Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.
Summary
ProPublica investigates FedRAMP's handling of Microsoft's GCC High cloud for federal use, revealing missing encryption diagrams, back-channel communications, and political pressure that led to authorization despite unresolved security concerns. The report portrays FedRAMP as a potential 'security theater' and highlights risks of relying on third-party assessors, with wider implications for government and contractor cybersecurity. It underscores the importance of robust, independent security documentation when adopting cloud and AI-enabled services.