May 28, 2024 - Technology

Microsoft mobilizes to regain government trust

Illustration of a close up of the Microsoft logo with a scale in the middle casting a shadow

Illustration: Sarah Grillo/Axios

Microsoft has been actively briefing federal government IT and security leaders on its new plan to revamp its internal cybersecurity practices.

Why it matters: Microsoft is facing pushback in Washington among lawmakers and federal offices following a China hack last summer that exposed top officials' internal emails.

Zoom in: Steve Faehl, chief technology officer for Microsoft's federal security business, told a small group of reporters last week that he's been meeting with federal agencies' security teams to brief them on the company's new cybersecurity strategy.

  • The strategy—an expansion of Microsoft's Secure Future Initiative that launched in November—incentivizes company executives and employees to prioritize cybersecurity when designing products.
  • Microsoft has met with CIOs, CISOs, threat intelligence teams and directors of security operations centers at federal agencies.

Driving the news: Microsoft president Brad Smith will testify next month before the House Homeland Security Committee about the new internal strategy and last summer's China hack.

  • A government advisory board has said the hack was "preventable and should never have occurred."

Between the lines: Many of the goals laid out in the new initiative line up with recommendations in the advisory board's report — and Microsoft is likely to point to this ongoing work in other conversations across Washington as it does damage control.

Inside the room: Faehl told reporters that one of the top questions agency security leaders have after he presents the company's plans is, "Is this real?"

  • In response, Faehl said, his team points to the goals it has either already completed or has started to make progress on — showcasing that the company is taking these new promises seriously.
  • Once that message sinks in, many agencies have also started asking Microsoft for tips on how they can implement a similar cyber strategy in their own workplaces, Faehl said.

What they're saying: "They understand that the norms have changed and that things are different and that Microsoft is mounting a significant security effort," Faehl said about the federal agency meetings.

  • "Getting more certainty around what that effort is is the focus of the majority of those conversations."

The big picture: Microsoft is up against competitors who are eager to bite into the tech giant's dominance in government services.

  • Last week, Google released a white paper and blog post scrutinizing Microsoft's cyber practices.
  • The company even started offering a discount for some of its services to government customers looking to move away from Microsoft.
  • Other competitors have also taken jabs: Both CrowdStrike and Trellix have pages on their sites aimed at luring in Microsoft customers.

Yes, but: Microsoft isn't interested in taking the bait from competitors.

  • "We don't see companies with alternative solutions, such as [cloud-service providers] and security vendors, as the competition," Faehl said. "We know that the U.S. government is a target — we are a target, as a result — and we are looking for partnerships to address those threats."
Go deeper