Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Microsoft announced today that its Defender for Cloud security offering now works natively with all three of the largest public cloud platforms, with the addition of support for Google Cloud.
It’s a parallel announcement to Microsoft’s extension of Defender for Cloud to Amazon Web Services (AWS) last November — and a further recognition by Microsoft that customers are embracing multicloud, said Eric Doerr, corporate vice president for cloud security at Microsoft. The remaining cloud supported by the Defender for Cloud solution is Microsoft’s own platform, Azure.
Microsoft Defender for Cloud provides capabilities for detecting misconfigurations in cloud infrastructure — what’s known as cloud security posture management, or CSPM. The offering also provides cloud workload protection (CWP), which helps to secure workloads across both containers and servers.
With today’s announcement, “now Microsoft Defender can protect your data and your configurations across the top three cloud platforms,” said Charlie Bell, executive vice president for security, compliance, identity and management at Microsoft, and a former longtime executive at AWS, in a blog post today.
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
‘Not a fad’
Microsoft continues to do battle with AWS and Google Cloud for infrastructure-as-a-service (IaaS) customers — with Azure ranking behind AWS, and ahead of Google Cloud Platform (GCP), on market share.
But from a security perspective, supporting the other top clouds is a necessity if Microsoft wants to truly solve customer problems, Doerr told VentureBeat. Using Defender for Cloud, customers can now handle CSPM and CWP in any of the three clouds from a single, centralized platform — making Microsoft the only vendor that offers these capabilities natively for the three clouds, according to the company.
According to a report from Flexera, 92% of enterprises now have a strategy for multicloud deployment. At Microsoft, “we realize multicloud is not a fad,” Doerr said. “It’s actually really mainstream for our customers.”
And yet at the same time, almost unanimously, security professionals say that using multiple cloud providers creates additional security challenges, research from Tripwire shows. Increased complexity, and the need for cyber skills covering all of the different environments, are among the struggles that many businesses face when going with multicloud.
Customers are “drowning” when it comes to multicloud security, Doerr said.
“They need our help. And so we’re here to make it simple and easy for them,” he said. “They don’t have time to deal with three different products across their cloud infrastructure. They need something that helps pull it together.”
Ultimately, in cloud security, helping customers to “solve half of their problem” is not actually that helpful, Doerr said.
Solving the problem
The move announced today follows the same playbook Microsoft has used with operating systems, in which the company has supported more than just Windows, he said. Microsoft has done a “ton of work” to support macOS, iOS, Android and Linux — and the approach the company is taking with Defender for Cloud is the “same principle,” Doerr said.
“You’ve got to go solve the complete customer problem,” he said. “Sure, I’d love people to be using Azure — and lots of our customers are making huge bets on Azure. But I’m laser-focused on making the best multicloud solution on the planet, to make the simplest possible solution for our customers — so that they can spend their time on other things.”
With the Microsoft Defender for Cloud support for Google Cloud, the platform connects to Google Cloud through native APIs, and does not have any dependencies on first-party tools from Google, according to Microsoft.
For example, for software development teams that are embracing containerized development, proper configuration can represent a major challenge — and create serious risks if not done correctly. But now with Defender for Cloud, “whether you’re doing that development on Azure or AWS and GCP, you’ve got these capabilities” for ensuring proper configuration via CSPM, Doerr said.
“Previous to this, if you were doing it on GCP, you’d have to wire together a bunch of stuff on your own to try to get the same level of protection,” he said.
Other key solutions that come as part of the platform’s CSPM capabilities are a “Secure Score” — which offers a centralized view of the customer’s security posture across all clouds — as well as 80 recommendations to help implement the right practices in areas such as cloud storage buckets and cloud SQL database instances.
These components of the platform aim to serve as a “concrete way of helping you prioritize,” Doerr said.
The capabilities for CWP, meanwhile, are aimed at helping customers to prevent and respond to threats in the cloud environments. With the new Google Cloud support, Defender for Cloud supports container protection for Google Kubernetes Engine (GKE) Standard clusters, Microsoft said. Customers can get threat detection capabilities, such as anomaly detection and behavioral analytics, for GKE clusters using the Microsoft Defender for Containers solution.
In terms of server protection, Defender for Cloud supports Google Compute Engine VMs, Microsoft said. Capabilities include vulnerability assessment, behavioral alerts for virtual machines (VMs), anti-malware and file integrity monitoring, the company said.
All in all, Microsoft’s experience with offering Azure provides a big advantage on security to customers who are looking to protect their non-Azure cloud environments, as well, according to Doerr.
“We have a perspective on some of what’s important and what’s challenging because we’re one of the major cloud providers. And we’re able to work very closely with customers who were having problems, and help them through those problems,” he said.
For instance, when a pattern of attacks is discovered in Azure, “that same pattern is a problem that can happen on AWS, and that’s a problem that can happen on GCP,” Doerr said. “We’re helping you with all of the clouds, and all of your infrastructure, at the same time.”
The bottom line, he said, is that extending Defender for Cloud to support the third major cloud should send a strong message about how Microsoft views multicloud.
“There’s still some perception that [Microsoft] mostly worries about Microsoft stuff,” Doerr said. “So I do think it’s going help a little bit with [showing that] we’re serious about this. We’re here to really solve your problems. We’re here to build the world’s best multicloud solution.”
In another announcement today, Microsoft unveiled CloudKnox Permissions Management, based on the company’s acquisition of CloudKnox last year, in public preview. The solution provides “complete visibility into all identities, users and workloads across clouds,” said Vasu Jakkal, corporate vice president of security, compliance, and identity at Microsoft, in a blog post.
The tool’s automated features serve to “consistently enforce least privilege access and use machine learning-powered continuous monitoring to detect and remediate suspicious activities,” Jakkal said.
Along with providing some of the largest platforms and cloud services used by businesses, Microsoft is a major cybersecurity vendor in its own right with 715,000 security customers.
In late January, Microsoft reported that revenue for its security business grew 45%, surpassing $15 billion, during the previous 12 months, year-over-year.
Microsoft now provides “advanced end-to-end cross-cloud, cross-platform security solutions, which integrate more than 50 different categories across security, compliance, identity, device management and privacy,” Microsoft CEO Satya Nadella said last month. And the company’s security offerings are “informed by more than 24 trillion threat signals we see each day,” Nadella said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.