Amazon delays Microsoft 365 rollout over security concerns
Amazon has postponed the launch of Microsoft 365, the cloud-based Office suite, by a year due to security concerns.Although the two companies agreed to provide Microsoft 365 to Amazon employees last year, Bloomberg reports that Amazon has traditionally used locally installed versions of Office software on its servers.
Amazon halted the rollout of Microsoft 365 after a Russian-linked hacker group gained access to some of its employees' email accounts.
Following that, Amazon requested changes to the software to improve security, such as better safeguards against unauthorized access and more detailed tracking of user activity.
We dug deep into O365 and all of its controls, and we held them to the same standards as any of Amazon's service teams," said CJ Moses, Amazon's chief information security officer.
Moses' team gave Microsoft's security chief, Charlie Bell, a list of requested enhancements. Bell, a former Amazon engineering executive, has led engineers from both companies to collaborate for months on these changes to improve Microsoft 365 security.
"We believe we're in a good place to start redeployment next year," Moses said in an interview at Amazon Web Services' re:Invent conference last week.
Amazon has committed $1 billion over five years to purchase Microsoft 365 for its 1.5 million employees, making it one of the largest buyers of Microsoft's cloud productivity suite.
However, last fall, a hacking group known as Midnight Blizzard broke into some of Microsoft's corporate systems. In January, Microsoft revealed that the group gained access to a "small number" of employee email accounts, including those of senior executives and key cybersecurity and legal personnel.
This breach, among others, prompted CEO Satya Nadella to prioritize security at Microsoft.
Moses earlier this year advised Amazon's security chief, Steve Schmidt, and CEO Andy Jassy to halt the rollout of Microsoft 365.
"At that time still, Microsoft wasn't able to tell us if they had gotten the [hackers] out of their environment," says Moses.
Amazon's requests included changes to ensure that tools could verify user authorization and track actions within apps, allowing Amazon's automated systems to detect security threats. Microsoft 365, which combines previously separate products, used various authentication and user tracking protocols, some of which did not meet Amazon's security requirements.
Leave A Comment