There are so many changes in the cloud every day, that it is quite challenging to catch up with everything. The environment, services, functionality … all are the subject of continuous improvement. It is sometimes unbelievable, when I look back, to recall the beginning of Azure, and then compare it with what I see now.
Having in mind constant novelties in the cloud, I share today a few recent news from Azure realm.
Azure CloudKnox for multi-cloud permission’s management
As you may be aware, Microsoft strongly supports Zero Trust. The identities within the cloud, are crucial aspect to defended. Therefore the strengthening of identity security is important. The protection and management of identities can be especially tricky, within multi-cloud realm. The big question is, how to manage all those constantly changing identities and permissions? The solution proposed by Microsoft is CloudKnox Permission Management, for which the public preview was announced. This tool gives you the visibility into identities across different Cloud Service providers. It improves multi-cloud manageability and monitoring of permissions and aids to remediate suspicious activities.
2 Extension of multi-cloud capabilities in Microsoft Defender for Cloud
Microsoft Defender for Cloud is the tool which formerly was known as Azure Security Center. However, due to the integration with other CSPs, the change of the name probably ease the understanding of its scope.
What Defender for cloud does?
It support the protection of multi-cloud and hybrid environments through:
- Ongoing assessment of your cloud landscape security posture
- Improving the security of your cloud workloads by using built-in security best practices and industry standards
- Protecting your environment through the detecting and resolving the threats to your resources.
What is new?
Not only Microsoft Defender for Cloud supports Azure, not so long ago the integration with AWS has been added. And recently, Microsoft announced native integration for GCP.
What does Defender for Cloud provide for GCP:
- Overall secure score for GCP and multi-cloud
- Over 80 predefined recommendations in line with benchmarks – including:
- security best practices to harden K8 workloads
- recommendations for operating system baselines, antimalware and missing updates
- Simple onboarding to the service – based on native GCP API
- Protection of your container and server based workloads in GCP – supports GKE standard clusters and GCP Compute Engine VMs
3 MS Sentinel improvement of security data analyzes
The Sentinel is powerful Micrsooft SIEM solution. It supports not only Azure resources, but also other clouds. It offers out-of-the-box integration with AWS. For GCP it requires some more development of the rules. Due to the fact, that it collects lots of security related data, there is a strong need to process such load. In the announcement, Microsoft stated that they intend to provide integration with Synapse. This will enable the option for big data analytics with short and long term logs. Additionally, they are working on improvement of security data analyzes to provide comprehensive threat hunting solutions. The new log type was introduced. Currently the retention policy for log is 7 years, previously it was 2.
Portfolio updates
There are more updates in scope of Azure platform, however here I have focused only on a few related to multi-cloud.