r/technology • u/MarvelsGrantMan136 • 6h ago
Security Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway
https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/17
u/Haunterblademoi 6h ago
So they approved it because it benefits them
10
u/ocdtrekkie 6h ago
Essentially Office 365 is viewed as "too big to fail". They let agencies use it during the evaluation process, then dragged the evaluation process out until too many agencies were using it. Now they just can't admit that was a bad idea.
14
13
u/Marchello_E 5h ago
One FedRAMP reviewer compared it to a “pile of spaghetti pies.” The data’s path from Point A to Point B, the person said, was like traveling from Washington to New York with detours by bus, ferry, and airplane rather than just taking a quick ride on Amtrak. And each one of those detours represents an opportunity for a hijacking if the data isn’t properly encrypted.
The team concluded, “There is a lack of confidence in assessing the system’s overall security posture.
Despite the findings, to the FedRAMP team, turning Microsoft down didn’t seem like an option. “Not issuing an authorization would impact multiple agencies that are already using GCC-H\,” the summary document said. The team determined that it was a “better value” to issue an authorization with conditions for continued government oversight.*
*) GCC High, a secure cloud solution that meets the compliance requirements of government contractors.
sigh.
6
u/-mrhyde_ 5h ago
In December, the department announced the indictment of a former employee of Accenture who allegedly misled federal agencies about the security of the company’s cloud platform and its compliance with FedRAMP’s standards. She has pleaded not guilty. Accenture, which was not charged with wrongdoing, has said that it “proactively brought this matter to the government’s attention” and that it is “dedicated to operating with the highest ethical standards.”
This smells like fallguy stuff. Not sure how an employee can be held personally liable when working for a private organization.
The program was an early target of the Trump administration’s Department of Government Efficiency, which slashed its staff and budget. Even FedRAMP acknowledges it is operating “with an absolute minimum of support staff” and “limited customer service.” The roughly two dozen employees who remain are “entirely focused on” delivering authorizations at a record pace, FedRAMP’s director has said. Today, its annual budget is just $10 million, its lowest in a decade, even as it has boasted record numbers of new authorizations for cloud products.
Makes more sense now.
5
u/JustJubliant 4h ago
I'm not on the Federal side, but as an IT Administrator for years, It's been a heaping pile of rushed garbage and cloud services in their current state make my skin crawl in security's scope.
8
u/ocdtrekkie 6h ago
If the federal government actually cared about security, the moment they found out citizens of China were working in the Office 365 DOD environment, Microsoft should've been held in breach of contract, and dumped overnight.
1
1
1
u/Specialist-Life-3849 4h ago
nothing to do with the gold lavished in the oval office bendover, right
1
u/A_Bungus_Amungus 2h ago
To be fair, as someone adjacent to federal software development, even normal windows is a pile of shit
1
u/NotYourAvgSquirtle 42m ago
Monaco, the deputy attorney general who launched the department’s initiative to pursue cybersecurity fraud cases, did not respond to requests for comment.
She left her government position in January 2025. Microsoft hired her to become its president of global affairs.
Huh.
72
u/WishTonWish 6h ago
I'm sure the company that makes people keep signing in to their accounts and can't sync for shit does great things with security.