Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft IT

Microsoft Puts Slack On Internal List of 'Prohibited and Discouraged' Software (geekwire.com) 139

PolygamousRanchKid shares a report: GeekWire obtained an internal Microsoft list of prohibited and discouraged technology -- software and online services that the company doesn't want its employees using as part of their day-to-day work. We first picked up on rumblings of the prohibition from Microsoft employees who were surprised that they couldn't use Slack at work, before tracking down the list and verifying its authenticity. While the list references the competitive nature of these services in some situations, the primary criteria for landing in the "prohibited" category are related to IT security and safeguarding company secrets.

Slack is on the "prohibited" category of the internal Microsoft list, along with tools such as the Grammarly grammar checker and Kaspersky security software. Services in the "discouraged" category include Amazon Web Services, Google Docs, PagerDuty and even the cloud version of GitHub, the popular software development hub and community acquired by Microsoft last year for $7.5 billion...

"It's not just the risk that Google will try to find trade secrets from data stored on their servers," said Christopher Budd, who has worked in security technology for 20 years, including past roles in Microsoft security and privacy communications. "When you're at Microsoft, you're at risk of state sponsored industrial espionage."

The article notes that in the past Microsoft adopted an even harsher stance to employees using competing products. "At a company meeting during his tenure as CEO, Steve Ballmer once famously snatched an iPhone from an employee and pretended to stomp on it..."

But GeekWire also argues that Microsoft's prohibiting of a popular chat tool "can have implications in a competitive recruiting environment."
This discussion has been archived. No new comments can be posted.

Microsoft Puts Slack On Internal List of 'Prohibited and Discouraged' Software

Comments Filter:
  • by Anonymous Coward on Sunday June 23, 2019 @08:40AM (#58808444)

    How is this different than any other corporate policies companies have regarding acceptable use of computing resources? I guess since it's Microsoft, its big news?

    Slow news day it is.

    • How is this different than any other corporate policies companies have regarding acceptable use of computing resources? I guess since it's Microsoft, its big news?

      Slow news day it is.

      It's hypocritical for them to push their own cloud-based systems while simultaneously complaining about the potential for exploitation of similar cloud-based systems with basically the same set of vulnerabilities. Or did you think that One Note, Office 365, and Microsoft Teams were somehow massively different in overall vulnerability?

      • So they are supposed to be concerned about them spying on them?

        Sounds like internal security audit and review to me.

      • Comment removed (Score:5, Insightful)

        by account_deleted ( 4530225 ) on Sunday June 23, 2019 @02:20PM (#58810200)
        Comment removed based on user account deletion
        • Plus, most businesses don't have their own versions of these tools. In 99% of cases, it makes sense for businesses to use the services of cloud providers.

          Microsoft has it's own online office suite, it's own team communication software, etc. - not only does it not make sense for their confidential information to be stored unnecessarily on servers outside of their control, it is simply good for them to eat their own dog food, using the experiences to make their products better.

  • by QuietLagoon ( 813062 ) on Sunday June 23, 2019 @08:43AM (#58808460)
    .. Windows 10 because of its corporate-based espionage, whimsically referred to by Microsoft as "telemetry."
    • What telemetry? Are you some poor consumer? No company puts Windows 10 on discourage software list because no company has to put up with telemetry.

    • Being heavily driven by unbiased data is something deeply ingrained into the Microsoft culture, and telemetry is part of how they get data.

      I'd be lying if I said I was anything near comfortable with it when they first started doing it, and I'm still not 100% comfortable with it, but I really don't believe they're using it for "evil".

      • This is the big deal here. I don't use Windows or anything other than XBox, but I trust Microsoft because I've been dealing with them for decades without them giving me any reason to believe they are doing anything untoward with my data. Our priorities are aligned.

        Privacy becomes more an issue with companies based on an ad model or companies you can't trust to be competent.

    • Telemetry is only always-on in the lower tier versions of Windows 10. Write them a check and they let you cotnrol your own computer.

  • Because that is certainly an interesting thing to come out straight after a company starts selling shares.
    • Its more likely due to this vulnerability that was found last month which can redirect files: https://arstechnica.com/inform... [arstechnica.com]
    • by Anonymous Coward

      Microsoft has its own competing product called Teams. Common sense says that want their employees using their product and not supporting a competing product.

      My guess is that there's a ban on Bing employees using Google for search as well, because DUH.

      • Actually, know thy enemy is a real thing. I'm sure they know that not having people who are routinely using the competing products on staff risks creating a staff with blinders to the competition. It is risky to ban use of competing products.

        I feel sure that the primary reason for the ban is to help prevent intellectual property and business intelligence leaks. I don't believe it is because they believe those other businesses might snoop. They are merely reducing the attack surface for nation state-level ha

        • Actually, know thy enemy is a real thing. I'm sure they know that not having people who are routinely using the competing products on staff risks creating a staff with blinders to the competition. It is risky to ban use of competing products.

          Well, there’s another problem though. If you’re trying to sell a product (let’s call it “Teams”), and anyone within shouting distance of your product’s dev team is using a competing product (which we’ll refer to as “Slack”), you might be opening yourself up to legal issues when some new “Teams” feature closely mirrors what a “Slack” feature does. Especially if anyone on your large payroll has ever worked for the competitor, which

      • Re:Idiot (Score:5, Insightful)

        by Dutch Gun ( 899105 ) on Sunday June 23, 2019 @10:30AM (#58808948)

        There's also the fact that a huge amount of confidential and propriety information gets disseminated in Slack, which is, after all, taking place on someone else's computers. And relying on that companies' computers means your business' internal communication is also held hostage to that company for reliability / uptime.

        I think it's telling that, for companies Microsoft and Amazon (Amazon has the same policy, and has their own internal chat app), they're not so willing to trust their critical infrastructure to others, yet they keep trying to convince others that it's fine for THEM to trust them with YOUR data.

        • It's basic risk management. There is risk to using third party security, but there is also a risk in handling your own security (especially in modern Docker-centric development where security patches only get applied if you release new code).

          The main difference here is that I am 100% positive can build something more secure than Slack. I cannot say the same about Azure or AWS.

          You have to weigh the whole problem, not just one aspect.

      • I have a feeling it's more about "we want to control our data, rather than trust someone else to control our data."

        After all, they run competing services, and who is better to know just how much analysis and scraping can be done!

    • I don't even see why this is news. Every company that I know of has a list of banned software allowed on their computers. It's not unheard of a company having rules preventing employees from using competing products on the job.

      I remember a few years ago Coke fired a delivery driver for drinking a Pepsi on the job. Pepsi sent him a case, thanked him for trying their product, and offered him a job.

      • I agree with you. It just makes me highly suspicious when these things happen at interesting times. There was another one a couple of days back where Facebook started advertising their own cypto-currency but they had banned the advertisement of crypto-currency last year. The timeline went,

        2018 Jan - Facebook bans cryptocurrency advertising.

        2019 Mar - Facebook rolls back ban.

        2019 Jun - Facebook starts advertising its own cryptocurrency.

        Which is also interesting. And now, at almost the exact same time that

  • by jmccue ( 834797 ) on Sunday June 23, 2019 @08:47AM (#58808490) Homepage

    I liked slack when we first started it at work a few years ago, it was just about like IRC.

    But they added threads, now it is a major pain to use with people responding to threads that are 2 weeks old. One spends more time looking for unread items than anything else. And yes using the 'see all unread' is almost as bad as threads.

    • by Dan541 ( 1032000 )

      I started going off slack when they closed their irc gateway. Now I have to run their memory hogging client.

    • But they added threads, now it is a major pain to use with people responding to threads that are 2 weeks old.

      So far in teams I've been in thread use has been light and reasonable... I can see the problem with what you are saying but there are also times when threads are really great, we'll break a side conversation into 50 messages that would have swamped the primary area.

      Maybe it should be a configuration option for the server to say you couldn't respond to threads more than a few days old, I also find bum

    • Not having threads is a huge pain when people are trying to have more than one conversation at a time. I haven't used Slack in a few years, since one of my last contract jobs, but I do remember it took a while to stop posting in the wrong thread. I just think Slack's UI isn't all that great.

    • Some connection between advent of Slack threads and legal weed at work perhaps.

  • We used Slack when our team was first formed and we loved it. Then orders came from on high to use Teams. What a difference. Missed messages, horrible UI/UX, productivity down. What's not to like?
    • Re: (Score:2, Redundant)

      We used Slack when our team was first formed and we loved it. Then orders came from on high to use Teams. What a difference. Missed messages, horrible UI/UX, productivity down. What's not to like?

      If you're a business, this: https://arstechnica.com/inform... [arstechnica.com]

    • We used Slack when our team was first formed and we loved it. Then orders came from on high to use Teams. What a difference. Missed messages, horrible UI/UX, productivity down. What's not to like?

      If you're Microsoft or any other software company, last month's Slack vulnerability which allows diverting of downloaded files. https://arstechnica.com/inform... [arstechnica.com]

    • by agaku ( 2312930 )

      We used Slack when our team was first formed and we loved it. Then orders came from on high to use Teams. What a difference. Missed messages, horrible UI/UX, productivity down. What's not to like?

      Can you install Slack on a private server? If not, it is obvious why Slack is on the list. Nearly all documents are company confidential.

      • More to the point, Microsoft needs to spy on its employees.

        • For a company like MS which is regularly targeted by the most elite cyber offense in the world, they are probably far more concerned with other people spying on their employees.

          This isn't some Web 3.0 AI powered blockchain ad network. Microsoft is responsible for the most critical infrastructure in the world.

          • Give me a break, nobody needs to be elite to target Microsoft successfully, any half wit script kiddie can do it. For example, just send a gimicked cat video to the HR director.

    • Same with Hipchat. We're moving to Slack now, can't imagine it'd be any worse.
  • Read through it and didn't actually see the full list. Is that posted anywhere?
  • by account_deleted ( 4530225 ) on Sunday June 23, 2019 @09:22AM (#58808642)
    Comment removed based on user account deletion
    • The United States government says itâ(TM)s bad, dangerous, and devoid of redeeming qualities.

      I don't know about those first parts, but the last one is true. When it was new, AVP was about as accurate as anything else, and lightning fast. These days, however, it is the slowest A-level antivirus on the market, and has the most overhead of any of 'em AFAICT. It totally ruins performance, making the machine sluggish, like it's bogged down in metaphorical mud.

  • by Tim.Boyden ( 948987 ) on Sunday June 23, 2019 @09:25AM (#58808658) Homepage
    Sounds to me like a sound policy, if you go by the old standard of "eating your own dog food". As a software company, you should be using your own products internally. 1) You are gaining valuable usage and issue feedback that can inform product development. 2) Why would you want to invest money in your competitor, and give free PR to them by using their products? 3) You generate good PR for yourself, by being able to demonstrate what you do with the software and its potential benefits to others. 4) You are building internal experience and knowledge of products, which is one of the more sought after commodities in the technology sector today.
  • If only it were more open.
  • by Gravis Zero ( 934156 ) on Sunday June 23, 2019 @10:33AM (#58808964)

    IRC is simple, you can run your own server, there are lots of clients and it's an open standard. I don't blame anyone for banning ShittyIRC because it's... shitty.

    • I find any always-on chat client to be detrimental to getting work done. Maybe it’d be worthwhile if every member of the team was disciplined and, consistently, only used it when necessary... but I’ve never been on such a team (and, to be fair, I’d probably fail that test as well).

    • by antdude ( 79039 )

      What about medias like animated GIFs, videos, emojis, images, etc.? :P

  • Whoops (Score:5, Interesting)

    by ElizabethGreene ( 1185405 ) on Sunday June 23, 2019 @11:51AM (#58809356)

    It's awesome to learn about your own company's policies from a third party news headline.

    For what it's worth, two of my customers use Slack and I'm on it all the time. As a service provider, I go where my customers are. I'm not going to make them come to me if I can go to them instead.

  • MS has competing products available of its own, why would you use the competition.
    eat your own dogfood.

  • by Fencepost ( 107992 ) on Monday June 24, 2019 @08:52AM (#58813312) Journal
    I've talked to medical offices that wanted to use Slack for internal chat and had to tell them they couldn't, because the ONLY version of it that qualifies under HIPAA is the (I believe self-hosted) "Enterprise Grid" version - the same version specifically noted in the article as the only one that meets Microsoft's security requirements.

    For the other things on the list, Kaspersky? The same AV software that's basically banned from all US Government computers over espionage concerns? Why would anyone care if Microsoft used that, it's not like the US Government is a significant Microsoft customer, right?

    Amazon AWS? Why TF would anyone be OK with paying a competitor for hosting when you sell a directly competing product? Would anyone be surprised if AT&T had a policy of "We don't purchase business cell service from Verizon."?

    And for Grammarly, again it's document security concerns. Third party plugins accessing everything in documents and webpages, does Grammarly do all of its processing locally or is there a cloud component?

    What a flippin' non-story.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...