Microsoft has had numerous high-profile cybersecurity breaches over the past few years, and Google is taking aim at Microsoft’s customer base by featuring its security measures in a new white paper, "A More Secure Alternative.”
The white paper details the findings of a report from the Department of Homeland Security’s Cyber Safety Review Board (CSRB). The CSRB found that repeated security breaches against the government were due to a cascade of security failures at Microsoft, as well as a corporate culture that deprioritized cybersecurity.
A brief overview of the recent profiled attacks
The two attacks which the white paper references are:
Summer of 2023 - Storm-0558 attack
This attack by the China-based Storm-0558 group compromised senior American and United Kingdom government official accounts, including those of 22 organizations, over 500 individuals, and tens of thousands of emails. The CSRB report was written in response to this attack.
More details can be found here and in the CSRB report.
November 2023 - Midnight Blizzard
State-sponsored cyber actor Midnight Blizzard “exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft through a successful compromise of Microsoft corporate email accounts.” This triggered Emergency Directive ED 24-02 from the Cybersecurity and Infrastructure Cybersecurity Agency (CISA).
Microsoft's Vulnerability in Government and the Strength of Google Workspace
The majority of government workers, who were a primary target for most of these attacks, use Microsoft products. In a 2022 survey conducted by Google, 84% of metro Washington, D.C. employees used Microsoft products. That data was expanded on by a wider survey from Omdia, which found 85% of all federal government employees used Microsoft productivity software in 2022.
Outside of the government environment, Google Workspace has a leading market share over Microsoft in the business sector—largely due to its ease of use, more comprehensive billing, and cybersecurity protection.
This does not mean bad actors chose Microsoft products to attack because the government is more likely to use them. Typically, bad actors will engage in attacks against products from multiple vendors to gain information from targets of interest. What it does mean is that the attacks were not as successful with Google products.
Will the cybersecurity incidents lead to a switch in products?
The recent cyber breaches are just the tip of the security iceberg that the government needs to address. Legacy software entrenchment in government is endemic, as can be seen in this chart of legacy software use in its various departments and the corresponding security risk within each department.
In many of those cases, legacy software is being used because it was custom built for a specific purpose, and it would be tough to find a new, more secure solution that would do the same job. Productivity suites do not have this issue - everything that can be done in Microsoft Office can be done in Google Workspace.
A switch from Microsoft to Google would also reduce the chances of a bad actor gaining entry to other software products due to the security of Gmail. In this blog, Google goes into detail about how most compromises of any product begin with phishing emails. The danger is not just that a bad actor gets into your productivity suite, it is that it will use the information it finds there to spread out through your information architecture like an octopus, grabbing data from all of your solutions.
Google is using this opportunity to win over the government’s business, with special pricing being made available on Google products for larger organizations, including Google Workspace Enterprise Plus. These offers are not just available to government clients, but to all enterprise-level accounts.
Google’s rationale for its better security
Besides a culture of security and transparency, Google takes a number of other measures publicly and privately to ensure the safety of customer data. The first line of defense is Gmail, which uses cutting-edge threat signals and AI defenses to block 99.9% of spam, phishing attempts, and malware.
Additionally, Google argues that cloud-based Gmail is superior to legacy email solutions with desktop-based email apps since eliminating these reduces the size of an organization’s attack surface. Users of legacy email solutions are 2-3 times more likely to file cyber insurance claims compared to Google Workspace users.
The same logic extends to Google Workspace, which only stores data in the cloud, making it easier to protect with enterprise security controls. Client-side encryption is also available to further protect email and Google Workspace files.
Of course, there is also the fact that Google has not been infiltrated to the same extent that Microsoft has over the past decade. While there certainly have been incidents, such as the 2009 Operation Aurora attack, the white paper describes how Google used the learning from that attack to reinforce and strengthen its infrastructure to prevent further attacks. Operation Aurora was conducted by the Storm-0558 group, the same one which infiltrated the government through Microsoft products in the summer of 2023, giving Google a blueprint to follow for designing a system that would repel similar attacks.
Any organization, governmental or otherwise, can benefit from switching to Google Workspace. While the security arguments are very strong, Google Workspace also offers better collaboration both internally and with clients, as well as Gemini for Business, its AI solution for Google Workspace. UpCurve Cloud has been a leading Google Partner for many years, and has helped organizations from all sectors, including government, to easily migrate to Google products. Let us help you - contact us to find out more.
Contact Us to Learn More about Transforming Your Business