Let's Cross the Streams with Microsoft Defender for Cloud
Egon: Don't cross the streams.
Egon: It would be bad.
Cloud Builders: But this is multi-cloud!
Hey Builders! Something just happened that has crossed the streams once and for all: Microsoft Defender for the Cloud!
When Jeff Bezos mandated APIs everywhere, he meant just that. So if anyone can reach any AWS service via APIs, who’s to say AWS' competitors wouldn't?
Microsoft Defender for Cloud (formerly Azure Security Center and Azure Defender) is a brand new "single point of control" for securing Azure and AWS environments. It allows customers with an Azure Portal account to read and control their security footprint in AWS without using AWS Security Hub. As a bonus, if you use AWS Organizations and bring in your AWS master account to Defender, new AWS accounts will automatically be onboarded into Defender.
Once enabled, Defender will integrate information from both your Azure and AWS environments. You get security scores for continuous assessments, recommendations for hardening both environments, and alerts to help you defend your cloud resources. That means improved cloud security posture management (CSPM). Put that into your next security report. Builders... managers love hearing acronyms.
The one element that caught my eye is Defender's integration with Microsoft Threat Intelligence. The type and level of protection are tied to your subscription, which should orient towards your organization's security needs. As a recommendation, I would check Microsoft Defender for Storage. It's about data. So if information starts flowing around in strange ways, Defender can detect and alert your SOC to suspicious activity.
As a bonus, Defender also has protection for workloads in Amazon Elastic Kubernetes Service (EKS), which is worth noting. Kubernetes allows for easy migration as well as cloud provider agnostic deployments. Defender gives customers the ability to slingshot Kubernetes security, whether in Azure or AWS, into a single management view. That, in my opinion, is significant.
We are moving to a default, multi-cloud world. The provider that offers the most integrations is going to lead. For companies like Oracle, it was a wake-up call to integrate with Azure. Azure, clearly one of the top two leaders in the space, is learning from this strategy. With more and more organizations moving to multi-cloud, having a single point of control for anything can be advantageous. Expect Microsoft to extend Defender to other platforms such as Google Cloud and on-premise resources.
And remember: training, training, training! You’re heading for a multi-cloud world, so make sure you and your team have the correct information. INE's multi-cloud, provider-specific, and security-focused training will make that transition easier. From vendor-agnostic training to certification preparation and hands-on labs, our comprehensive suite of training material will help you achieve all of your Cloud training goals.
See you out there, Builders!