Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway

One Microsoft product was approved despite years of concerns about its security.

See full article...

 

[Maton]

Nobody seems to have much of an idea of why it's so important we move to the cloud.

Cloud is hip and cool to the c-suite people that don't know anything about tech. I've seen a move from on-prem to Office 365 increase the yearly spend 5x-10x with little actual benefit to functionality. Management doesn't care because "cloud is cool". And the help desk gets to deal with Office 365's aggressive license validation regularly kicking people out of the applications. The frog is cooked now. When Windows XP came out they said "you'll never even notice" the activation. Now it's in your face all of the time.

 

[platypusjh]

SWIFT (banking messaging for transactions etc.) still uses a character set for tickers. Actual tickers through telegraph lines that made "tick tick" when printing characters on tapes, of ticker tape parades fame. It predates ANSI encoding by decades. UTF-8, forget it.

You sent me down a fascinating rabbit hole with this one.

Fun fact: The "X character set" you are referring to, which the SWIFT MT relies on, was finally retired in November, four months ago this week. They actually did switch to UTF-8.

Must. Go. To. Bed...

 

[sciccoso]

I'm not surprised that "cloud" is more expensive long term, but don't forget to also include the cost of replacing all the on-prem gear every 5 years or so, including the cost of the upgrade process and any parallel run during replacement. Replacing that "lumpy" budget with a relatively smooth & predictable monthly bill is part of the attraction.

Exactly. If they reached cost parity in five years, they did it properly; that's the moment when all your hardware is due for replacement anyway and that's a pain you avoid with the cloud service.

Now, I've seen cloud services cost more than "equivalent" hardware after one year. That's another thing... And some companies will still prefer it for a number of reasons.

 

[arsisloam]

Microsoft has a iron grip on many governments worldwide, not just USA. Most now are Windows + Outlook Online + Teams + SharePoint and all the half baked 'features' they tout like Power Automate and Apps. To the point that it would be difficult and almost disastrous to change any part of that chain.

Power Apps is arguably the most usable rapid prototyping web framework since the demise of Macromedia Flex.

Agree that most of everything else they make is garbage. So many limitations of SPO are because of reasons that have nothing to do with customers; no leading wildcard for list search, 5000 item limit, and 4 character minimum search all spring to mind.

 

[Hap]

I wonder if part of the problem is that too many people (though it certainly SHOULDN'T apply to the people qualifying software for fedRAMP) figure CUI = Unclassified = no big deal.

People mishandling CUI is already pretty routine, so I'm sure some people figure hey why the focus on a secure service if the PM is just going to email this stuff in the clear anyways? (I know there are many answers to that, that's just my hypothetical person's thought)

Our CyberSecurity monitors our outgoing/incoming email (obviously most autonomously), and anything going in/out that is not encrypted gets elevated review. While it's not possible to actually review everything to see if contains Controlled Unclassified Information (CUI), if you properly mark it - it will land you in hot water because then they WILL review the email. If you don't properly mark it and get caught - you get counseled/warned (it is not classified, so not elevated to an infraction) and multiple warnings does not end well. In addition, in my last role, we received multiple contracts letters from the government customer about award fee impacts from some people not encrypting CUI emails.

One of the programs I'm working on now has additional CUI requirements - especially related to M365 (i.e. no SPO despite it being approved for CUI).

Speaking of government security. I worked on a program where DCSA (government agency monitoring government contractor classified IT) and DISA (government agency monitoring government classified IT) both had jurisdiction over the classified IT systems being used. DCSA would mandate a certain safeguard, and DISA would mandate we had to remove it. They also would NOT talk to each other. At one point their conflicting direction locked us out of our own Domain Controller. No one could log in on the entire network. IT worked around the clock and built a new DC in about 24 hours.

 

[Hammer_Thyme]

raises hand

In an effort to reduce upcoming CapEx on a datacenter hardware refresh, leadership wanted to see a cloud costs projection. I provided a 3 year look ahead and comparison of CapEx to OpEx.

The suits took the cloud proposal and here I am, looking at the OpEx boatracing the CapEx after year 5. Just absolutely smashing it.

All while still waiting for a US-West pairing for shared disks DR.

Could you explain this like I'm 5?

 

[henryhbk]

I'm sure that I'm not the only person for whom this style of posting is close to gibberish. CapEx and OpEx I parse with some confidence to Capital Expenditures and Operating Expenditures. Even if I'm correct, I'm still not sure what the first two paragraphs are actually saying. And "boatracing"??

And the last sentence is absolutely meaningless to anyone outside whatever specific area of tech you work in.

That last sentence either has to do with Disaster Recovery or the Dominican Republic?

 

[close]

So the techie said "shit" but the suit said "done"? Color me surprised.

 

[close]

I'm sure that I'm not the only person for whom this style of posting is close to gibberish. CapEx and OpEx I parse with some confidence to Capital Expenditures and Operating Expenditures. Even if I'm correct, I'm still not sure what the first two paragraphs are actually saying. And "boatracing"??

And the last sentence is absolutely meaningless to anyone outside whatever specific area of tech you work in.

It's a full article touching on purchasing a cloud solution so some familiarity with terminology like CapEx and OpEx is assumed by commenters. OP means they calculated that it's cheaper to pay for service than the usual investment in buying/owning the solution with a 3 year horizon. Math checked out, over 3 years it's cheaper to just "rent" (buy a service). On a 5 year horizon though it's already neck and neck or very close race where paying for service is starting to be more expensive than buying and operating your service outright.

 

[Jeff S]

"celebrating the milestone with a meme of Leonardo DiCaprio in “The Wolf of Wall Street.”"

I wonder if this Microsoft manager understands that, contextually, Leo's character was a conman who was ripping people off?

It does seem very appropriate though. . .

 

[solomonrex]

I'm willing to blame a lot of things on Trump, but I don't think the Jesus Christ administration could have kept Microsoft cloud services from infesting the US federal government. It's structurally really hard for any organization to resist a multi-year sales push from an already dominant vendor that systematically takes advantage of weaknesses in the system.

When they were caught using Chinese IT on DoD systems, a few Congressional hearings and ritual firings at Microsoft would have been progress. They aren't doing the bare minimum for the military that supposedly everyone supports and we pay through the nose for.

We have a carrier without working toilets and now beds, we have Chinese spying on our cloud, literally hired by the vendor, we have a bombing campaign started by a foreign nation wrecking our own economy. What's left?

 

[pjcamp]

Rick Wakeman?

 

[graylshaped]

When they were caught using Chinese IT on DoD systems, a few Congressional hearings and ritual firings at Microsoft would have been progress. They aren't doing the bare minimum for the military that supposedly everyone supports and we pay through the nose for.

We have a carrier without working toilets and now beds, we have Chinese spying on our cloud, literally hired by the vendor, we have a bombing campaign started by a foreign nation wrecking our own economy. What's left?

A baseball lockout.

Oh, that's scheduled for next year.

 

[BruceTheHoon]

That sounds like the outcome of any modern IT evaluation for a necessary system. It's crap but we need it.

Nice nickname!

 

[Troglodytes troglodytes indigenus]

And to either of you:
Do operating expenditures include the calibre of staffing needed to maintain the level of security that a cloud provider can presumably offer? ...

I thought the point of all this was what they don't offer.

 

[bpontius]

Read about half the article, just a convoluted rationalization for using Microsoft anyways!!

 

[Vaevix]

You sent me down a fascinating rabbit hole with this one.

Fun fact: The "X character set" you are referring to, which the SWIFT MT relies on, was finally retired in November, four months ago this week. They actually did switch to UTF-8.

Must. Go. To. Bed...

Good to know, that was at the beginning of my career (I even sometimes had to write or correct them by hand when something went awry). I think the last teletype was retired something like ten years ago in a central bank in Africa. So, it makes sense that they moved to a more modern character set. Thanks for the info.

Joke at the office was that we could create a company called "Goldman Sex" in Andorra and wire ourselves 50 million in bonds and hope it'd go through. 20-something with powerful tools tend to joke like that.

 

[BruceTheLoon]

Nice nickname!

Adopted it in 2002 when I went to Canada for a holiday and took the national bird.

Do I detect you're from the land down under, where women glow and men chunder?