Tech giant Google fired a shot Thursday at chief rival Microsoft, claiming the government’s reliance on its systems was leaving it vulnerable to future cyberattacks.

Jeanette Manfra, Google's director of risk and compliance for its cloud division, said in a blog post that the federal government's reliance on Microsoft is excessive and warned of an overreliance on legacy solutions. By putting too much faith in one provider, Manfra argues that it leaves too many systems exposed to more cyber risks from sophisticated cyber actors.

“As governments work to meet the demands and preferences of their constituents — and their employees — it’s clear that there’s an overreliance on legacy solutions, despite a track record of cybersecurity vulnerabilities and poor user perception,” said Manfra, who previously served as head of the cybersecurity division at the Cybersecurity and Infrastructure Security Agency.

Manfra referred to survey data commissioned by Google that found nearly 85% of government workers who were questioned said that they relied on Microsoft products at work. For years, government agencies have relied extensively on Microsoft software for basic infrastructure all the way up to solutions used by the Pentagon.

However, Google’s survey found that years of partnering with a single vendor has led government agencies into adopting “legacy” mindsets that were not quickly adaptable to emerging cybersecurity challenges. Respondents noted a level of dissatisfaction with their current tools with more than 50% saying they believed better options were available for work. However, they say agency leaders are stubborn when it comes to adopting newer solutions.

Microsoft did not take kindly to Google singling it out and questioning its products. In a statement to NBC News, the company said the critiques were “unhelpful” for creating division at a time when the government is on heightened alert about cyber threats from state and criminal actors alike.

“It is also unhelpful to create divisions in the security community at a time when we should all be working together on heightened alert,” said Frank Shaw, Microsoft's corporate vice president of communications, adding that Google's charges were "disappointing but not surprising."

Microsoft has seen its products abused for a number of prolific cyber attacks in recent years, including the December 2020 SolarWinds hack of multiple federal agencies by Russian intelligence. More recently, a previously unknown flaw in Microsoft’s Exchange program was used in a breach by Chinese hackers.

At the same time, the U.S. government has been warning private companies, as well as state and local governments, to be prepared for possible cyberattacks from Russia during its war in Ukraine. Days after the war began on Feb. 24, Microsoft and Google detailed how they were working to help Ukraine and NATO partners protect themselves from hacks or Russian disinformation.

RELATED STORIES