Microsoft agreed to provide cloud security log features available to customers for free, after enduring days of withering criticism following the state-linked email hacks against 25 of its customers, including the U.S. State Department.
The Cybersecurity and Infrastructure Security Agency announced the partnership with Microsoft to provide access to the cloud logging features by default Wednesday.
The logs were considered a key component in detecting the recent attacks that Microsoft attributed to state-linked hackers affiliated with the People’s Republic of China. Federal officials have been highly critical of cloud companies and other organizations forcing their customers to pay additional money for important security features.
Sen. Ron Wyden, D-Ore., pounced on Microsoft after the attacks and told Cybersecurity Dive that the federal government needs to build security features as a standard into its contracts.
“Unfortunately, as Microsoft’s $15 billion-plus cybersecurity business grows, Microsoft’s incentives are not to deliver secure operating systems and cloud software to its customers, but to deliver insecure products and upsell them on cybersecurity add-ons,” Wyden said in an emailed statement. “It shouldn’t have taken multiple disastrous hacks of federal systems for Microsoft to make essential security features standard for government customers, but better late than never.”
During a background call with media last week after the State Department hacks were discovered, CISA officials said they would work with Microsoft and other companies to make sure the companies provide security by design, without the need to charge additional fees to customers.
The announcement that Microsoft would make the logs free came just a week later.
“Having access to key logging data is important to quickly mitigating cyber intrusions, like the recently identified incident affecting a federal agency’s Microsoft Exchange Online environment,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a blog post Wednesday.
While vendors can offer logging at specific cloud licensing levels, that makes it more difficult to investigate cyber intrusions, Goldstein said.
Microsoft Purview Audit Standard customers will now receive detailed email logs that were previously available only to premium subscription customers. Microsoft is also increasing the default retention period from 90 days to 180 days.
Microsoft has been under fire from competitors like CrowdStrike for years for running what the cybersecurity firm calls an anachronistic security operation.
“This latest compromise of U.S. and Western European government agencies once again amplifies the systemic risk of Microsoft’s technology, and the crisis of trust their customers face,” Adam Meyers, head of intelligence at CrowdStrike, said in a statement released on Thursday.
“Organizations need to invest in security, having one monolithic vendor that is responsible for all of your technology, products, services and security — can end in disaster," Meyers said. "There’s a reason federal leaders have been making a public push to pressure software makers to build products that are secure by design.”