We are excited to bring Transform 2022 back to life on 19th July and virtually 20th July – 3rd August. Join AI and data leaders for sensible conversations and exciting networking opportunities. Learn more about Transform 2022
A new survey launched by Google Cloud criticizes Microsoft over the security of its platform for government employees – indicating that the battle for consumers in cyber security is heating up between the two cloud giants, security industry officials told VentureBeat.
This line of argument – that Microsoft is a fundamental part of the cyber security problem, rather than a solution – has been made in the past by Microsoft security competitors such as CrowdStrike. But the survey appears to be the clearest criticism of Microsoft by Google Cloud so far.
The results of the survey were released on Thursday in a blog post by Janet Manfra, senior director for global risk and compliance. The post’s headline – “Government employees say Microsoft tech makes them less secure: new survey” – makes it abundantly clear what Google Cloud aims to convey, industry officials said in comments via email Thursday.
“The vote itself is a transparent attempt to create a marketing message against Microsoft,” said John Bambanek, chief dangerous hunter at IT and security operations firm Netenrich. “While it means taking its conclusions with a grain of salt, it also means that they are taking an aggressive approach to displacing Microsoft, using techniques often seen in political campaigns.”
The language of the post seems to suit government audiences, as it is “at home in Washington, DC,” Bambanek said.
Key findings from a Microsoft-related survey: 60% of government employees who respond said they believe the federal government’s reliance on Microsoft’s products and services makes it more susceptible to hacking or cyber attacks. The poll was conducted by Public Opinion Strategy, and surveyed 338 workers employed by federal, state or local governments around the U.S.
Based on these findings, “it is clear that there is an over-reliance on inheritance solutions [in government]Despite a track record of cyber security vulnerabilities and poor user perceptions, “Manfra said in a blog post.
With the survey, Amit Yora, chairman and CEO of cybersecurity firm Tenable, said it was fair to conclude that Google was “directly attacking Microsoft.”
It is clear that Google, like Microsoft, is moving very deliberately and precisely – especially when it comes to its public comments, Yora said.
Ultimately, this “doesn’t look like a random survey, especially considering Google’s acquisition of Mandiant,” Yoran said, referring to Google’s agreement to acquire Leading cyber firm Mandiant for 5. 5.4 billion this month. Earlier, Microsoft allegedly focused on acquiring Mandiant, before negotiations took place and Google entered into it.
Casey Bisan, head of product and developer relations at code security solutions firm BlueBracket, said they agreed the survey was part of an effort by Google to challenge Microsoft’s market position. As a dominant provider of productivity applications and now a major security vendor in its own right, Microsoft Azure also ranks as the second-largest public cloud platform by market share (21%) – behind AWS (33%) but ahead of Google. . Cloud (10%), according to Synergy Research Group.
Bisan said that with this tactic, Google is taking advantage of their legacy against Microsoft in security. “Google is following the same playbook that Apple used against Microsoft in the consumer space two decades ago.”
In a statement, Frank Shaw, corporate vice president of communications at Microsoft, called the Google Cloud Survey “disappointing but not surprising” – a report on a Google-funded lobbying campaign today, which the show claims to be “small”. Have been. “”
“It is also unhelpful to create divisions in the security community at a time when we should all work together on high alert,” Shaw said in a statement. “We will continue to collaborate across the industry to jointly protect our customers and government agencies, and we will continue to support the US government with our best software and security services.”
Google Cloud on Thursday declined to comment on Microsoft’s statement or comments from cybersecurity industry officials.
The new survey – which polled a total of 2,600 American workers, including 338 government employees – is based on a previous Google cloud-commissioned survey that found 85% market share for Microsoft in the Office Productivity software space. Google Workspace Productivity Suite competes with the Microsoft 365 suite of productivity applications.
Aaron Turner, vice president of SaaS Posture at Vectra, said that due to a number of factors, including the near ubiquity of its platform, Microsoft “will always be an easy target for competitors when it comes to security.”
And while it is true that Microsoft has been suffering from significant security issues recently due to intense attacks on Azure Active Directory, Turner said that Google Cloud has yet to prove itself as a comparable competitor in the security space.
Large security investments
Google seems to be working hard on it, though: In addition to the planned mandate acquisition, the company recently made a splash in January with other investments, including the acquisition of SOAR (Security Orchestration, Automation and Response) firm Simplify and its expansion. Chronicle Security Platform.
In a recent interview with VentureBeat, Sunil Potti, vice president and general manager of Google Cloud’s security business, said the difference between Google Cloud’s and Microsoft’s approaches to security should be clear.
“Microsoft is very clear that it wants to compete in security against all partners and everyone,” Potty said. Google, on the other hand, has selected some markets where we believe the cloud provider should “drive alone” and offer first-party products in those spaces, he said.
“But around each of those first-party products, we will create an ecosystem that benefits the partners,” he said. It is, again, “unlike Microsoft, which wants to touch everything,” Potty said.
Industry analysts said that Google was definitely considering Microsoft with the deal to acquire Mandiant. “Microsoft has dominated the security industry for many years, and this series of acquisitions by Google shows its interest in playing a big role in the industry,” Forrester analyst Eli Melan told VentureBeat earlier.
Blame it on poor security practices?
Phil Nere, vice president of cyber defense strategy at cyber firm CardinalOps, said that in the larger scheme of things, however, Google’s main argument about Microsoft could not be fully captured.
“The reality is that most high-profile attacks are the result of poor security practices rather than vulnerabilities in the office productivity suite,” Nere said.
He pointed to past incidents in 2015, such as breaches of the Federal Office of Personnel Management, attributed to “insufficient security monitoring to detect unusual activity in the network after attackers stole credentials from a government contractor”.
Meanwhile, the Equifax breach in 2017 was the result of “poor web server patching practice. The Solarwinds breach came after the attackers infected software updates for widely used IT applications in both government and civic organizations. The DNC breach was the result of a phishing attack, “Nere said.” And in the case of the Colonial Pipeline ransomware incident, the attackers used the fact that the company had a large number of open remote access ports accessible from the Internet. “
Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more about membership.