A Google survey of federal, state or local government employees revealed a heavy reliance on Microsoft products and expectations of cyberattacks.
Government procurement practices should stop defaulting to the easy solution—entrenched Microsoft products—and start prioritizing user demand—for competing Google services—to bolster security, according to a former high-ranking Cybersecurity and Infrastructure Security Agency official describing the results of a survey of workers in and out of government.
“At Google Cloud, we believe it’s time for more diversity and choice in the tools available for our civil servants across the nation—70% of whom use Gmail outside of work, according to our survey,” Jeanette Manfra, Google’s senior director of global risk and compliance wrote in a company blog Thursday. “Government workers have the right to benefit from the same flexible, secure-by-design tools at the office that they use in their personal lives.”
Google’s survey polled 2,600 U.S. workers, 600 of which were from the D.C. metro area and 338 of which were federal, state or local government employees. The top line results from the survey clearly established the respondents were both expectant of cyberattacks and that they used Microsoft products and services.
But Google itself noted the “workers are pretty divided on whether the federal government’s reliance on Microsoft makes it more or less vulnerable to hacking or a cyberattack.” Nationwide, including in D.C., the difference between “yes” and “no” responses was slight, with 51% asserting a connection. Government employees did correlate an increase in vulnerability to a cyberattack to use of Microsoft products in greater numbers, with 60% saying there is a connection.
“Public Opinion Strategies survey found that more than half of all respondents said that the government’s reliance on these Microsoft products actually made the federal government more vulnerable to hacking or cyberattacks,” Manfra, who moved to Google at the end of 2019 after leading CISA's cybersecurity division, wrote.
Citing a separate research survey from Omdia, Manfra said procurement practices “often are more about making things easier for IT vs. choosing what employees feel would be the best solution.” Only 27% of officials surveyed by Omdia were guided by “user demand,” she said.
Reached for comment, Microsoft shared positive reviews of its security products from Gartner and Forrester and recent reporting that suggests spurious positioning by its rivals in Washington.
“It’s disappointing but not surprising to see this tactic on the heels of Google’s lobbying campaign misrepresenting small businesses,” Microsoft Corporate Vice President of Communications Frank Shaw told Nextgov. “It is also unhelpful to create divisions in the security community at a time when we should all be working together on heightened alert.”