In an effort to update its security applications for CSOs that are increasingly responsible for securing multi-cloud environments, Microsoft is releasing new visibility and control features for software, workloads, devices, and digital identities accessing or running on hybrid computing infrastructure.
The updates include the extension of Microsoft Defender for Cloud to support the Google Cloud Platform (GCP); a new version of the permissions management platform acquired from CloudKnox in July 2021; enhanced data analysis and archiving features for Microsoft's Sentinel SIEM (system information and event management) application; as well as new identity management, compliance and payment capabilities for Azure and Azure Active Directory (AAD).
All these features will be accessible to customers within a centralised management view, Microsoft says.
“Organisations around the world are forced to confront sophisticated ransomware and nation state attacks even as they’re continually evolving with stricter compliance requirements,” said Vasu Jakkal, corporate vice president for security, compliance, and identity at Microsoft, in a blog post. “These new features and offerings are designed to secure the foundations of hybrid work and digital transformation.”
Ninety-two per cent of enterprises surveyed in a recent Flexera report on enterprise cloud usage said they have a multi-cloud strategy, but only 42 per cent of respondents said they use multi-cloud management tools.
"For organisations to fully embrace these multi-cloud strategies, it’s critical that their security solutions reduce complexity," Jakkal said.
Microsoft Defender for Cloud extended to GCP
Microsoft’s security management and threat protection tool, Defender for Cloud, has been extended to work on Google Cloud Platform (GCP), to allow CSOs to configure GCP environments in line with key security standards such as Center for Internet Security (CIS) benchmarks, and protect workloads running on GCP by identifying weak spots.
With the GCP support, Microsoft claims to be the first cloud provider with native multi-cloud protection for three leading cloud platforms — Microsoft Azure, Amazon Web Services (AWS), and GCP.
CloudKnox aims to support zero trust security
Microsoft is also making CloudKnox Permissions Management available for public preview. The CIEM (cloud infrastructure entitlement management) software package is designed to help customers manage identities and permissions in multi-cloud environments and contribute to their zero trust posture.
Zero trust is based on the concept that anything inside or outside an enterprise perimeter should be automatically trusted, and that anything and everything trying to connect to company systems must be verified before granting access.
CloudKnox is designed to provide visibility into identities, users, and workloads running on cloud platforms, and detects and remediates suspicious activity. It constantly monitors least-privileged account access using machine learning algorithms.
Sentinel adds high-volume data analysis features
For SIEM customers running software in cloud environments, Microsoft announced new features for Sentinel, including a logging capability that allows the application to sift through large volumes of data to identify high-severity, low-visibility events.
Search capabilities are designed to allow security analysts to search through a high volume of security data from logs, analytics and archives to zero in on threats. An add-on to this feature is a data archiving capability that is expected to allow data to be retained beyond the current capacity of two to seven years.
Streamlining control over identity, compliance and payments
As part of its raft of security announcements, Microsoft revealed identity, compliance and payment updates to several applications:
- Azure Active Directory’s core capabilities, which centre around protecting user identity, have been extended to include handling workload identities. Workload identity protection, coupled with the conditional access announced by the company last year, is designed to allow workload identities to be managed efficiently across cloud native applications.
- Microsoft Endpoint Manager has three new features that allow for setting up tailored device compliance policies and monitoring non-compliance in macOS devices; applying conditional launch requirements through Active Ditrectory on Android 11 devices; and runing biometric authentications to verify identities on Android 11 devices.
- Microsoft has also launched a new payment protection service, Azure Payment HSM (hardware security modue), currently in public preview, to help secure payments processed in the cloud. HSM is an infrastructure-as-a-service (IaaS) offering that lets customers plug in the device directly into their virtual network to deliver improved protection for cryptographic keys and customer PINs.