Microsoft is the latest software company to introduce cloud security posture management (CSPM) software tools. The interesting twist? From within the Azure Security Center service, MSSPs and customers can address CSPM across Azure, Google Cloud Platform and Amazon Web Services (AWS) environments.
Numerous software companies offer multi-cloud CSPM capabilities. But Microsoft commitment to supporting GCP and AWS shows just how far the software and cloud company has come since the "Windows-only" mindset ended a few years ago.
Finding and Fixing Azure, AWS and Google Cloud Misconfigurations
Fast forward to current day, and the big issue facing cloud security typically involves customers and service providers misconfiguring Azure, Google Cloud and/or AWS. Indeed, 90 percent of organizations are susceptible to security breaches due to cloud misconfigurations, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed” from application lifecycle security company Aqua Security.
Armed with CSPM tools, MSSPs and customers can discover the cloud misconfigurations and then take corrective action. Amid that simple value proposition, demand for CSPM tools appears to be strong. Indeed, 41 percent of our Top 250 MSSP survey participants in 2021 said they now offer cloud security posture management (CSPM) to their end customers, MSSP Alert research found. We consider that to be a strong figure, considering that the CSPM market is fairly new.
In Microsoft's case, the CSPM feature provides Azure Security Center users with a unified multi-cloud view that includes Google Cloud and AWS security alerts, Microsoft noted. That way, Azure Security Center users can gain insights into security vulnerabilities across their cloud environments.
Microsoft Announces Azure Security Updates
Beyond the CSPM capabilities, Microsoft also announced several Azure security updates, such as:
- Rebranding of Azure Security Center for Internet of Things (IoT) as Azure Defender for IoT
- Integration of CyberX's agentless capabilities into Azure Defender for IoT
- Preview of user and entity behavior analytics (UEBA) for Azure Sentinel security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution
- Addition of a single-tenant hardware security module to Azure Key Vault storage service
- Introduction of the Azure Security Benchmark v2, which includes National Institute of Standards and Technology SP 800-53 controls and ongoing support for Center for Internet Security control framework v7.1
- Addition of Customer Lockbox feature for more than 20 Azure services
- Preview of Customer Lockbox for Azure Government Cloud
- Use of two layers of encryption Azure data at rest or in transit
Microsoft also continues to explore ways to provide Azure tools to help users remain secure and work remotely, the company said.