Microsoft Defender for Cloud comes to Google Cloud

Microsoft has brought its Defender for Cloud security system for weeding out configuration weaknesses in workloads to Google Cloud Platform (GCP). 

The extension of Defender for Cloud brings the security offering in line with the same Defender for Cloud security services Microsoft currently offers for workloads on Amazon Web Services (AWS). 

The two key Defender for Cloud services are Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) — two categories of security products that address cloud misconfigurations.

Eric Doerr, corporate vice president of Cloud Security at Microsoft, noted there are no dependencies on Google’s own tools, easy onboarding from GCP workloads, and more than 80 recommendations to harden an environment in GCP or AWS. Microsoft’s own Azure of course is already integrated into Defender for Cloud.

There is a dashboard that offers a quick overview across multiple clouds and a Secure Score for environments in those clouds. The recommendations include alerts about cloud storage buckets that are publicly accessible, alerts when multi-factor authentication (MFA) isn’t enabled for all non-service accounts, and where cloud SQL database instances don’t enforce incoming connections to use SSL encryption. 

There’s also extensive support for containers and servers as well as container protection for Google Kubernetes Engine (GKE) Standard clusters. 

Additionally, there is server protection to support Google Compute virtual machines, which relies on Defender for Endpoint and covers vulnerability assessments to behavioral alerts for VMs, anti-malware, and OS updates that need to be applied. 

As for multi-cloud, Microsoft believes it is the right time for security solutions that bridge major clouds, compounded by the ongoing shortage of time and talent in cybersecurity. 

“We’re hearing more and more from customers that they want simplicity and that they don’t want the complexity of ten different products that they’re using. They’re having a hard time defending the cloud infrastructure that they have,” Doerr said. 

“There has also been a shift from multi-cloud by accident to multi-cloud by intent. It’s core to the strategy of an increasing number of customers. They’ve got a reason why they’re doing that and yet it’s super hard for security teams.”

Doerr reckons organizations have much to do to get ahead of the type of cybersecurity threats that prompted the Biden Administration’s new cybersecurity strategy for federal agencies. Yet it’s the simple stuff, like not patching or not using multi-factor authentications, where most organizations fall prey to attacks on their IT systems. 

“In the vast majority of cases when we’re helping customers respond to in a breach, even the the most sophisticated attackers, an awful lot of those start with something very simple like not using MFA, not having a good password policy, leaving a management port open on a piece of cloud infrastructure, patches not up to date,” said Doerr.  

“Sophisticated attackers have a toolkit that includes the basic stuff and they try that first and if it works then they don’t need to spend the time on more advanced techniques. Part of the journey here as an industry is how do we raise the minimum bar. If we can get to the place where most organizations are nailing the basics of security, it will make a really big difference.”