Skip to content
Tech News
← Back to articles

Federal Cyber Experts Called Microsoft's Cloud "A Pile of Shit", yet Approved It

2026-03-18 | original
read original get Microsoft Azure Security Guide → more articles
Why This Matters

This article highlights significant concerns about the security and oversight of cloud services used by the U.S. government, revealing that even major providers like Microsoft face scrutiny and criticism. The findings underscore the ongoing challenges in ensuring the security of cloud infrastructure and the potential risks for both government agencies and consumers relying on these services. It emphasizes the need for stricter vetting processes and transparency in cloud security evaluations.

Key Takeaways

ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published.

Reporting Highlights “Cloud First”: To move federal agencies to the cloud, the government created a program known as FedRAMP, whose job was to ensure the security of new technology.

To move federal agencies to the cloud, the government created a program known as FedRAMP, whose job was to ensure the security of new technology. Security Breakdown: ProPublica found that FedRAMP authorized a Microsoft product called GCC High to handle sensitive government data, despite years of concerns about its security.

ProPublica found that FedRAMP authorized a Microsoft product called GCC High to handle sensitive government data, despite years of concerns about its security. Potential Conflict of Interest: The government relies, in part, on third-party firms to vet cloud technology, but those firms are hired and paid by the company being assessed. These highlights were written by the reporters and editors who worked on this story.

In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings.

The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica.

Or, as one member of the team put it: “The package is a pile of shit.”

For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security.

Such judgments would be damning for any company seeking to sell its wares to the U.S. government, but it should have been particularly devastating for Microsoft. The tech giant’s products had been at the heart of two major cybersecurity attacks against the U.S. in three years. In one, Russian hackers exploited a weakness to steal sensitive data from a number of federal agencies, including the National Nuclear Security Administration. In the other, Chinese hackers infiltrated the email accounts of a Cabinet member and other senior government officials.

The federal government could be further exposed if it couldn’t verify the cybersecurity of Microsoft’s Government Community Cloud High, a suite of cloud-based services intended to safeguard some of the nation’s most sensitive information.

... continue reading

Explore topics: microsoft fedramp gcc high cloud computing cybersecurity
Related:
Microsoft will finally let you turn off Quick Resume for individual games
Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway
You won’t be able to log into SwiftKey with your Google account for much longer
North Korean's 100k fake IT workers net $500M a year for Kim
Microsoft hires the team of Sequoia-backed AI collaboration platform, Cove

© 2026 GoKawiil

About | Editorial Policy | Contact