A recent report by ProPublica highlights critical shortcomings in Microsoft’s cloud computing security, as assessed by federal government evaluators. The internal review, conducted in late 2024, found that Microsoft failed to provide adequate security documentation, leading to a lack of confidence in the system's security posture. One evaluator bluntly described the offering as a "pile of shit," emphasizing the frustration over Microsoft’s ongoing inability to transparently communicate how it safeguards sensitive information as it traverses various servers.
For businesses relying on cloud solutions, this revelation raises significant concerns about the security of their data and systems. Organizations must reassess their cloud strategies and consider the implications of utilizing platforms that may not meet rigorous security standards. This situation underscores the importance of thorough due diligence and transparency from cloud service providers, particularly in a landscape where cybersecurity threats are increasingly sophisticated. The findings also highlight the pressing need for enhanced regulatory oversight in the tech industry, as the security of cloud services is critical not only for individual businesses but also for the broader ecosystem in which they operate.
---
*Originally reported by [Schneier on Security](https://www.schneier.com/blog/archives/2026/04/on-microsofts-lousy-cloud-security.html)*