Microsoft today kicked off its Ignite 2021 conference with cloud security announcements that underscore its focus on enterprise cloud protection, particularly for multicloud environments.
The company is extending its native cloud security posture management (CSPM) and workload protection capabilities to Amazon Web Services (AWS) within a suite called Microsoft Defender for Cloud, formerly known as Azure Security Center and Azure Defender. These platforms had been two sides of one product; now, Microsoft is simplifying by bringing them under one name.
Microsoft Defender for Cloud will now let organizations secure AWS and Azure environments from one place without dependencies on the AWS Security Hub. Its approach connects AWS environments using the AWS API and doesn't depend on cloud offerings such as AWS Security Hub. Connecting AWS master accounts automatically onboards existing and future accounts.
With this setup, AWS security recommendations are shown alongside Azure recommendations in the Microsoft Defender for Cloud portal. Microsoft says it has implemented more than 160 out-of-the-box recommendations across infrastructure- and platform-as-a-service offerings; however, security teams can also create their own recommendations and standards to meet specific internal requirements.
The company plans to extend the same kinds of protections to Google Cloud Platform in the future, says Eric Doerr, corporate vice president for cloud security at Microsoft. Organizations are challenged to handle security amid the complicated transition to cloud, and these changes are intended to make the process easier.
"When I talk to customers today, I think they're struggling," he says. "They're just struggling with the complexity. They're trying to rethink aspects of their business functions — line-of-business apps, infrastructure. It's a messy transition." And as companies balance their business needs with security, risk, and compliance, it only takes one slipup for an attacker to break in.
Microsoft began rolling out cross-cloud features with Azure Arc, which lets customers use Azure management tools in their hybrid cloud environments. Over time, Doerr says, a common request was for an outside view of the attack surface. Microsoft acquired RiskIQ, which builds threat intel and management across Microsoft cloud, AWS, and other clouds so that in addition to the inside-out view of an organization Microsoft provided, admins could see an environment from the outside-in, as an attacker would.
Now, the company's objective is to deepen its protection in AWS and make it simpler for organizations to get started. "We're trying to help the customer get a big-picture view of everything they have from a cloud infrastructure and applications perspective," Doerr adds.
The CSPM support for AWS, for example "is very much tailor-made for AWS," he says. "Think about it as really deeply understanding the different types of misconfigurations, the types of threats that exist in AWS." While there are similarities in terms of the type of threats businesses are worried about and the configurations needed, Doerr acknowledges there are differences in exactly how the platform is configured and each platform demands its own unique guidance.
In addition to its own recommendations for assessing security posture, Microsoft extended its workload protection capabilities to Amazon's Kubernetes service to give security teams more unified visibility across multicloud workloads. They can now onboard AWS accounts to use CSPM, as well as server and container workload protection capabilities.
The company also announced Microsoft Defender for Business, a new service that will enter public preview later this month and has been built to bring enterprise-grade endpoint security to small and midsize business with up to 300 employees.
Azure Purview Integration
Among today's cloud security announcements were new product integrations such as the integration between Microsoft Defender for Cloud and Azure Purview, a data governance tool that gives organizations insight into sensitivity of data in multicloud and on-premises workloads.
"How do you know, as an organization, all the different databases you have, all the data that you have scattered across your cloud infrastructure?" says Doerr. "How do you find and inventory it, how do you classify it, how do you start controlling it and managing it and protecting it?"
Microsoft added an "information protection" tile in Defender for Cloud to show scan coverage, recommendations, and alerts. It also added new filters so security teams can filter for sensitive data and better prioritize security policy enforcement and alert investigation across resources. Doerr says one of the things Microsoft is trying to do with the tool is consider variations in data businesses consider sensitive, which may vary. While personally identifiable information is sensitive to everyone, some companies create classification schemas for sensitive data that flows from document stores.
"The integration with Azure Purview extends your security visibility in Defender for Cloud from infrastructure resources down into your data," Microsoft's Gilad Elyashar wrote in a blog post on the news, "enabling an entirely new way to prioritize resources for security teams."