Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
New expanded visibility into multicloud data security in Microsoft Defender for Cloud
Published Sep 26 2023 07:23 AM 7,342 Views

Author:

Asaf Nakash (@Asaf_Nakash), Senior Program Manager, Microsoft Defender for Cloud

 

Co-authors:

@Catalin Esanu, Senior Program Manager, Microsoft Defender for Cloud

@Maayan Naaman Rand , Senior Program Manager, Microsoft Defender for Cloud

 

In recent years we’ve witnessed an accelerated migration of data to the cloud with data sprawl with security blind spots as unintended consequences. Attackers have turned their attention to finding these “unknown unknowns” and easily exploit unintentionally misconfigured and exposed cloud data resources. It should come as no surprise that it’s more critical than ever to identify where sensitive data exists and is accessed in resources across increasingly complex, distributed, and dynamic multicloud environments.

 

Organizations are challenged with discovering these blind spots across their cloud data estate. Without proactive mitigation, misconfigurations can jeopardize sensitive data if the data resource is exposed or if it’s under an active attack. Top concerns that organizations have in the cloud include loss of sensitive data, improper configuration and security settings, and unauthorized access[1]. Without proper visibility into your cloud data estate to determine where sensitive data is stored, how those resources are configured and accessed, organizations are at a great risk of a cloud data breach.

 

[1] Measuring Risk and Risk Governance | Survey Report | CSA (cloudsecurityalliance.org)

 

Pioneering data-aware security posture

In March 2023, we launched our data-aware security posture offering as part of Defender Cloud Security Posture Management (CSPM) as part of our broader investments in Defender for Cloud to strengthen our world-class cloud-native application protection platform (CNAPP). Data-aware security posture offers built-in visibility into the security of your multicloud data estate, empowering security teams to take a proactive approach to identifying and remediating potential points of sensitive data exposure and reducing the risk of breach.

 

As organizations adopt increasingly complex and dynamic multicloud environments, it’s essential to have a unified and holistic view of their cloud data security, including potential risks and active threats. To accomplish this, security teams should be able to answer these questions:

  • What does our cloud data estate look like?
  • Which data resources contain sensitive data?
  • What types of sensitive data exist in those data resources?
  • What type of security coverage is applied on those data resources?
  • What potential attack paths can impact my sensitive data?
  • What active threats can impact my sensitive data?
  • How is my data security posture changing over time?

Today, we’re excited to share the next phase of our cloud data-aware security offering with expanded multicloud sensitive data discovery coverage and a new unified cloud data security dashboard.

 

New sensitive data discovery for multi-cloud storage and managed databases

Microsoft Defender Cloud Security Posture Management (CSPM) offers a rich set of data-aware security posture capabilities for managed databases and object stores across clouds to identify potential risks to an organization’s multicloud data estate.

 

Today, we are expanding our data-aware security capabilities to include frictionless sensitive data discovery for managed databases starting with Azure SQL databases and AWS RDS instances. This additional coverage will allow customers to discover their critical databases that contain sensitive data, and the type of sensitive data found in those databases.

 

The addition of sensitive data discovery for Azure and AWS databases complements the shared taxonomy and configuration to the existing generally available coverage of storage resources – Azure Blob Storage and AWS S3 buckets, and the recently announced public preview for Google Cloud Storage buckets.

 

Customers using Defender CSPM can now use a single set of policies and configurations across their multicloud environments, simplifying the management and maintenance of their security posture. By providing a unified approach to sensitive data discovery, Defender CSPM can help organizations apply a consistent approach to reducing the risk of sensitive data exposure across their Azure, AWS, and GCP cloud data estate.

 

Once Defender CSPM is enabled with sensitive data discovery, Azure SQL Databases and AWS RDS instances will be scanned and discovery results will be available within 24 hours. Discovered databases can be viewed and queried within the Cloud Security Explorer.

 

Gaining visibility with the new data security dashboard

Cloud data security information is available across Defender CSPM and our cloud workload protection plans for storage and databases. Previously, customers looking to understand their data security risks and threats and prioritizing remediation efforts were required to put in manual effort which could be time-consuming and potentially detrimental to their data security.

 

We’re pleased to share the public preview of a new data security dashboard in Defender for Cloud, boosting security team effectiveness to reduce the risk of data breaches and detect threats to data in the cloud. This new experience allows customers to monitor and manage cloud data security at scale.

 

Data Security DashboardData Security Dashboard

 

 

 

 

The data security dashboard provides a centralized, complete and current view of the state of your cloud data estate. The data security dashboard helps you to:

  • Discover your complete multicloud data estate across managed and hosted data resources
  • Understand your Defender for Cloud protection coverage and gaps across data resources
  • Gain insight on which protected data resources contain sensitive data and the types of sensitive information they contain
  • Use built-in data query templates to speed up cloud security explorer results
  • Focus on sensitive data resources that require attention as a result of active threats or potential risks to your sensitive data
  • View changing trends of resources with sensitive data that require attention to analyze improvement of data security posture over time

 

Get started with data-aware security in Defender for Cloud

We encourage you to benefit from Defender for Cloud’s cloud data security offering by enabling sensitive data discovery in Defender CSPM, Defender for Storage, and Defender for Databases.

 

Version history
Last update:
‎Sep 26 2023 11:21 AM
Updated by: