Microsoft Defender for Cloud is expanding its cloud security posture management (CSPM) capability to include Google Cloud Platform (GCP), according to an announcement made by Microsoft on Wednesday. While this move is seen as a positive step by many, some industry experts believe that it is long overdue.
CSPM has become a crucial component of cloud-native application protection platforms (CNAPPs), providing automated monitoring to ensure that hybrid and multicloud environments are aligned with organizations’ risk and compliance requirements. Microsoft introduced CSPM as a feature of Defender for Cloud with support for AWS in 2021 and released the initial version in April.
With the addition of GCP starting on August 15, Microsoft Defender for Cloud administrators will have visibility into misconfigurations and other risks across their entire AWS, Azure, and GCP environments, as well as their on-premises compute resources. This move allows Microsoft to compete in a crowded field of security vendors offering multicloud CSPM capabilities.
However, some experts question why a GCP shop would turn to Microsoft for cloud security. Mike DeNapoli, director and cybersecurity architect at Cymulate, argues that CSPM alone does not provide the full picture of resiliency and suggests that organizations should consider other security vendors for their cloud infrastructure needs.
Nevertheless, Microsoft’s multicloud approach to CSPM is seen as a valuable offering for enterprises with multicloud environments. A survey from IT tools management provider Flexera indicates that 90% of enterprises now operate in multicloud environments. Since each cloud provider has unique architectures, there is no standardized approach to monitoring workloads across environments. Microsoft Defender for Cloud aims to address this challenge by supporting multiple cloud platforms and providing customers with a more comprehensive view of their security posture.
According to Melinda Marks, senior analyst at Enterprise Strategy Group, Microsoft Defender’s ability to support multiple cloud environments gives customers an alternative to relying on third-party security providers. By collecting and normalizing data from different cloud service providers, Microsoft Defender helps organizations compare and prioritize risks more effectively.
Chen Burshan, CEO of Skyhawk Security, suggests that CSPM has become a commodity and should be a standard offering from cloud platforms. His company provides CSPM for free and believes that other platforms should do the same.
Microsoft is leveraging its cloud security graph to enhance its CSPM capabilities. This graph database, populated across AWS, Azure, and GCP, allows security professionals to prioritize potential risks by providing contextual insights from code, identities, data, internet exposure, compliance, and attack path analysis.
Raviv Tamir, Microsoft’s chief of security product strategy, explains that the graph database enables administrators to query the relationships between different assets and understand their impact on each other. Microsoft is also enhancing the graph database to accept data from its new Microsoft Vulnerability Management (MVM) offering, which allows CSPM to mark external assets.
In addition to GCP support, Microsoft is expanding Defender CSPM’s data discovery capabilities by adding GCP Cloud Storage scanning. This enhancement will enable security administrators to identify over 100 types of sensitive information and analyze attack paths using the cloud security graph.
Microsoft is also offering multicloud policy monitoring for free through its Microsoft cloud security benchmark (MCSP), a cloud-based control framework mapped to compliance standards such as CIS, PCI, and NIST. MCSP support is already available in AWS and Azure and is currently in preview in GCP.
This expansion of Microsoft Defender for Cloud’s CSPM capabilities comes on the heels of Microsoft’s announcement that it would provide free access to cloud logs using Microsoft Purview Audit. This move was made in response to feedback from organizations that encountered difficulties during incident response due to the fee structure for logging services.
Overall, Microsoft’s decision to support GCP in its CSPM offering is seen as a positive step toward providing customers with a more comprehensive view of their security posture in multicloud environments. By leveraging its cloud security graph and offering features such as data discovery and policy monitoring, Microsoft aims to compete with other security vendors in the growing market for multicloud CSPM capabilities.