[11/2/2021 Update - The article below leverages the legacy AWS Connector. For more information about the new AWS Connector released at Ignite 2021, watch this presentation from Ignite]
According to a recent study, cloud misconfigurations take an average 25 days to fix. This number can even be higher if you are managing the cloud security posture across multiple providers without having an aggregate visualization of the current security state of all cloud workloads. Not only it becomes a challenge to understand the current security state, but also to manage multiple dashboards and prioritize which issues should be resolved first.
When you enable Microsoft Defender for Cloud you will be able to connect to AWS and GCP using native Microsoft Defender for Cloud connectors. Once you connect to each cloud provider, you will be able to use the Security Recommendations to quickly filter the environment and see only the recommendations that are relevant for the cloud provider that you want, as shown below:
You can also quickly identify resources on each cloud provider by using the Inventory dashboard, by using the Cloud Environment filter as shown below:
In addition to all that, you can also take advantage of centralized automation by leveraging the Workflow Automation feature to automate response for security recommendations generated in Azure, AWS or GCP.
The security recommendations are relevant for the cloud security posture management scenario, which means that you drive the enhancement of your security posture across multiple cloud providers by remediating those recommendations. However, this is not the only scenario available for multi-cloud, you can also use the following Microsoft Defender for Cloud plans to enhance your workload protection. When planning cloud workload protection for workloads in AWS and GCP, make sure to first enable the VMs to use Azure Arc, once you do that, the following Microsoft Defender for Cloud plans will be available across Azure, AWS and GCP:
The potential alerts generated by workloads protected by those plans is going to be surfaced in the Security Alerts dashboard in Microsoft Defender for Cloud. Which means that you again will have a single dashboard to visualize alerts across different cloud providers. These alerts can be streamed to your SIEM platform using Continuous Export feature in Microsoft Defender for Cloud.
Prior to implementing your multi-cloud adoption using Microsoft Defender for Cloud, it is important to consider the following aspects:
When connecting with AWS
When connecting with GCP
The resources below will be useful for you to implement this multi-cloud capability in Microsoft Defender for Cloud:
Reviewer
Or Serok Jeppa, Program Manager
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.