Pour yourself a dram of something smoky and read the news that Microsoft is retiring ‘Send to Kindle’ in Word. Not a breach, not a zero day, just another vendor lifecycle decision dressed up in risk-reduction lipstick. The feature let users push documents to Kindle straight from Word, which is exactly the sort of convenience that makes security teams look heroic in a slide deck and utterly irrelevant in practice. In other words, a tiny change that will be treated like a moon shot for security, while the real problems keep marching on with minimal fanfare. Here on SecurityWithSpirits, we treat this as security theater served neat with a whiskey glass.
And yes, the grand narrative will claim this is concrete progress. The same folks who brought you a dozen notices about phishing and a dozen dashboards about compliance will explain that removing a button somehow decreases risk. Vendors love to wrap a retirement in a security bow because it is cheaper than fixing true control gaps. Meanwhile, CISOs toast with bourbon because their KPI is to demonstrate control without breaking the production line. If you think this is meaningful protection, you probably also believe your email is securely encrypted by the spreadsheet you opened this morning.
What this reveals about security culture
The real signal here is not the retirement but the culture around it. We depend on vendor features to produce secure outcomes, then pretend the absence of a feature is a victory for risk management. This is security theater at scale: a press release, a data point, a dashboard, and then a fresh budget cycle to replace the thing you just gave up. The end result is more meetings, more sign-offs, and less real security. And yes, we will still pretend the user is the primary threat actor while we ignore fundamental data governance and identity controls.
Practical steps, because yes you still have to do work
If you must appease the board while you keep your stack boring and effective, start with basics: classify data, restrict access, log and monitor, and validate backups. Remove reliance on a single vendor feature for anything security critical. Train users to question strange forwarding behaviors and ensure there is an actual incident response plan for when products retire, not just a PR note. The world will keep changing; your risk posture should not be a string of one-off feature toggles that disappear next quarter.
For context, you can read the original article here: Read the original.
