Amazon Delays Rollout Of Microsoft Office Over Security Concerns
Amazon has decided to delay the deployment of Microsoft’s cloud-based Office suite for a year over security concerns.
Last year, Amazon reportedly signed a A$1.57 billion deal with Microsoft to acquire more than a million Microsoft 365 licences.
The deal made Amazon one of the biggest buyers of Microsoft’s flagship cloud productivity suite.
The cloud-based package included Word, Outlook, Windows and other software.
But Amazon paused the rollout after Microsoft discovered a Russia-linked hacker group had gained access to some of its employees’ email accounts, reported Bloomberg.
Earlier this year in January, Microsoft admitted that Russian threat actor Midnight Blizzard has hacked some corporate email accounts. The group allegedly used a “password spray attack,” where a user uses a single common password against multiple accounts on the same application to gain access to the accounts.
As recently as October this year, Microsoft said that Midnight Blizzard was sending “a series of highly targeted spear-phishing emails to individuals in government, academia, defence, non-governmental organizations, and other sectors.”
After conducting its own analysis of the software, Amazon asked for changes to guard against unauthorised access and create a more detailed accounting of user activity in the apps.
Amazon’s requests reportedly include modifying tools to verify user authorization to access the apps, and also tracking of user actions once they gain access through Amazon’s automated systems to mitigate security risks.
“We deep-dived into O365 and all of the controls around it and we held – just as we would any of our service teams within Amazon – we held them to the same bar,” said CJ Moses, Amazon’s chief information security officer.
Moses’s team gave Microsoft security chief Charlie Bell a list of requested enhancements.
“We believe we’re in a good place to start redeployment next year,” said Moses.
Moses early this year recommended to Amazon security chief Steve Schmidt and CEO Andy Jassy that the company suspend the rollout.
“At that time still, Microsoft wasn’t able to tell us if they had gotten the [hackers] out of their environment,” said Moses.