Trust Is Not a Security Strategy: The Microsoft-Pentagon Arrangement That Defies ZT (and Logic)

Sometimes truth is stranger than fiction.

If someone told you that Microsoft, the company powering most of the Pentagon's digital infrastructure, was having engineers in China fix sensitive Defense Department systems through American "escorts" who couldn't fully understand the commands they were implementing, you'd think they were describing a satirical movie plot.

Yet, it’s not the story of the next Hollywood blockbuster. It's a reality revealed in a recent ProPublica investigation that has left current and past intelligence leaders baffled at what might be the most bizarre security vulnerability hiding in plain sight.

Microsoft’s Digital Escort System

The investigation uncovered that Microsoft has been using a "digital escort" system for nearly a decade to maintain Defense Department cloud systems. When technical support is needed, an engineer in China files a ticket to take on the work. A U.S.-based "escort" with a security clearance, often a former military member with minimal coding experience being paid as little as $18 an hour, connects with the engineer via Microsoft Teams. The Chinese engineer sends commands, which the escort then inputs into Defense Department systems without necessarily understanding what those commands do.

This arrangement handles data categorized as "Impact Level 4 and 5"; information that "directly supports military operations" and whose compromise could have "severe or catastrophic adverse effects" on operations and assets. Yet despite its critical importance, the program has operated with such low visibility that even the Defense Information Systems Agency spokesperson admitted, "Literally no one seems to know anything about this."

According to ProPublica, Microsoft created this workaround to win government contracts while still utilizing its global workforce. When the Defense Department initially suggested Microsoft hire U.S. citizens to maintain the federal cloud directly, the company pushed back, with a former Microsoft manager describing the escort system as "the path of least resistance." Multiple employees reportedly warned Microsoft about the inherent risks, but the company proceeded anyway, prioritizing business growth over security concerns.

An Anachronism in Modern Cybersecurity

The Microsoft digital escort program represents the antithesis of modern cybersecurity thinking - a relic from an era when we believed networks could be secured through perimeter defenses and trusted intermediaries.

As one escort admitted to ProPublica: "We're trusting that what they're doing isn't malicious, but we really can't tell."

This trust-based approach stands in stark contrast to zero trust principles, which have become the cornerstone of modern security frameworks. Zero trust demands continuous verification of every user, device, and transaction, regardless of location or network. The escort program instead relies on implicit trust of foreign engineers based solely on the presence of an American intermediary who may lack the technical expertise to spot malicious activity.

The Chinese Cyber Threat Context

This revelation is particularly alarming given China's well-documented cyber operations targeting U.S. interests. Just last year, Chinese state-sponsored hackers compromised major telecommunications providers AT&T and Verizon, exploiting backdoor access points originally designed for lawful intercept capabilities. In another high-profile incident, Chinese hackers infiltrated cloud-based mailboxes of senior U.S. officials, stealing approximately 60,000 emails from the State Department alone.

News broke this week that the very same group reportedly hacked the U.S. National Guard. According to SecurityWeek, in  2023 and 2024, the DoD stated, Salt Typhoon stole 1,462 network configuration files for roughly 70 US government and critical infrastructure entities from 12 sectors, including energy, communication, transportation, and water and waste water.

The Office of the Director of National Intelligence has explicitly named China as "the most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks."

Utilizing engineers in China to maintain DoD systems defies logic, full stop.

A Legacy of Outdated Security Thinking

How did we arrive at such a problematic arrangement? ProPublica's investigation reveals that when the federal government began transitioning to cloud computing, Microsoft effectively convinced officials to accept this risky escort model as "the path of least resistance" rather than building more secure alternatives.

This outdated approach stems from a time when organizations believed they could secure their systems by controlling access to networks rather than protecting the data itself. It assumes that if we can trust the people with access, we can trust the outcome - a premise that cybersecurity experts have long since abandoned.

As former intelligence official Harry Coker told ProPublica, the escort program represents "an avenue for extremely valuable access" that intelligence operatives would "love to have."

Most concerning is that this system has operated for nearly a decade, with many defense officials unaware of its existence. Former Department of Defense CIO John Sherman admitted: "I probably should have known about this."

Moving Beyond Network-Centric Security

The Microsoft digital escort saga highlights the fundamental limitations of network-centric security models. When security depends on trusting individuals or networks, it inevitably creates vulnerabilities that can be exploited.

Forward-thinking organizations are increasingly moving toward data-centric security (DCS) approaches that protect information at its source, regardless of where it travels or who handles the systems it passes through.

Data-centric security embeds protection directly into the data itself through encryption and granular access controls. With this approach:

• Security travels with the information, not with the network
• Protection persists regardless of which systems process the data
• Access is cryptographically enforced, not dependent on trusting administrators
• Verification happens continuously at the data level, not just at network boundaries

The Federal Shift Toward Data-Centric Security

The good news is that the federal government is gradually awakening to these realities. The 2025 Executive Order on Improving the Nation's Cybersecurity explicitly mandates zero trust architecture across federal agencies. More recently, organizations like CISA and NIST have begun emphasizing data-centric approaches in their security frameworks.

Forward-thinking businesses are following suit, recognizing that amidst cloud computing, remote work, and global supply chains, traditional security perimeters have effectively dissolved. Data-centric security provides the foundation for true zero trust implementation, where trust is never assumed, and verification happens continuously at the data layer.

The Microsoft digital escort program serves as a cautionary tale for security leaders everywhere. It demonstrates what happens when organizations:

1. Build security on trust rather than verification
2. Focus on protecting networks instead of data
3. Accept legacy approaches rather than demanding modern security models
4. Allow business convenience to override security principles

Microsoft's digital escort program is an egregious misplacement of trust and ultimately a time capsule from a bygone era of security thinking that we must leave firmly in the past. The future belongs to data-centric approaches that protect information regardless of who has access to the systems it passes through.