Google is pouncing on Microsoft’s weathered enterprise security reputation by pitching its services to government institutions. Pointing to a recent report from the US Cyber Safety Review Board (CSRB) that found that Microsoft’s security woes are the result of the company “deprioritizing” enterprise security, Google says it can help.
The company’s pitch isn’t quite as direct as Microsoft CEO Satya Nadella saying he made Google dance, but it’s spicy all the same. Repeatedly referring to Microsoft as “the vendor” throughout its blog post on Monday, Google says the CSRB “showed that lack of a strong commitment to security creates preventable errors and serious breaches.” Platforms, it added, “have a responsibility” to hold to strong security practices. And of course, who is more responsible than Google?
The company recommends that governments use “systems and products that are secure-by-design” (using new principles it recently committed to) and that public sector entities regularly subject their tech products and services to security recertification. More pointedly, Google says governments should avoid “using the same vendor for operating systems, email, office software, and security tooling.” Microsoft, of course, provides all of that and more to its massive base of enterprise customers.
Microsoft is concerned and trying to win back trust. It isn’t clear what it will do to that end, but Nadella has urged employees to “do security” whenever they’re faced with a choice between that or other priorities, which seems like a good start.