Google Pitches Workspace as Microsoft Email Alternative, Citing CSRB Report

The new Secure Alternative Program from Google aims to entice customers away from Exchange Online and break Microsofts dominance in the enterprise.

Google is using a recent report from the US Cyber Safety Review Board (CSRB) that was critical of Microsofts security practices to make a case for its own Google Workspace suite of cloud-hosted email and office productivity apps.
In two separate blogs — and without once referring to Microsoft by name — company executives cited the CSRB report as reason why enterprise organizations should consider moving away from Microsoft Exchange Online hosted email to Google Workspace.
The company has launched a new
Secure Alternative Program
with special pricing on its Google Workspace Enterprise Plus offering and on Mandiants incident response service for organizations that make the switch. Google will also offer migration and change management support for enterprises that need help transitioning from Exchange Online to Workspace.
For years, security experts have warned of the risks of government overreliance on a single technology vendor, Google Cloud senior director of global risk and compliance Jeanette Manfra and Charley Snyder, the companys head of security policy,
wrote this week
. The recent U.S.
Cyber Safety Review Board (CSRB) report
detailing significant security failures and systematic weaknesses in a longstanding vendor reaffirms these risks.
The report that Google has brandished in its new campaign is based on the CSRBs investigation of two incidents over the past year where two separate nation-state actors breached Microsofts Exchange Online environment. One of the intrusions happened last June and involved Chinese cyberespionage group
Storm-0558 gaining access to email accounts
belonging to some 25 entities. The victims included several senior US government officials managing US-China relations, prompting the CSRB to describe the attackers as striking the espionage equivalent of gold.
The second intrusion happened last November and involved Russias
Midnight Blizzard
gaining access to email accounts belonging to Microsoft executive leadership and also to some source code repositories and other internal systems. Microsoft disclosed the email breach in January and the
source code leak two months later
in March.
The CSRB report blamed a
cascade of security failures
at Microsoft for the breaches, concluding that Microsofts security culture was inadequate and requires an overhaul, particularly in light of the companys centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. In response, Microsoft has promised to make
sweeping organizational changes
and hold senior leadership directly accountable for meeting cybersecurity goals.
A Microsoft spokesman pointed to that effort in response to a Dark Reading request for comment. Microsoft is making security our top priority, above all else, the spokesman said in an emailed comment. Our
Secure Future Initiative (SFI)
brings together every part of Microsoft to advance cybersecurity protection across our platforms and products, benefiting customers around the world, including commercial and government enterprises, small businesses and individuals.
Rik Turner, an analyst with Omdia, perceives Googles new offering as a bid to try to wean customers away from Microsoft while memories of the CSRB report are still fresh. This move by Google is an opportunistic one on the coattails of the CSRBs report, and why not? Turner asks. While Google has some very good and often innovative technology, the fact is the company still is not the obvious choice for enterprise organizations on many fronts, and certainly not in office productivity, he adds. So why not grab some of the media attention on what the CSRB has said, and potentially even drive some more?
Googles pitch to customers with its new campaign is that Workspace offers a safer alternative to Microsofts email because it is cloud native and architected with modern threats in mind, and that organizations wont have to deal with desktop clients and instances of on-premises software that they need to patch and maintain. This means a smaller attack surface and less work for your IT teams, Google vice president of product management Yulie Kwon Kim said. The fully cloud hosted model also means organizations do not have to worry about securing emails and files stored on end user devices.
Omdias Turner says the general market perception is that Google has garnered some success with its Google Workspace offering. But most of that success has largely been confined to the cloud-native start-up community rather than mainstream corporate America. Google will find that market harder to crack because of Microsofts near ubiquity in that segment and the fact that it has been there for decades.
Theres also the issue of Google having its own security problems, Turner says, pointing to a security vendors report last year on a
design weakness in Workspace
that Google denied was a weakness. Its too early, in my opinion, to gauge how effective the combination of the CSRB report and this Google initiative will be in prising major customers away from Microsoft, but I am somewhat skeptical, he notes.
Guy Rosenthal, vice president of product at DoControl, says that Googles arguments about the risks associated with using a single vendor for operating systems, email, office productivity tools, and security has merit. But thats a risk organizations take when using many major technology vendors. Take, for example, a company utilizing Googles ecosystem, Rosenthal says. They might use Google Chrome to access all Google services, effectively creating a monoculture similar to Microsofts environment.
At the same time, he says Googles claim of a more secure-by-design offering, leveraging AI-based defenses and robust threat data analytics, is compelling. The reduced need for on-premises software indeed minimizes the attack surface, he admits, but adds, However, it is essential to consider that no system is impervious. Both Google and Microsoft have experienced security incidents, and both invest heavily in securing their environments.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Google Pitches Workspace as Microsoft Email Alternative, Citing CSRB Report