NIST, for those that dont know, are a standards body that determines defined levels for meeting government standards, which is what enforces much of our regulation on private goods. They also now write Cybersecurity regulation.
Well some important points in cybersecurity are getting enforced, such as non-repudiation, NIST hardware and software requirements, things like multifactor authentication, etc..
I'm just curious how long Microsoft can continue to be relevant given their inflexibility as a private company in meeting these requirements. They still dont salt the password database in an on-premise AD, unless you connect a proprietary cloud connection that guarantees single point of failure in on-premise systems. They dont support modern TOTP, they only support an insecure legacy smart card system.
https://learn.microsoft.com/en-us/windows-server/security/kerberos/passwords-technical-overview
So how long can Microsoft last, as they're not able to accept third party patches, and the inherent difficulty in auditing that they are even meeting the requirements. Is IBM and Redhat a better option for the future of IT? Incidents like Microsoft getting hacked by Solarwinds are no joke when we're at war with China and Russia, is the stock at imminent risk?
Leave a Reply