Protect your Google Cloud workloads with Microsoft Defender for Cloud
Published Feb 23 2022 06:00 AM 16.1K Views

Today, 92% of organizations embrace a multicloud strategy. Reasons range from having maximum flexibility to choose between cloud services, to cost optimization. While there are many benefits to using multiple cloud vendors, security teams often struggle with the resulting complexity.


In a recent survey, Microsoft interviewed more than 500 CISOs and found that Cloud Security remains the #1 concern and investment priority for security professionals, with Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) solutions at the top of their list.


After releasing support for AWS last November, today we’re excited to announce that Microsoft Defender for Cloud now supports Google Cloud Platform (GCP) with its native CSPM and CWP capabilities, without any dependencies on Google 1st party tools. The support for GCP comes with a simplified onboarding experience, more than 80 out-of-the-box recommendations to harden your environment, and more.


Organizations can now easily understand and manage their security posture across clouds and protect their workloads from a central place - no matter if they’re running in Azure, Amazon Web Services (AWS), GCP, or on-premises. It also makes Microsoft the only cloud provider who enables you to manage security centrally across clouds.


“I consider Microsoft Defender for Cloud invaluable for giving me the full picture of how to tighten security in our infrastructure.” David Finkelstein, CISO at St. Lukes University Health Network

Image 1: Overview of all 3 connected clouds in Microsoft Defender for Cloud dashboardImage 1: Overview of all 3 connected clouds in Microsoft Defender for Cloud dashboard


Understand and manage your security posture and compliance across clouds

Let’s dive into the details around the new security capabilities for Google Cloud.


The support for GCP was designed as an integral part in Microsoft Defender for Cloud, so that organizations can understand their security posture across their connected cloud environments from a single place.


One example of how we’re enabling this, is a central, multicloud view with a new Secure Score for all clouds combined and the ability to compare your compliance status against critical benchmarks such as Center of Internet Security (CIS) for GCP and AWS. This allows you to understand your organization’s cloud security posture as a whole - across all connected environments.


Image 2: Microsoft Defender for Cloud dashboardImage 2: Microsoft Defender for Cloud dashboard


To make it easy to understand and manage the security posture for GCP environments, Microsoft Defender for Cloud will provide more than 80 out-of-the-box recommendations to begin with. These are aligned to industry standards and security best practices, including a mapping to the CIS benchmark for Google Cloud.


Configuration oversight can open the door to threats in your environment, that’s why it’s critical to stay on top of common risks we see across environments. Some examples of critical recommendations that Microsoft Defender for Cloud now provides for resources in GCP include:


  • Cloud Storage buckets are anonymously or publicly accessible
  • Multi-factor authentication is not enabled for all non-service accounts
  • Cloud SQL database instances do not require incoming connections to use SSL


Image 3: Overview of recommendations for all connected cloud environments.Image 3: Overview of recommendations for all connected cloud environments.



And lastly, you can build custom recommendations to meet specific security or compliance requirements your organization may have.



Threat Protection for workloads in GCP

While managing risk is critical, preventing and responding to threats is equally relevant for a comprehensive cloud security strategy. That’s why we built new threat protection capabilities in Microsoft Defender for Cloud for native GCP workloads across containers and servers.


Starting today, container protection is available for Google GKE Standard clusters. With container adoption soaring because of their scalability and portability, they are critical in any cloud environment.


Microsoft Defender for Containers provides threat detection capabilities that include Kubernetes behavioral analytics, including anomaly detection for GKE clusters and underlying hosts, as well as security best practices and built-in admission control policies to harden Kubernetes workloads.


In addition to containers, Defender for Cloud has extended its server protection to support Google Compute Engine VMs, another critical workload type across most environments. The protection for server workloads leverages the powerful protection capabilities of Microsoft Defender for Endpoint such as EDR and attack surface reduction. In addition, it provides server-focused vulnerability assessment, behavioral alerts for VMs, OS recommendations across security baselines, antimalware, and missing OS updates, as well as Adaptive application controls (AAC) and File integrity monitoring (FIM).


Image 4: Overview of container specific alerts in Microsoft Defender for CloudImage 4: Overview of container specific alerts in Microsoft Defender for Cloud



Easy Onboarding in 1, 2, 3

We created an easy process to onboard Google Cloud environments to Microsoft Defender for Cloud. To enable the CSPM capabilities, we use the native Google APIs and will soon allow security teams to connect the entire organization or individual projects to Microsoft Defender for Cloud without the need for any agents or additional Google services.


The Defender for Cloud threat protection capabilities can be deployed to container and server workloads in GCP environments, using Azure Arc. Security teams have the flexibility to deploy at scale across all VMs and GKE clusters or within selected Google Cloud projects. Lastly, and to keep up with the dynamic provisioning of cloud resources, Microsoft Defender for Cloud can automatically provision container and server protections to new resources, as soon as they’re added to the GCP environment.


So while Azure is natively integrated into Microsoft Defender for Cloud, it’s super easy to onboard Google Cloud or AWS environments as well.


Security for the cloud of your choice

Microsoft is committed to helping organizations protect their whole environment—across clouds, platforms, and devices. We understand that organizations today have multicloud strategies, and we want to deliver an easy and seamless experience to secure and protect those environments - no matter if you choose Azure, AWS, GCP, or all three.


With the new support for Google Cloud Platform now in public preview, we’re enabling organizations to approach their cloud security holistically and from a single place with Microsoft Defender for Cloud.


  • Secure and protect your GCP, AWS, and Azure environments
  • Assess and strengthen the security configuration of your cloud resources
  • Manage compliance against critical industry and regulatory standards
  • Protect critical workloads including containers, servers, and more against malicious attacks


More information:

Version history
Last update:
‎Mar 01 2022 02:06 PM
Updated by: