Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.

A ProPublica report reveals that FedRAMP, the federal program ensuring the security of cloud technology, authorized Microsoft's GCC High cloud product despite serious internal concerns about its security. Federal cybersecurity evaluators found Microsoft's security documentation lacking, hindering their ability to assess the system's overall security. This authorization occurred despite Microsoft products being central to recent major cyberattacks against the U.S. government. FedRAMP's approval of GCC High, intended to safeguard sensitive government information, included a warning to agencies about potential risks. The report also highlights potential conflicts of interest, as third-party firms vetting the technology are hired and paid by the companies being assessed.

Explore how the topics in this article connect to other news stories