Slashdot: Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data

Jul 25, 2025

—

Source URL: https://it.slashdot.org/story/25/07/25/1613250/microsoft-used-china-based-support-for-multiple-us-agencies-potentially-exposing-sensitive-data?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data

Feedly Summary:

AI Summary and Description: Yes

Summary: The text discusses Microsoft’s use of China-based engineering teams for maintaining cloud services for various U.S. federal departments, highlighting concerns over data security in sensitive environments. Following scrutiny, Microsoft plans to enhance security measures across their Government Community Cloud services.

Detailed Description:
The article highlights significant concerns regarding the security of federal data managed by Microsoft via the use of foreign engineering teams. Here are the key points of relevance:

– **Use of Foreign Engineering Teams**: Microsoft engaged China-based engineers to support the maintenance of cloud computing systems for federal departments like Justice, Treasury, and Commerce.
– **Sensitive Data Management**: The Government Community Cloud includes sensitive but unclassified information and is used for critical investigations by agencies such as the Justice Department and the EPA.
– **Security Measures**: Microsoft employed U.S.-based personnel termed “digital escorts” to oversee the work of foreign engineers, a strategy previously implemented for Pentagon contracts.
– **Policy Change**: In light of ProPublica’s reporting, Microsoft announced intentions to implement heightened security protocols for all government customers using their cloud services.
– **Competitor Stance**: Competing providers, including Amazon Web Services, Google, and Oracle, explicitly stated they do not utilize China-based support for federal contracts, emphasizing a strategic differentiation in approach to compliance and security.

This information is vital for security and compliance professionals as it reflects a broader concern about data sovereignty and the implications of outsourcing engineering support in sensitive environments. The situation calls for reassessment of vendor risk management practices and could lead to increased regulatory scrutiny regarding compliance and governance in cloud computing services.

1 2 3 5 7 a Act AI Amazon Amazon Web Services and app art as assessment at ated based based support by C CERN China CI class classified information Cloud cloud computing cloud service cloud services co Col commerce community compliance compliance and governance compliance professionals Computing computing systems concerns contract contracts critical cross Customer D data data management data security data sovereignty de differentiation digital DoT e end Engineer engineering engineering teams engineers environment exp federal contracts federal departments following for Foreign Engineers g Gen git Go Google governance government H high Highlight http HTTPS implications in information intent investigation investigations io Iron J Just Justice Department k Key l led Li Link low M maintenance man management management practices measures Micro Microsoft multi N no non o of on Oracle ory oS out outsourcing over Pentagon per point policy porting potential practices pre pro professionals ProPublica protocol protocols ps public R rate RCE re regulatory regulatory scrutiny report reporting Risk risk management risk management practices Ro RoT s sec security security and compliance security measure security measures security protocols sensitive data sensitive data management sensitive environments service services Sig source sourcing sovereignty SSE state STIG strategic Strategy support system systems T team Teams ted text the to Tor TP Treasury U.S. up US use V vendor vendor risk vendor risk management vendor risk management practices web web services Wi x z