Since its first introduction in 2019, the Azure Security Benchmark (ASB) has been widely used by our customers to secure their Azure environments, especially as a toolkit for Azure security implementation planning and helping report compliance on multiple regulatory standards.
Today, we are announcing the successor of the Azure Security Benchmark - the Microsoft cloud security benchmark. The Microsoft cloud security benchmark (MCSB) v1 is an expanded and enhanced version from Azure Security Benchmark v3 with a new layer of multicloud security guidance. Currently, a full set of security guidance for Amazon Web Services has been developed for all security domains in the Benchmark. In addition, you can now monitor the MCSB controls across Azure and AWS using Microsoft Defender for Cloud. Similar to Azure, MCSB monitoring is enabled by default in MDC for AWS environments, with GCP coverage coming soon.
The Microsoft cloud security benchmark aims to provide clear and concrete guidance on how to securely configure cloud resources hosted on your platforms to meet both security and compliance requirements. MCSB will enable organizations to accelerate both initial onboarding as well as ongoing onboarding/assessments of cloud environments.
What’s new in the Microsoft cloud security benchmark v1?
- Comprehensive multicloud security framework - Today we see that our customers often have to aggregate and reconcile their security management across multiple cloud platforms to meet security and compliance requirements. This often requires security teams to repeat the same implementation, monitoring, and assessments across different cloud environments and often for different compliance standards. This creates unnecessary overhead, cost, and effort. To address this concern, we enhanced ASB to MCSB to help our customers quickly work with different clouds by:
- Providing a single control framework to easily meet the security controls across clouds (AWS in Phase#1)
- Providing consistent user experience for monitoring and enforcing the multi-cloud security benchmark in Defender for Cloud
- Staying aligned with Industry Standard (e.g., CIS, NIST, PCI)
- 2. Automated control monitoring for AWS in Microsoft Defender for Cloud - You can use Microsoft Defender for Cloud's Regulatory Compliance Dashboard to monitor you Azure environment against MCSB just like with ASB. Defender for Cloud developed nearly 180 AWS checks for the new AWS security guidance in MCSB, allowing customers to monitor their AWS environment and resources in Microsoft Defender for Cloud.
- A refresh of the existing Azure guidance and security principles - We also refreshed some of the existing Azure security guidance and security principles during this update so you can stay current with the latest Azure features and capabilities.
What’s next?
- Develop the multicloud benchmark guidance for Google Cloud Platforms: Beyond the current multi-cloud coverage for AWS, we will also extend the scope to Google Cloud Platform in 2023. Like Azure and AWS, the automated control monitoring capabilities for GCP will also be added to allow you to use a single integrated dashboard to monitor you cloud security posture across all three major clouds.
- Adding more automated control monitoring in MDC: Beyond the 400+ control monitoring checks in MCSB, additional monitoring checks will be added to Microsoft Defender for Cloud to provide more comprehensive monitoring coverage for MCSB controls for both Azure and other clouds. The Defender for Cloud team is also working on a growing set of compliance management and evidence-gathering capabilities that will help you manage the benchmark requirements more holistically within the Microsoft Defender for Cloud portal.
- Publish additional security baselines using the MCSB controls under new format: As of today, we have published security baselines for 50+ Azure services based on the new Microsoft cloud security benchmark. Today, Azure customers use these baselines as part of their cloud service assessment process, and these baselines provide security guidance on how to meet the Benchmark requirements for a specific service. All service baselines that are currently on ASB v1 or v2 will be refreshed based on MCSB controls, which provide an easy-to-use format.