The three largest cloud infrastructure providers are Amazon Web Services (AWS), Microsoft Azure, and Google Cloud (in that order, according to market share). They each offer an array of capabilities and conveniences—on top of data storage, customers can use them to build applications, run projects, track analytics, and more. Many customers, especially enterprises, have aspects they like of all three and make use of all of them. While diversity of options is good, managing different security tools for each one can be a headache and invite slip-ups. Could there be a more streamlined approach to keep these varied environments protected? There is: Microsoft Defender for Cloud is the only security solution that can natively provide cloud security posture management (CSPM) and cloud workload protection (CWP) for all three cloud platforms.
Businesses Embrace Multi-cloud Environments
Organizations overwhelmingly take a multi-cloud approach for storage and operations—according to the Flexera 2021 State of the Cloud Report, 92% of enterprises have a multi-cloud strategy. Respondents in their study averaged a use of 2.6 public clouds and 2.7 private ones. About half of these companies silo their workloads between clouds, and often they protect them with separate security tools. This multi-cloud environment can create opportunities for more vulnerabilities, and managing different security solutions can be an extra hassle. If organizations are using AWS, Azure, and/or Google Cloud, they now have the option to secure them all with one solution.
Microsoft Defender for Cloud
When you’re working with any cloud infrastructure, there are possibilities for misconfigurations to cause problems or create vulnerabilities. Especially with containerized development, if tools aren’t configured properly, they can present big security risks. Cloud security posture management (CSPM) is a way to detect such issues and manage the environment optimally. Another helpful part of CSPM in Microsoft Defender for Cloud is Secure Score, which gives a clear picture of the organization’s security posture across all clouds.
Workloads also need to be secured across multiple servers and containers, which is where cloud workload protection (CWP) comes in handy. This is designed to help customers prevent and remediate against threats where their workloads reside. It provides capabilities like vulnerability assessment, anomaly detection, behavioral analytics, anti-malware, and file integrity monitoring. Microsoft Defender for Cloud offers these instrumental cloud resources for any or all three of the top cloud platforms, from one centralized place.
Extension to AWS and Google Cloud
In November 2021, Microsoft began offering Defender for Cloud for AWS, together with increased attention to small to medium sized businesses and nonprofits, as part of a “security for all” initiative. This was also when the company changed the naming of a number of its products from “Azure” to “Microsoft” in order to clarify that its security solutions can be used in places beyond its own Azure cloud. The expansion to other clouds is similar to Microsoft’s support for operating systems other than those it produces: its software is available and supported on macOS, iOS, Android and Linux.
The support for Google Cloud Platform (GCP) is the latest addition in this branching out, announced in late February. Now Defender for Cloud can connect to GCP through native APIs and does not require any first-party tools from Google. It provides container protection for Google Kubernetes Engine (GKE) standard clusters, just as it does for the AWS Kubernetes service AKS. For servers, Defender for Cloud supports Google Compute Engine VMs with the same kinds of capabilities that Defender for Endpoint offers. It also includes security features such as behavioral alerts for virtual machines and adaptive application controls (AAC), as well as 80 out-of-the-box recommendations based on best practices and industry standards to get new customers off on the right foot.
The Azure cloud serves from more locations than any other cloud provider and offers many unique capabilities. But Microsoft knows that organizations are using other clouds too, most commonly AWS and Google Cloud. Even if your organization doesn’t have workloads in Azure, either or both of these other cloud platforms can be supported with the leading security solution Defender for Cloud. And simultaneous work in all three clouds is now as simple as working with just one of them in terms of security management. A more streamlined security foundation means less time managing different dashboards and more time doing the cool things that each cloud allows you to do for your business.
Also check out our post on the new Microsoft Purview for data governance and compliance.