IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google claims US government is too reliant on unsecure Microsoft products

The tech giant suggested it might be time for the government to rethink its approach to procurement

Google has called on the US government to rethink its practice of favouring Microsoft technology when procuring technology, accusing the company of having a reputation for cyber security vulnerabilities and poor user perception.

Repeated cyber security breaches on US government systems have interrupted vital work and cost the taxpayer billions of dollars, said Google Cloud’s Jeanette Manfra, senior director of Global Risk and Compliance in a blog post.

Manfra, who has spent 20 years in the public sector, most recently as the head of the Cybersecurity and Infrastructure Security Agency (CISA)’s cyber security division, claimed that the government was at a disadvantage due to its approach to procurement, and an over reliance on Microsoft products.

She pointed to a recent Google poll of 2,600 US government workers, which found that the majority of those surveyed reported being “very” concerned about cyber attacks against their employers in the coming years. Most of those surveyed (80%) also said that the recent attacks, like the SolarWinds breach, has them concerned about their personal data and privacy, and that of their family members.

Results also showed a lack of satisfaction with legacy software, with over 50% of government workers stating that there are other products or services that could help them do their jobs better.

According to Google's data, around 84% of D.C. metro government employees primarily use Microsoft products at work, including Word, Outlook, Teams, and OneDrive. This is confirmed by another recent study by Omdia which found 85% of government employees use Microsoft productivity software.

“This reliance on a single software suite might suggest that these products are safe and secure, but the Public Opinion Strategies survey found that more than half of all respondents said that the government’s reliance on these Microsoft products actually made the federal government more vulnerable to hacking or cyber attacks,” said Manfra.

However, a US Senate report released last August detailed that seven out of eight federal agencies had failed to protect critical data due to inadequate cyber security policies, rather than problems with their systems. It stated that most agencies failed to install security patches quickly enough, and warned that at least seven out of the eight agencies are still using legacy systems that have reached end of life, and no longer receive vendor security patches.

When survey respondents were asked why their employers used Microsoft services, 45% said the reason was because their employer has always used those products and services and doesn’t want to change, while 55% said because they are the most effective at helping them to do their job.

Related Resource

The state of SD-WAN, SASE and zero trust security architectures

Be a leader in the deployment of zero trust, SD-WAN and SASE

Whitepaper cover with graphic of a man stood on a laptop in front of a padlock, in front of a cloud with a server in the cloud, plus other peopleFree Download

Manfra said that with so many respondents reporting they're dissatisfied with their legacy IT solutions, it may be time for the government to rethink its approach to procurement.

“As governments work to meet the demands and preferences of their constituents—and their employees—it’s clear that there’s an overreliance on legacy solutions, despite a track record of cyber security vulnerabilities and poor user perception,” she added.

IT Pro has contacted Microsoft for comment.

Despite the tech giant criticising Microsoft for its cyber security, it isn't immune to these kinds of threats either. In February, it had to resolve a critical security flaw in Android 12 with its February 2022 Android security update. In the same month, the company had to release another wave of patches for seven high-severity issues affecting Chrome, including one zero-day vulnerability being actively exploited.

A report highlighted in January that Google Drive accounted for the most malware downloads in 2021, taking the top spot from Microsoft OneDrive. It accounted for 37% of all malicious downloads last year, while OneDrive fell to second place with 20% of downloads.

Google Cloud also revealed in November last year that 86% of compromised Google Cloud Platform instances in 2021 led to cryptocurrency miners being dropped into customers' environments. Its customers were heavily targeted by attackers who were attempting to leverage the high levels of compute available to them without having to pay for it.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
LinkedIn to pay $1.8 million to employees after settling gender discrimination charges
Careers & training

LinkedIn to pay $1.8 million to employees after settling gender discrimination charges

4 May 2022
Democrats propose privacy-focused digital dollar
digital currency

Democrats propose privacy-focused digital dollar

29 Mar 2022
Biden urges US businesses to prepare for Russian cyber attacks
cyber warfare

Biden urges US businesses to prepare for Russian cyber attacks

22 Mar 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022