Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

04:00 PM
Connect Directly

How Microsoft, Amazon, Alphabet Are Reshaping Security

Tech's biggest giants are shifting the cybersecurity landscape as they incorporate security into their products and services.

Microsoft, Amazon, and Alphabet are stomping into the security market, ready to shake things up and address the weaknesses they see in today's tools. Analysts predict the three tech giants will disrupt security the same way they disrupted industries like computing, advertising, and retail by bringing protections to where people are moving their work: into the cloud.

Forrester analysts Jeff Pollard and Joseph Blankenship illustrate the threat in a new report intended to help security pros prepare to work with the companies as they focus on security in the cloud, a space the three effectively control. Legacy security vendors should be intimidated, says Pollard, Forrester's principal analyst serving security and risk professionals.

"As more and more technologies are cloud-ready and more services are cloud-enabled, what winds up happening is, in the same way Amazon can control a retailer on Amazon Prime, that's the kind of power Microsoft, Amazon, and Google will have on their own cloud marketplaces," he continues, referring to Google Cloud, which operates under parent company Alphabet.

Cybersecurity is a hot market for venture funding; Forrester reports VCs poured $3.1 billion into nearly 300 startups in 2016. The investment has driven innovation but failed to address basics like full-featured APIs and integrated management consoles bridging on-prem with cloud.

With their strong influence over the tech market, Microsoft, Amazon, and Alphabet would have had some degree of impact on security no matter what. Now, their effect will be bigger. "They control the marketplace, and that means you have to pay attention to them," Pollard notes.

Each firm bundles technologies and simplifies deployments for security teams, which can use preconfigured security policies for new servers and containers. Scalability isn't an issue; as infrastructure and applications grow, so do cloud platforms. Teams don't need to worry about whether hardware can handle bandwidth upgrades, or whether management servers can handle new endpoints.

As an example of bundling tech, Pollard points to Microsoft's Advanced Threat Protection on Office 365. This puts pressure on email vendors offering spam filtering and automated analysis. If companies already use the Microsoft 365 platform, they don't need additional tools.

Pollard explains how each company approaches security from a different angle. If you want to monitor endpoints you go to Microsoft, which sees how attackers target the Windows OS. If you want to interact with developers, you turn to Amazon Web Services (AWS). If you want to use VirusTotal, you work with Alphabet, which bought the malware and virus scanner in 2012.

He breaks down each company's strategy and explains its perspective:


"Microsoft should probably scare most people as the biggest existential threat," says Pollard.

The company has shown its ability to move into adjacent markets and succeed. Windows is the world's most common OS, giving Microsoft a market advantage and the easiest path to market if they want to push out other vendors. Even if an antivirus tool is on 30% of Windows machines, the AV company has a small fraction of the data Microsoft does.

The shift has changed CISOs' strategies, Pollard explains. Gone are the days when security leaders opted for separate antivirus tools in lieu of Windows Defender. Now, many question the business' choice to buy an endpoint suite when Microsoft's services have security built in.

Microsoft's strategy relies on integrated capabilities; its plan is to build security into each part of Azure, Office 365, and Windows. Acquisitions of smaller firms like Adallom and Aorato have added cloud security capabilities and malware detection, respectively.

Looking ahead, he anticipates Microsoft will continue to target its core enterprise market by making security easy to buy and use. He cautions security teams against investing all their resources in one vendor, however. Microsoft may have succeeded with Windows, Office, and Azure, but has failed in the past with Bing, Windows Phone, and Zune.


Amazon's primary audience is developers, who benefit from the scalability and orchestration of AWS but put security teams in a tough spot with poor visibility and fragmented data. The Amazon strategy is to boost visibility in AWS so dev and security have the same set of threat intel, infrastructure logs, user activity, and CloudTrail API in one dashboard.

"Teams continue to use AWS and security teams aren't prepared for that," says Pollard. Amazon is now trying to empower both dev and security teams so they're on the same page.

Look to Amazon if you're focused on secure development, as developers will continue to be its primary audience, Forrester points out in the report. The company, analysts predict, will continue to add security features but will likely take time to broaden its target market.


Alphabet dabbled in the security space for a while, investing in VirusTotal and launching Project Zero for internal employees but it began its big push after Amazon and Microsoft did. Now it's trying to bundle security and grow the Google compute platform, says Pollard.

It seems Google Cloud's strategy is to go after the AWS market, he speculates. "They don't have the enterprise relationship that Microsoft has, so it makes sense to go after AWS." Its two focus areas include visibility and data analytics, and privacy on personal and professional levels.

Forrester recommends using Alphabet for data but approaching long-term investment with caution. "Alphabet has a history of announcing products and services, then letting them languish when they don’t take the world by storm," Pollard and Blankenship report.

Cybersecurity is a focus for Alphabet now, but the issue is whether the company will continue to prioritize its security services or abandon them. If your business uses Google Cloud Platform then it's worth investing in Alphabet's strategy, but if feature developments start to slow, it's recommended you reconsider.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
4/30/2018 | 11:16:34 PM
bridging on-prem with cloud
This is a huge problem to solve. Many dove headfirst into cloud only to realize 100% immersion was not the right path. Most organizations leverage a hybrid solution and as such are subject to this detriment in bridging data between the two facets. 
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.