Amazon.com Inc. has announced a postponement of the rollout of Microsoft Corp.’s cloud-based Office suite for a year, as both companies address Amazon’s security concerns regarding the software. This follows the agreement established last year to provide Amazon employees access to Microsoft 365, which includes essential applications like Word, Outlook, and Windows. Historically, Amazon has utilized versions of Office hosted on its own servers.
The deployment was paused after a hacker group with ties to Russia was found to have accessed the email accounts of some Amazon employees. Following Microsoft’s findings, Amazon conducted its own review of the software and requested specific modifications to enhance security. These changes aim to prevent unauthorized access and to establish more comprehensive tracking of user activity within the applications, some of which are also marketed under the Office 365 brand.
This scenario reflects an unusual intersection of events: a significant commercial agreement between two major cloud computing entities based in Seattle, the implications of a state-sponsored cyberattack, and a cooperative engineering effort that could strengthen the security of widely utilized office productivity software.
“We conducted a thorough analysis of O365 and its security protocols, holding it to the same standards applied to any of our service teams within Amazon,” stated CJ Moses, Amazon’s chief information security officer. His team provided Microsoft’s security leader, Charlie Bell—who previously worked at Amazon—a detailed list of requested improvements. Engineers from both companies have collaborated for several months to implement these enhancements.
“We are optimistic about the potential to resume deployment next year,” Moses commented during an interview at the Amazon Web Services’ re:Invent conference last week. Microsoft has chosen not to comment on the ongoing situation.
According to reports from Business Insider last year, Amazon made a substantial commitment of $1 billion over five years to procure Microsoft’s 365 software for its approximately 1.5 million employees. This agreement positioned Amazon, the second-largest private employer in the United States after Walmart Inc., as a major client of Microsoft’s cloud productivity suite.
In a related incident last fall, a hacking group named Midnight Blizzard targeted Microsoft’s corporate systems, leading the company to disclose in January that a limited number of employee email accounts had been compromised, affecting senior management as well as personnel in cybersecurity and legal roles. This breach was one of several security incidents that prompted Chief Executive Officer Satya Nadella to declare security as Microsoft’s top priority.
Moses advised Amazon’s security chief Steve Schmidt and CEO Andy Jassy to halt the software rollout earlier this year, allowing Microsoft to evaluate the breach and for Amazon to conduct further investigations.
“At that time, Microsoft was still unable to confirm whether the threats had been neutralized within their environment,” Moses recalled.
Amazon’s security requests included the modification of tools to ensure that users accessing the applications are properly authenticated and that their actions are monitored in real-time by Amazon’s automated systems to detect potential security threats. The Microsoft solution, which was assembled from various previously independent products, required adjustments to meet Amazon’s security standards.
“We aimed to ensure that all actions were logged and that we could access those logs in near-real time,” Moses explained, noting that this was a significant point of contention.
Bell, who previously worked with Moses at AWS before joining Microsoft in 2021, has indicated that the enhancements developed for Amazon will also be available to Microsoft’s other clients, according to Moses. He commended Bell’s dedication to addressing the challenges presented.
“They’ve put in tremendous effort,” Moses remarked. “We have presented them with some considerable demands.”
© 2024 Bloomberg LP
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)
