neray claimed.
He pointed to previous incidents these as the federal Workplace of Staff Management breach in 2015, attributed to getting “insufficient safety monitoring to detect abnormal activity in the community right after attackers stole credentials from a governing administration contractor.”
Meanwhile, the Equifax breach in 2017 “was the result of very poor internet server patching techniques. The SolarWinds breach transpired following attackers infected software program updates for an IT application that’s extensively made use of in the two govt and civilian corporations. The DNC breach was the end result of a phishing assault,” Neray reported. “And in the situation of the Colonial Pipeline ransomware incident, the attackers exploited the truth that the organization experienced a large amount of open distant access ports obtainable from the world wide web.”
VentureBeat’s mission is to be a digital town square for technical final decision-makers to get awareness about transformative company technologies and transact. Discover far more about membership.