Protecting multi-cloud environments with Azure Security Center

We’ve heard from many of you that multi-cloud adoption is becoming a standard operating model for your organization and that it’s challenging to have the right security controls and posture across your environment. Historically, security teams have not had effective tools to secure multi-cloud infrastructure, and often they needed to address the problem by adding more people.

This is why in September we introduced multi-cloud security support in public preview, and today we are excited to announce the general availability of these capabilities. Now you can onboard multi-cloud resources to Azure Security Center, such as Google Cloud Platform (GCP) and Amazon Web Services (AWS), you can protect your servers with Azure Defender for Servers based on Azure Arc, and we’ve added multi-cloud support to Azure Secure Score, making it easier to focus on the most important things to improve your overall security posture.

Thycotic Logo

“Now that Microsoft supports multi-cloud environments—Amazon Web Services and Google Cloud Platform—there’s no reason for us to look at any other vendor. We get everything we need with Azure Defender.”—Terence Jackson, Chief Information Security and Privacy Officer, Thycotic

Learn more about the Thycotic case study.

When we started developing Azure Security Center, our charter was clear—be the best solution to protect Azure Resources. As we listened to customers, we clearly heard the need to protect resources in multiple clouds, and the desire to simplify tools to manage multi-cloud. We have grown to support these broader needs. Azure Security Center now protects not only hybrid but also multi-cloud resources, including AWS and GCP. The following functionality is now generally available to our customers:

  • Customers can connect their AWS or GCP accounts to ASC to get a unified multi-cloud view of security posture. Specifically, AWS Security Hub and GCP Security Command Center detected misconfigurations and findings are now included in our Secure Score Model and Regulatory Compliance Experience.
  • Azure Defender for Servers leverages Azure Arc to simplify the on-boarding and security of virtual machines running in AWS, GCP, and hybrid clouds. This includes automatic agent provisioning, policy management, vulnerability management, embedded EDR, and more.
  • These new features complement the multi-cloud support for Azure Defender for SQL that was released in December.

In addition to new multi-cloud support, Azure Security Center continues to be one of the best of breed solutions to protect Azure resources. Today we are improving the richness of security recommendations in Azure by turning on Azure Security Benchmark as the default security policy for Azure Security Center.  As a result, Azure Secure Score now reflects a much broader set of recommendations and spans a broader set of Azure resources.

Also, the full control set layout of the Azure Security Benchmark in the compliance dashboard is now available to all Azure Security Center customers, including Azure Security Center free tier as well as the existing Azure Defender customers. Customers can now view their compliance relative to the benchmark controls in compliance view while viewing the detailed impact on their Secure Score. By prioritizing remediation of security recommendations using Secure Score metrics, customers can achieve a higher Secure Score and attain their compliance goals, all at the same time.

Finally, in response to your feedback, we have added the ability to exempt resources from the Secure Score both at a subscription level and now at a management group level. This is most useful in cases where you have a third-party technology in place to address a recommendation, such as turning on multi-factor authentication (MFA).

Multi-cloud is going to be a big area of focus for you—and for us—going forward. We are committed to supporting your broad security needs, by continuing to expand our multi-cloud and hybrid support, as well as continuing to provide best of breed solutions to secure Azure. For more information, please visit the Azure Security Center and the Azure Security Center documentation. We are here to listen and build great products that help you thrive—keep the feedback coming.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.