The Federal Risk and Authorization Management Program (FedRAMP for short) stipulates that specially trained personnel must look after the servers that provide these services. And because the data on these servers is confidential and security-relevant, these administrators must also have a special security clearance that is only granted to US citizens.

Such personnel are in short supply and correspondingly expensive. But what is Microsoft doing? As ProPublica recently uncovered, they hired cheap admins with the necessary certificates for server administration abroad. And they put ex-military personnel with security clearance at their side, who they also hired for minimum wages.

They (untrained ex-military) were then supposed to carry out the actions specified by the trained (foreign) IT admins. They were also supposed to monitor what they were doing. But they were not sufficiently qualified for this.

What the actual fuck?

They apparently took the cheapest (IT talent) available – even if they lived in China. You read that correctly: In fact, Chinese IT specialists were administering the cloud servers of the US Department of Defense, among others. What could possibly go wrong?