❌

Reading view

There are new articles available, click to refresh the page.

The FTC is investigating Microsoft for anticompetitive practices, some of which may have been directed at the government itself

Microsoft store sign
The FTC is investigating Microsoft for anticompetitive practices.

NurPhoto/Getty Images

  • Microsoft's deals with the government may have breached antitrust laws, ProPublica reported.
  • In 2021, Microsoft pledged $150 billion to the government over five years to upgrade its security.
  • The deal included licensing agreements that may deter customers from switching to competitors.

Lina Khan, chair of the Federal Trade Commission, said her agency plans to investigate Microsoft for anticompetitive practices in the cloud market.

A recentΒ reportΒ from ProPublica found that the government itself might also have been a target of those anticompetitive practices.

In the summer of 2021 β€” a little more than a year after news broke that the SolarWinds hack breached several government agencies β€” Microsoft pledged to give the government $150 billion over the coming five years to upgrade its digital security.

Typically, the federal government needs to obtain services through a competitive bidding process, but the deal terms were hard to pass up. Microsoft offered the government access to its G5 security capabilities free for the first year as well as consultants to help install the products, ProPublica reported.

The catch was that once an agency committed to Microsoft's services they were essentially tied to them. Microsoft imposed steep fees on customers who wanted to shift to a competitor. The goal was to "spin the meter" for Azure and help it gain market dominance over its competitor, Amazon, a sales representative for Microsoft told ProPublica.

Some legal experts view the deal as venturing into murky antitrust territory, particularly regarding laws against gratuitous service agreements. These allow the federal government to receive services from other parties as long as no compensation is involved. However, legal expert James Nagle, who specializes in the federal contracting process, told ProPublica, "This is not truly gratuitous. There's another agenda in the works."

Others say the blame should fall solely on the federal government.

"What Microsoft did does not count as an illegal monopoly because the government could have switched to a different vendor," Peter Cohan, associate professor of practice in management at Babson College, told Business Insider by email.

"Arguably, the government should have put the cybersecurity contract out for bid to other rivals rather than signing up for G5 after receiving the free consulting services from Microsoft. It is possible that other cybersecurity companies could have bid to cover some or all the government's cost to switch from Microsoft to another vendor, which might have charged the government less than G5 rates."

Microsoft did not immediately respond to a request for comment from Business Insider.

Steve Faehl, the company's security leader for federal business, said in a statement to ProPublica that the company's "sole goal during this period was to support an urgent request by the Administration to enhance the security posture of federal agencies who were continuously being targeted by sophisticated nation-state threat actors."

Read the original article on Business Insider

Microsoft CEO Satya Nadella says the company needs a 'culture change' after security failures

Satya Nadella Microsoft Build
Microsoft CEO Satya Nadella discussed the company's security challenges in a recent interview.

Microsoft

  • Microsoft CEO Satya Nadella called for a culture change amid the company's security challenges.
  • The company has contended with the global CrowdStrike outage and vulnerability to Chinese hacks.
  • Microsoft has accepted responsibility for security flaws, acknowledging breaches by hackers.

Microsoft, the world's largest software maker, doesn't have the best track record regarding security.

Microsoft CEO Satya Nadella says the company needs to change that. "That's what will be culture change," he said in a recent Wired interview.

Microsoft has faced a series of high-profile cybersecurity challenges over the past year.

In July, the company was at the center of a global IT outage caused by a faulty update from cybersecurity firm CrowdStrike. In March, a report from the US Department of Homeland Security flagged Microsoft's security systems as inadequate and called for an "overhaul," noting that the company was particularly vulnerable to attacks from a Chinese hacking group called Storm-0588.

Brad Smith, vice chair and president of Microsoft, acknowledged these flaws in a written statement to the Department of Homeland Security in June. "Before I say anything else, I think it's especially important for me to say that Microsoft accepts responsibility for each and every one of the issues cited in the CSRB's report," he wrote.

Earlier in the year, Microsoft said that its systems had also been compromised by the Russian hacking group Midnight Blizzard, which accessed a "very small percentage" of corporate email accounts. This group was also responsible for the 2020 attack on SolarWinds, a major IT firm that counts Microsoft as one of its primary clients.

Since taking the helm in 2014, Nadella has been known for leading empathetically and emphasizing that change wouldn't come from blaming employees. "This is not about a witch hunt internally at Microsoft," he told Wired. However, he said that "perverse incentives" often lead companies to prioritize product development over securing existing products.

That mindset may have played a role in the SolarWinds attack. A ProPublica report in June found that Microsoft knowingly hid a security flaw in one of its services to avoid jeopardizing its chances of securing government investment in its cloud business. The flaw was later exploited by the Russian hackers behind the attack.

Microsoft did not immediately respond to a request for comment from Business Insider.

Read the original article on Business Insider

❌