Microsoft is under fire from US officials who are criticizing the company for charging more for improved security.
A recent security incident has raised uncomfortable questions about cloud security and whether companies should charge more for premium features. The incident involves Chinese hackers gaining access to US government email accounts as a result of a vulnerability in Microsoft’s cloud services.
Unfortunately for many users, however, US officials were only able to discover the breach because the government is enrolled in Microsoft’s highest-tier cloud option, giving officials to the logging tools that led to the discovery. Lower-tier Microsoft 365 plans do not have access to similar tools, according to The Wall Street Journal.
US officials are criticizing Microsoft for putting such important security tools behind a paywall since many Microsoft 365 customers would have had no way of knowing if they had been similarly breached.
“Every organization using a technology service like Microsoft 365 should have access to logging and other security data out of the box to reasonably detect malicious cyber activity,” a senior CISA official said Wednesday.
The incident raises important questions about Microsoft’s business model. As GeekWire highlights, Microsoft CEO Satya Nadella has touted the company’s security revenue in a recent quarterly report.
But should Microsoft — or other companies, for that matter — be charging for security features that help customers protect themselves from cyberattacks and data breaches? Or should all customers have automatic access to the same security tools, with companies charging for other non-security features?