
I am not a Microsoft or Amazon fanboy. In fact, the idea of blindly supporting or defending a multibillion-dollar corporation for anything is nothing short of moronic. These companies don't care about you, they don't care about your business, they care about one thing: getting your money. It is rare that I read a story about Amazon or Microsoft and say, "Oh, good for them." But the news last month about Amazon halting its rollout of Office 365—a contract worth a billion dollars over the next several years—on security grounds made me happy.
For context, Amazon had committed to moving over to Microsoft’s Office 365 platform in a massive contract. However, following revelations about security risks, including potential Russian vulnerabilities in Microsoft’s software and concerns over Office 365’s ability to properly safeguard sensitive data, Amazon made the bold decision to hit the brakes. In a world where major corporations often barrel forward, prioritizing profits and vendor relationships over actual security, this was a refreshing and commendable move.
The trigger for Amazon’s decision? Several recent high-profile security breaches that have exposed the fragility of some of Microsoft’s tools. One such incident involved vulnerabilities that allowed unauthorized access to sensitive information. Amazon, recognizing the potential risks to its own infrastructure and data, opted to prioritize security over convenience. While they’re certainly no saints, this decision stands out in an industry that’s often characterized by reactive, rather than proactive, approaches to security.
The challenges with Office 365 security are not new. Microsoft’s platform is a mixed bag—capable, powerful, but notoriously difficult to secure properly. One of the most significant complaints from security professionals is how Microsoft handles logs. These logs are crucial for identifying breaches and understanding how attackers gained access to systems. Unfortunately, Microsoft doesn’t make it easy. Logs are limited in retention, difficult to read, and often require additional costly licensing to access fully. For companies relying on Office 365, this creates a critical blind spot. Imagine discovering a breach only to find that the logs you need to investigate what happened are inaccessible or have already been purged. It’s a nightmare scenario that’s far too common.
Amazon’s decision to pause its rollout sends a strong message: security isn’t optional, even for the largest players. By publicly prioritizing security concerns, Amazon is putting pressure on Microsoft to address the gaps in its platform. Will Microsoft respond? Only time will tell. But one thing is certain: more companies need to follow Amazon’s lead and take a hard look at the tools they’re relying on to safeguard their operations.
Securing Office 365 is not an easy task. For businesses, it requires layered defenses, dedicated monitoring, and often, third-party tools to make up for the platform’s shortcomings. Microsoft may provide the tools, but they certainly don’t make it easy to use them effectively. If your organization is relying solely on Microsoft’s built-in features to protect your data, you’re playing a dangerous game.
At 256 Solutions, we’ve seen firsthand the challenges businesses face with Office 365 security. It’s why we always advocate for proactive monitoring, robust logging solutions, and a thorough understanding of how to mitigate risks. Whether you’re an Amazon-sized enterprise or a smaller business, the principles remain the same: don’t take security for granted. Make sure you have the right tools, processes, and expertise in place to protect your data before it’s too late.
Amazon’s pause on this billion-dollar deal is a reminder that even the largest corporations must take cybersecurity seriously. It’s also a warning for anyone using Office 365: take the time to evaluate your security posture. Because if you’re waiting until after a breach to figure out how to secure your systems, you’re already too late.
Governments also have a critical role to play in pushing for these types of security changes. Office 365 is used by governments and businesses all around the world, and securing one of the world’s most important cloud services providers makes us all safer. Failing to do so, however, could lead to incalculable levels of loss. When global infrastructure, sensitive information, and national security are at stake, we cannot afford to accept anything less than the highest standards of cybersecurity. It’s not just about protecting individual organizations—it’s about safeguarding the interconnected systems that underpin our modern world.
Comments