Article Details

Google takes shots at Microsoft for shoddy security record with enterprise apps. Also, feds who switch to Google Workspace for 3 years get an extra year for free. Google has taken a victory lap in the wake of high-profile security breaches in Microsoft software, and says firms should ditch Exchange and OneDrive for Gmail and Google Drive. Google's arguments are laid out in a white paper [PDF] released today titled "A more secure alternative," which takes 14 pages to outline everything wrong with Microsoft's approach to security according to the search giant. It largely relies on the findings of the Cyber Safety Review Board (CSRB), which last month detailed Microsoft's handling of the June 2023 attack on Exchange Online. The CSRB was not impressed, criticizing the company's lack of knowledge on how the China-backed Storm-0558 attackers were able to obtain the key that made the breach possible, or why a key created in 2016 would still be valid seven years later. Google also brings up the Cybersecurity and Infrastructure Security Agency's (CISA) report on a separate attack committed in November by Midnight Blizzard. Google Cloud blunder sinks Australian fund for a week In fact, for the most part the ad biz just let CSRB and CISA do the talking, quoting and citing the CSRB's report on the June 2023 breach a total of 16 times. When it had comments of its own, Google, which itself accidentally deleted an Australian pension fund's cloud subscription earlier this month, didn't feel the need to pull its punches, speaking of "Microsoft's ongoing security struggles," and saying "Microsoft is unable to keep their systems and therefore their customers' data safe." Aside from not knowing about how Storm-0558 obtained the key used in the attack, Google also criticizes Microsoft's security priorities and inaccurate public statements, such as the theory that the key came from a hypothetical crash dump, which was later discounted by Microsoft itself in March. One company's breach is another's advertising opportunity Google Workspace weaknesses allow plaintext password theft Of course, Google isn't kicking its rival while it's down just for fun, and is taking the opportunity to boost its competing enterprise software. The second half of the paper details, in Google's view, what makes Workspace better than Microsoft's ecosystem. Google highlighted the CSRB paper pointing out Google's cybersecurity practices as an example of what Microsoft should have done in the first place. The CSRB praised how Google rotated its keys and shortened the length they were valid for, and of course the search giant dedicated a full page to this. The whitepaper even takes advantage of the 2009 breach Google experienced as part of Operation Aurora, and uses it to illustrate how the tech giant used it as a change to fix security issues. Accompanying the white paper is a pair of blog posts that were also published today. These blog posts mercifully don't mention Microsoft by name, though there's still plenty of talk about Workspace's apparently superior security. To try to snag some of Microsoft's customers, which Google pointed out to The Register represented 85 percent of the US public sector in 2021, the company is launching a new promotion. Agencies employing at least 500 workers can get their Workspace Enterprise Plus plan discounted and obtain an extra year for free if they sign up for a three year contract. While this is all fine in the moment, Google's bragging about its amazing security certainly does raise the stakes if it too falls victim to a successful cyber attack.