Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think it’s interesting that you call out Google. It’s not that I disagree, but from the European enterprise perspective you can say that Microsoft has access to virtually everything. Banks, Healthcare, Defense, Public Services and so on, everyone is using the Office365 product line and almost everything is stored in Azure.

I don’t begrudge Microsoft, I think they are a fantastic IT-business partner from an enterprise perspective. They are one of the few tech companies in the world that actually understands how an Enteprise Organisation wants to buy IT and support, and they’ve only ever gotten better at it. As an example, when I worked for a Danish city, someone from Seattle would call us with updates on major incidents hourly. Which is something you can translate to a CTO being capable of telling their organisation that Microsoft is calling them with updates on why “e-mail” isn’t working. So I actually think Microsoft is great from that side of things.

I don’t think we should’ve put all our data into their care. We live in a post Snowden world, and even here in Denmark we recently had a scandal where it was revealed that our government lets NSA spy on every internet point leaving the country. I get that’s the way it is when you’re a pseudo vassal state. We’ve always had our government secrecy regarding the US and Greenland. It also makes me wonder how secret anything we’ve let Microsoft have access at really is.



This. The next time, there's a real disagreement in trade policies, Europe is going to be fucked. Microsoft does have access to literally everything and no one even seems to understand that, because no one understands what "cloud" or even just "online vs. offline" means nowadays. It's a bit scary.


This is another big issue, but the EU does know and care about it. My current employer falls under the critical infrastructure category (we’re finance/energy) and that means we’re required to have contingency plans for how to exit Microsoft in a month. Not just theoretical plans, but actual hands on plans that are to some degree tested once in a while.

The issue is how impossible it is to exit Microsoft, and this is where I’m completely onboard with your scary part. We can exit Azure painlessly from the digitalisation perspective, well not financially painless but still. IT-operations will have fun replacing AD/EntraId though, but all our internal software can be moved to a Kubernetes cluster and be ready to accept external authorisation from Keycloak or whatever they have planned to move to.

But where is the alternative to Office365? Anyone on HN could probably mention a bunch, but where is the alternative for people who don’t really “use” computers as such? The employee who basically think a pc “is” Office365. As in we could probably switch their Windows to Linux and they might not notice if they still had Office365.

This is where the EU currently doesn’t really have an answer. We have a strategy to exit Office365, but I’m honestly not sure our business would survive it.


This is a big deal in cybersecurity education. I'm in the UK doing it. We've a dilemma that industry is desperate for fresh new cybersecurity recruits to fill an enormous skills gap. In the UK, Microsoft is a "preferred supplier" for lots of organisations, even defence stuff, and to get our students past the gatekeepers they pretty much need "365". Regardless of whether they can recompile a Linux kernel and do protocol analysis with Wireshark... no 365, no job, Not even tier-1 support.

By contrast my last cohort of masters students worked on things like critical infrastructure, national security, long-term resilience, hybrid interoperability... everything that Microsoft is not and makes worse.

So there's a schism between academic understanding and industrial reality that makes cybersecurity really rather hard to fix.

So I have to walk into a classroom and say:

  "Heads-up! We're going to be learning about 365 administration this
   week, about Active Directory, and this and that... which are all
   okay products and make a lot of admin tasks easier. BUT!! The only
   reason is so you can walk into a job. Because this US company has
   the UK tech sector by the balls. As soon as you're working, forget
   everything you hear in these lectures, because it's dangerous
   BigTech mono-culture that's antithetical to the real values of
   cybersecurity. Take the principles. Reject the products. Look at
   other tools that do the same, Have a backup plan."
And I hope they took enough from Ross Anderson's SecEng book, and from the BSD/Linux classes and my the other lectures to go out there and start undoing the harm.


> My current employer falls under the critical infrastructure category (we’re finance/energy) and that means we’re required to have contingency plans for how to exit Microsoft in a month. Not just theoretical plans, but actual hands on plans that are to some degree tested once in a while.

If those plans exist and there is even a tiny chance you can pull that off i'm impressed. In most organizations it would be a almost impossible challenge to even upgrade all their servers to a new OS in a month. I don't think i've ever seen a organization of more than 100 employees that could reasonable migrate their cloud provider, identity source and operating system in a month. Endpoint operating system upgrades often take a year (or more).


Most organizations do not spend any time even thinking about that, nor considering it in their decision processes, nor prepare for it. An organisation that do, will have an IT architecture. For example limiting exposure in the first place. For example, they might chose to not have have any servers with Windows in the first place. They might have a thin client or web oriented workflow for endpoint applications, which make switching out Windows easier on employee mdchines. They might have already have multiple OSes in use, to check that critical systems can be successfully accessed without Windows. That said, it is of course a big endeavour.


> The issue is how impossible it is to exit Microsoft,

https://blog.documentfoundation.org/blog/2024/04/04/german-s...


> Which is something you can translate to a CTO being capable of telling their organisation that Microsoft is calling them with updates on why “e-mail” isn’t working. So I actually think Microsoft is great from that side of things.

This is exactly it. Execs want to sound in charge of situations, even if it's just a person who can be shouted at. Microsoft can employ very expensive, individualised call centre staff in expensive suits to read out to you a service status page.


I agree but I also think it’s bigger than the ego of C-types. The fact that Microsoft calls you with updates also has a near magical impact on organisation culture in general. It’s the, “oh ok” gestalt that every employee feels, the thing that makes them consign to wait instead of being angry, and what not.

Sure there is ego, but a lot of C types are frankly good enough to work beyond that part of the equation.


I wasn't necessarily talking about ego, but more about how other people in the C-suite will react differently knowing that someone's calling with updates regularly.


> Microsoft is calling them with updates on why “e-mail” isn’t working. So I actually think Microsoft is great from that side of things.

maybe they should have used their skills to have it continously work rather than put up a huge organisational structure ensuring they will give you hourly updates on WHY they screwed up :) but I get it, the government-customers do not care AT ALL about the services to the citizens, rather their objective is cover-my-ass and to provide explanations up the chain




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: