'Pentagon Weighs Microsoft Licensing Upgrades' - Axios

Author: Benzinga Newsdesk | May 17, 2024 12:30pm

https://www.axios.com/2024/05/17/pentagon-weighs-microsoft-licensing-upgrades

 

The Pentagon is looking at expanding its use of Microsoft software across all components starting next month, according to a draft memo obtained by Axios.

Why it matters: The tech upgrade is spurring concerns among competitor cybersecurity and software vendors interested in coveted defense contracts.

Zoom in: The Pentagon is pushing all department components to start upgrading to Microsoft's E5 licenses by June 3 to support its ongoing zero trust transition, according to the memo.

• The E5 license gives organizations access to Microsoft 365 Defender and other tools that help with insider risk management, identity protection and more.
• If the memo is published as-is, Department of Defense offices would have until June 2025 to complete the transition and install these new tools.

Catch up quick: The Pentagon has been working since 2022 to implement a new zero trust security strategy — which overhauls which employees have access to certain files and requires tougher identity verification tools — by the 2027 fiscal year.

• Pentagon CIO John Sherman told DefenseScoop last week that the department has held "very candid discussions" with Microsoft about its cybersecurity strategies after a data breach last year.

What they're saying: Timothy Gorman, a Pentagon spokesperson, told Axios that the Microsoft E5 upgrades are just "one solution in addition to many other integrated solutions" that DOD is implementing as part of the strategy.

• "There is a draft internal memo in coordination to clearly communicate our leadership's intent," he added.
• David McKeown, DOD's deputy CIO for cybersecurity, mentioned the planned upgrades during remarks at the RSA Conference's public-sector day last week, Gorman said.
• A Microsoft spokesperson said in a statement that its zero-trust platform "emphasizes proactive, integrated, and automated security measures," and it has capabilities for DOD's zero-trust plans.

The big picture: Ever since Microsoft uncovered a Chinese hack of some government officials' email inboxes last summer, tensions between parts of Washington and the tech giant have been high.

• A government advisory board released a report last month saying the attack was "preventable and should never have occurred."

 

• An aide for the House Homeland Security Committee told Axios on Wednesday that they're working with Microsoft to find a date for a potential hearing on the company's cybersecurity approach.
• Microsoft has also overhauled its internal cybersecurity strategies in response to the incident.

Yes, but: Industry groups are concerned that the Pentagon will open itself up to increased security flaws if it deepens its relationship with Microsoft.

• "It is concerning for any department to further entrench itself into Microsoft's ecosystem before the company has demonstrated that it has satisfied the recommendations of the [Cyber Safety Review Board] report," Ryan Triplette, executive director of the Coalition for Fair Software Licensing, told Axios.
• Triplette added that the E5 licenses come at a "significantly increased cost" and could limit other vendors' ability to compete for contracts or assist in any government security incidents.

The bottom line: Microsoft was already working with the department to help with the zero-trust transition, and typically draft guidance like this wouldn't receive as much scrutiny.

• But the proposed guidance comes as competitors and officials are hawkishly watching Microsoft's every move due to the high-profile attacks.

 

Posted In: MSFT SPY