Exploring the Growing Impact of Microsoft’s Cloud Security Posture Management on Google Cloud

Microsoft Rounds Out Cloud Security Posture Management Capability with Support for Google Cloud Platform

Microsoft is expanding its cloud security posture management (CSPM) capability by adding support for Google Cloud Platform (GCP) to Microsoft Defender for Cloud. CSPM has become an integral part of cloud-native application protection platforms and provides automated monitoring for hybrid and multicloud environments to ensure compliance with risk and compliance requirements. With the inclusion of GCP starting August 15, Microsoft Defender for Cloud administrators will have visibility into misconfigurations and risks across their entire AWS, Azure, GCP, and on-premises environments.

Catching Up to Competitors

While Microsoft’s move to add support for GCP is significant, some in the industry believe it is long overdue. Other security vendors already offer multicloud CSPM capabilities, including Check Point, Cisco, CrowdStrike, IBM, Orca, Palo Alto Networks, Qualys, Skyhawk, Sysdig, Trellix, Trend Micro, VMware, Wiz, and Zscaler, among others. Despite operating one of the largest public clouds, Microsoft’s multicloud approach to CSPM is seen as a way to provide customers with a unified solution for managing their diverse cloud environments.

The Importance of Normalizing Risk

Microsoft cites a survey from IT tools management provider Flexera, which reveals that 90% of enterprises have multicloud environments. Each cloud platform has unique architectures, making it challenging for organizations to monitor workloads consistently. CSPM capabilities play a crucial role in collecting and normalizing data from different cloud service providers, allowing for easier comparison and analysis. Microsoft Defender, designed to support multiple cloud environments, aims to reduce dependence on third-party vendors for CSPM and provide customers with a comprehensive solution.

Industry Perspective on Microsoft’s Move

Mike DeNapoli, director and cybersecurity architect at Cymulate, questions why a GCP shop would turn to Microsoft for cloud security. He argues that while CSPM is essential, it alone does not provide a complete picture of resiliency. However, Chen Burshan, CEO of Skyhawk Security, believes that CSPM has become a commodity and should be included as a standard feature on cloud platforms. Cymulate expanded its Exposure Management and Security Platform for AWS, Azure, and GCP in anticipation of the growing demand for CSPM capabilities.

Microsoft’s Cloud Security Graph

In a blog post announcing the forthcoming GCP support, Vasu Jakkal, Microsoft corporate VP for security, compliance, identity, and management, highlights that Defender CSPM uses Microsoft’s cloud security graph. This graph database comprehensively understands relationships between different cloud assets, allowing security professionals to prioritize potential risks. Microsoft has populated the graph database across all three major cloud platforms (AWS, Azure, and GCP). Raviv Tamir, Microsoft’s chief of security product strategy, explains that the graph database enables administrators to query the relationships between assets and obtain valuable insights.

Enhancements and Data Discovery Capabilities

Microsoft is continually enhancing its graph database to include data from its Microsoft Vulnerability Management (MVM) offering. This inclusion allows CSPM to mark external assets and monitor potential risks associated with assets exposed to the internet. Additionally, Microsoft has expanded Defender CSPM’s data discovery capabilities to include GCP Cloud Storage, enabling administrators to identify over 100 types of sensitive information and analyze attack paths using the cloud security graph.

Microsoft Cloud Security Benchmark and Purview Audit

To further assist organizations in maintaining secure cloud environments, Microsoft provides multicloud policy monitoring through its Microsoft cloud security benchmark (MCSP). MCSP is a cloud-based control framework mapped to compliance standards like CIS, PCI, and NIST. While MCSP support is generally available in AWS and Azure, it is currently in preview in GCP via the regulatory compliance dashboard in Microsoft Defender for Cloud.

Last month, Microsoft announced expanded free access to cloud logs using Microsoft Purview Audit in response to customer feedback. Purview Audit records and retains thousands of user and administrator operations across various Microsoft 365 offerings, aiding organizations in their investigations of security incidents.

Editorial and Advice

The addition of GCP support to Microsoft Defender for Cloud’s CSPM capability is a significant step for Microsoft in providing comprehensive cloud security solutions. While some may argue that Microsoft is catching up to competitors, their multicloud approach and integration of CSPM into their cloud security graph demonstrate their commitment to addressing the unique challenges of multicloud environments.

For organizations operating in multicloud environments, it is crucial to prioritize cloud security posture management. CSPM allows for real-time visibility into misconfigurations and risks, ensuring that cloud environments align with compliance and risk requirements. However, organizations should be cautious not to solely rely on CSPM and recognize its limitations in providing a holistic view of resiliency.

Microsoft’s cloud security graph and its capabilities in collecting, normalizing, and comparing data from different cloud platforms are commendable. This unified approach streamlines security management and reduces dependence on third-party vendors for CSPM. However, organizations should carefully evaluate their specific needs and consider alternative CSPM solutions offered by vendors specializing in cloud security.

As the multicloud landscape continues to evolve, organizations should prioritize a comprehensive cloud security strategy that includes continuous monitoring, vulnerability management, data discovery, and compliance tracking. By carefully selecting and integrating multiple security solutions, organizations can ensure the protection of their critical assets and maintain resilient cloud environments.