Microsoft’s Beefed up Azure Security to Stem Cloud Threats and Lock Users In

November 8, 2019 concluded the week-long Ignite Conference, which Microsoft runs for Information Technology (IT) professionals and developers every year. The conference is a mixture of Microsoft speaker sessions, certification training, and product announcements. This year, Microsoft announced a spate of additional security and compliance features in its Azure and Microsoft Office 365 solutions, as well as plans to extend the scope of some of its existing security offerings. The announcements are timely, especially in light of the Capital One hack, which put a bit of a damper on the “all-in” for public cloud. Amazon, not to be deterred, put off blame, but Microsoft is more shrewdly capitalizing on the fallout by announcing some reinforced security on both the defensive and offensive fronts.

Microsoft’s announcements can be broadly categorized into four buckets:

1. Better Intel: A couple of solutions here are aimed at helping clients to better collect and analyze event data. Azure Sentinel (a security analytics tool) will have new connectors to third-party security systems (i.e., Zscaler, Barracuda, and Citrix), and leverage Machine Learning (ML) for prioritization. The Microsoft Defender Advanced Threat Protection (APT) solution will also be expanded to cover MacOS and Linux servers as well. Further, a new insider risk management solution for Microsoft Office 365 aims to catch and fix internal threats and will also leverage third-party systems (like human resources systems) to broaden its scope. Finally, the Azure Security Center will include new capabilities to find misconfigurations and threats for containers and Structured Query Language (SQL) in Infrastructure-as-a-Service (IaaS) in direct response to the Capital One breach. 
2. Stronger Identities: Firstly, Microsoft is championing multi-factor authentication by making Microsoft Authentication available to customers for free as part of the Azure Active Directory (AD) plan. Second, a new lightweight agent for moving identities around the cloud will be enabled with Azure AD Connect cloud provisioning. Microsoft is also announcing partnerships with third-party authentication providers to ensure secure hybrid access (i.e., F5 Networks, Zscaler, Citrix, and Akamai).
3. Simplifying Compliance: With the General Data Protection Regulation (GDPR) in full effect, Microsoft is offering a few new tools to better manage compliance in Office 365, with a compliance center (viewing data classifications and training classifiers with ML) and a compliance score (mapping configuration settings to regulations and standards).
4. Containing Threats: A new hardware-level and container-based solution is planned for Office, Application Guard, aims to minimize threats in Word, Excel, and PowerPoint files (using Microsoft Defender APT).  Further, an Azure Firewall Manager has been announced to better manage multiple firewall deployments, offering support for new firewall deployment topologies.

Public cloud providers already offer a broad range of security tools that, when leveraged correctly, can make the platforms and their usage ironclad. And yet, complexity and human error can suffice to weaken that one link that will let in a malicious intruder, despite the vast resources at the disposal of the providers and their users.

Certainly, Microsoft has managed to address some of the more common pain points associated with running cloud services and office tools. Many of the firm’s announcements focus on security simplification; this is key, especially as cloud environments can be extremely complex to configure and manage, even for those well-versed in the offerings. Visibility is critical to good (and continuous) security management, but the tools also need to provide a level of ease of use that can allow for effortless and rapid modification when a situation arises.

Cue ML, which can provide much-needed intelligent automation in complicated and expansive environments. Microsoft’s forte here will help to alleviate some of the security burdens of cloud management. Finally, Microsoft is conscious of the need to integrate and hook up with third-party solutions to provide a comprehensive offering. Overall, these security announcements will help to improve security visibility and boost confidence that companies can still go “all-in” on public cloud. 

Most importantly, the additional offerings will help to lock users into the Azure platform. With more security features (and easier management) available, they require less external security support. While Microsoft does expand on third-party integration, it still aims to provide its platform as the single pane of glass through which users manage the security of both Azure and other vendor platforms.  Further, this lock-in will obscure visibility for those security providers that are not Microsoft partners, or even alternative secure cloud solutions such as those emerging in the decentralized computing and storage space.

Security providers in the cloud space will have to ensure they have effective cloud-agnostic offerings that can be easily implemented even where they don’t have partnerships in place with the big public cloud service providers. This will be key to ensuring they can remain relevant in the cloud security market that is increasingly dominated by the cloud providers themselves.