Microsoft’s cloud security, particularly its Azure platform, has come under severe criticism for what security experts are calling negligent and irresponsible handling of security vulnerabilities. The CEO of one security firm explains, “What you hear from Microsoft is ‘just trust us,’ but what you get back is very little transparency and a culture of toxic obfuscation.”

Ars Technica reports that Microsoft’s cloud security practices are coming under intense criticism. Amit Yoran, chairman and CEO of security firm Tenable, has been particularly vocal in his condemnation of Microsoft’s handling of security issues. Yoran stated that Microsoft is “grossly irresponsible” and mired in a “culture of toxic obfuscation.” He further criticized the company for failing to fix a critical issue that gives hackers unauthorized access to data and apps managed by Azure AD, a Microsoft cloud offering for managing user authentication inside large organizations.

FILE- In this May 7, 2018, file photo Microsoft CEO Satya Nadella looks on during a video as he delivers the keynote address at Build, the company’s annual conference for software developers in Seattle.  (AP Photo/Elaine Thompson, File)

FILE- In this May 7, 2018, file photo Microsoft CEO Satya Nadella looks on during a video as he delivers the keynote address at Build, the company’s annual conference for software developers in Seattle. Microsoft is threatening to overtake Apple as the world’s most valuable publicly traded company. The market closed Tuesday, Nov. 27, with Microsoft just behind Apple. (AP Photo/Elaine Thompson, File)

“To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank,” Yoran wrote. “Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix—and only for new applications loaded in the service.”

 

In response to the criticism, Microsoft issued a statement, saying: “We appreciate the collaboration with the security community to responsibly disclose product issues. We follow an extensive process involving a thorough investigation, update development for all versions of affected products, and compatibility testing among other operating systems and applications. Ultimately, developing a security update is a delicate balance between timeliness and quality, while ensuring maximized customer protection with minimized customer disruption.”

However, the response has done little to quell the concerns of security experts and government officials. The growing dissatisfaction with Microsoft’s cloud security practices highlights a broader issue of trust and accountability in the tech industry, particularly when it comes to handling sensitive data and protecting against cyber threats.

“What you hear from Microsoft is ‘just trust us,’ but what you get back is very little transparency and a culture of toxic obfuscation,” Yoran wrote. “How can a CISO, board of directors or executive team believe that Microsoft will do the right thing given the fact patterns and current behaviors? Microsoft’s track record puts us all at risk. And it’s even worse than we thought.”

Read more at Ars Technica here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan