Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway

submitted by
he/him

arstechnica.com/information-technology/2026/03/…

FedRAMP first raised questions about GCC High’s security in 2020 and asked Microsoft to provide detailed diagrams explaining its encryption practices. But when the company produced what FedRAMP considered to be only partial information in fits and starts, program officials did not reject Microsoft’s application. Instead, they repeatedly pulled punches and allowed the review to drag out for the better part of five years. And because federal agencies were allowed to deploy the product during the review, GCC High spread across the government as well as the defense industry. By late 2024, FedRAMP reviewers concluded that they had little choice but to authorize the technology - not because their questions had been answered or their review was complete, but largely on the grounds that Microsoft’s product was already being used across Washington.

5
129
2

Log in to comment

Hot Top New Old
edited

By early 2020, Melinda Rogers, Justice’s deputy chief information officer, made the decision official and soon deployed GCC High across the department. … Rogers, who was hired by Microsoft in 2025

Deputy Attorney General Lisa Monaco said the department would use the False Claims Act to pursue government contractors “when they fail to follow required cybersecurity standards—because we know that puts all of us at risk.” … There is no public indication that such a case has been brought against Microsoft or anyone involved in the GCC High authorization. The Justice Department declined to comment. Monaco,…did not respond to requests for comment. She left her government position in January 2025. Microsoft hired her to become its president of global affairs.

This shouldn’t be fucking legal.

 reply
5

Comments in Technology@lemmy.ml

“it’s a pile of shit, we love it!”

 reply
3

Comments in Technology@lemmy.zip

LOL! That’s exactly what I call Microsoft products! It’s just a big steaming pile of shit.

So many things stay broken from one version to another. So many “fixes” related to stealing our data or monitoring what we do or charging us more. Yeah, its a pile of shit.

 reply
3
Insert image