THESE days businesses adapt and transform through the adoption of cloud, mobile and edge platforms. The pandemic too has brought about increased security considerations as hybrid and remote working and learning were kicked into high gear.
Because of this, the security landscape has become increasingly more complex. This puts more stress on IT professionals who have been struggling to manage security and employee access across multiple cloud platforms.
On top of everything, Microsoft believes that cybercriminals crave this level of complexity because they know it's harder for IT and security teams to discover and plug the gaps before they infiltrate.
Based on Flexera 2021 State of the Cloud Report, 92 per cent of organisations embrace a multi-cloud strategy. This means, so many businesses are relying on apps and infrastructure from multiple cloud providers.
In another recent survey sponsored by Microsoft, it shows that 73 per cent of respondents say it is challenging to manage multi-cloud environments. For organisations to fully embrace these multi-cloud strategies, it is crucial that their security solutions reduce complexity and deliver comprehensive protection.
To address this, Microsoft recently announced new security solutions to help its customers strengthen visibility and control across multiple cloud providers, workloads, devices and digital identities – all from a centralised management view.
These include the extension of native capabilities of the Microsoft Defender for Cloud to the Google Cloud Platform (GCP), public preview of CloudKnox Permissions Management, and new security data analysis capabilities on Microsoft Sentinel.
In her blog, Microsoft's corporate vice president for security, compliance and identity, Vasu Jakkal shared that Microsoft's new advances would help the company's customers to fully embrace multi-cloud strategies, at the same time protect them.
"Cyber risks are inevitable and ever-evolving, but the more we build comprehensive, integrated, and cloud powered defences using automation to prevent, detect and mitigate risk, the more we can empower organisations of all sizes to be fearless in their digital transformation and continue to innovate.
"We are committed to delivering comprehensive solutions that work seamlessly across platforms and extend to clouds and apps well outside our own offerings so that our customers can secure their entire digital estates end-to-end," said Jakkal.
PROTECTING CUSTOMERS
By extending the native capabilities of Microsoft Defender for Cloud to the GCP, Microsoft is taking another step in its journey to protect its customers across diverse cloud systems.
With GCP support, Microsoft is now the only cloud provider with native multi-cloud protection for the industry's top three platforms—Microsoft Azure, Amazon Web Services (AWS), which was announced at Ignite in November 2021, and now GCP.
This support for GCP comes with out-of-the-box recommendations that allow customers to configure GCP environments in line with key security standards, such as the Centre for Internet Security benchmark, and protection for critical workloads running on GCP. On the announcement blog by Microsoft, the company explained how this advancement will allow organisations to manage their security centrally and natively across clouds.
"Microsoft Defender for Cloud will provide more than 80 out-of-the-box recommendations to begin with. These are aligned to industry standards and security best practices, including a mapping to the CIS benchmark for Google Cloud.
"Configuration oversight can open the door to threats in your environment, that's why it's critical to stay on top of common risks we see across environments. That's why we built new threat protection capabilities in Microsoft Defender for Cloud for native GCP workloads across containers and servers."
STRENGTHENING ZERO TRUST SECURITY
In a statement shared by the technology corporation on its latest security solutions, identity is the new battleground for cyberattacks, and that security and compliance fundamentals begin with conclusively managing this key pillar.
And, a multi-cloud world means that the number of platforms, devices, users, services, and locations will also multiply exponentially – and organisations will often face the challenge of securing this.
As a solution, Microsoft also announced that it will be offering the public preview of CloudKnox Permissions Management.
This follows Microsoft's acquisition of CloudKnox Security in 2021, to accelerate its ability to help customers manage permissions in their multi-cloud environments and strengthen Zero Trust security postures.
CloudKnox will help provide organisations complete visibility into user and workload identities across clouds, with automated features that consistently enforce least privilege access and use machine learning-powered continuous monitoring to detect and remediate suspicious activities.
"You can easily pinpoint specific identities with a high Permission Creep Index and look at what permissions they are granted versus what they used, and what resources they can get to. This level of visibility is needed to identify where the highest risks are and remediate them."
REINVENTING THE ECONOMICS OF DATA
At the same time, Microsoft also announced new ways for security teams to access and analyse security data with Microsoft Sentinel, promising a reinvention in the economics of working with security information and event management data, and deliver new ways to access as well as analysing security data by embracing all data types, at any location, to provide the most comprehensive threat hunting solution.
"To enable rapid threat hunting over your expanding security data set, we are also announcing a new experience that empowers analysts to easily search petabytes of security data (Basic, Analytics, Archived, and more coming soon) across long time horizons and delivers results within minutes. When relevant archived data is discovered, it can be easily restored to a high performance cache to enable further analysis and investigation."
Capabilities introduced include basic logs that allow Microsoft Sentinel to sift through high volumes of data and find high-severity but low-visibility threats.
In addition, Microsoft Sentinel will have a new data archiving capability to extend data retention beyond Microsoft's current policy of two years, to seven years, to support its customers' global data compliance needs.
The company will also be adding a new search experience to empower security analysts to hunt for threats effectively, as they now can search massive volumes of security data quickly and easily from all logs, analytics, and archives.
"Beyond search, we are announcing general availability of Log Analytics workspace data export. Log Analytics data export enables continuous export of Microsoft Sentinel data to Azure Data Lake, making it possible for analysts to quickly and easily leverage massive security data sets to pinpoint security hot spots, breaches, and attacks."
GREATER VISIBILITY AND CONTROL
As cyberattacks continue to evolve, organisations need to anticipate and prepare for attacks, which can come from both inside and outside of their networks. In order to assist its users, Microsoft also announced a slew of comprehensive solutions that organise security, compliance, identity, endpoint management, and privacy as an interdependent whole, while extending protection across platforms and clouds.
Azure Active Directory (ADD) helps secure workload identities beyond its core capabilities of protecting user identities as customers move more workloads into the cloud and develop more cloudnative applications.
For more secured payment processing, Azure, through the launch of a new service, Azure Payment HSM offers public preview for payment card issuers, and network and payment processors to securely process payments in the cloud. It also provides the highest levels of protection for cryptographic keys and customer PINs for secure payment transactions.