Microsoft extends Defender umbrella to Google Cloud Platform

Microsoft is to extend the native capabilities of its Defender for Cloud service to cover the Google Cloud Platform (GCP), bringing all three of the world’s largest public cloud services – Azure and Amazon Web Services (AWS) being already in scope – under the same cyber umbrella covering posture management and workload protection.

Microsoft said that for years, the cloud industry has operated on a model whereby each provider focuses on “securing its own castle”, but for multiple reasons – prominent among them the impact of the pandemic on business models forcing organisations toward multicloud business models – this approach is no longer feasible.

Citing a joint survey with pollster Harris that found 83% of enterprises have identified managing multicloud complexity as their most pressing pain point in 2022, Vasu Jakkal, CVP of security, compliance and identity at Microsoft, told Computer Weekly that extending Defender’s capabilities across the most-used cloud environments was an entirely logical move.

“This is the first time all three have had workload protection and posture management offered by Microsoft, which addresses something critical – when there are seams between Azure, Google Cloud Platform and AWS, those seams and gaps are what attackers will exploit, because that is what is most vulnerable,” she said.

“We view Google and AWS as key partners, and we have often said that to address this asymmetric battle, we need a village. From a customer standpoint, we hope they will see an easing of complexity and a more holistic approach.”

Support for GCP will come with out-of-the-box recommendations allowing users to configure their Google environments with key security standards, such as Center for Internet Security (CIS) benchmarks, protection for critical workloads running in GCP, and much more.

At the same time, Microsoft is now bringing to bear the capabilities of CloudKnox, a cloud infrastructure entitlement management (CIEM) specialist that it quietly acquired in July 2021, as its Permissions Management tool enters public preview.

“When we look at security, we look at it comprehensively, and identity is core to that,” said Jakkal. “In this crazy world in which we’re living, our perimeters have disappeared … and identity is the first access point, so zero-trust is what we now advocate for. For that, you need robust cloud identities.”

Microsoft hopes its acquisition of CloudKnox will enhance its ability to help customers manage permissions in multicloud environments and strengthen their zero-trust postures. The Permissions Management tool will supposedly help in this by providing complete visibility of all identities, users and workloads across clouds, incorporating automated features to enforce least-privilege access, and machine learning-based continuous monitoring.

Redmond’s latest set of security announcements also includes the addition of new threat logging and data archiving capabilities, and an enhanced search engine, to improve the effectiveness of its Sentinel threat hunting tool. Also on the docket are updates to Azure Active Directory to enable it to safeguard workload identities as well as users, and new capabilities to Endpoint Manager to enable security teams to better protect Android and macOS devices.

Finally, Microsoft is launching a new secure payment processing service within Azure for card issuers and network and payment processors to securely process payments in the cloud.