Microsoft Bolsters Cloud Security
Feb 29, 2016 11:59 AM PT
Microsoft last week announced measures to improve security management and transparency for Azure cloud services and Office 365.
The features, which come from technology Microsoft acquired last year when it purchased Adallom, will bolster security in cloud apps such as Office 365, Box, Salesforce, ServiceNow and Ariba.
A security app for Office 365 called "Microsoft Cloud App Security" will provide security management and reporting features that will give customers better visibility, control and security for data hosted in cloud apps, the company said.
The reinforcements are the first of a series of planned measures. The goal is to integrate broad measures rather than make isolated patches.
"We are talking to enterprise customers about evolving their security posture from a simple protect-recovery model to a more holistic posture that includes protect, detect and respond capabilities," Microsoft spokesperson Reed Turner said.
The company is investing in three key areas: secure platform, intelligent security graph and working with partners, he told the E-Commerce Times.
Enterprises need an agile platform that will allow them to appropriately secure their identities, devices, applications, data and infrastructure wherever it is located -- in the cloud, on-premises or both, the company said.
That requires a secure platform across all endpoints, from simple sensors to complex infrastructure inside data centers.
Microsoft has build an intelligent security graph that can learn from one area and apply that knowledge across the platform. Behavioral approaches to threat detection can rapidly recognize and respond to new threats, Turner said.
The platform is bolstered by a team effort with other technology partners that have particular strengths and innovative approaches.
"Microsoft's approach has evolved to reflect the realities of our mobile-first, cloud-first world," said Turner.
Security Plan Highlights
Key features of the security upgrade include the following:
- Azure Security Center received additional security management and reporting options to allow customers to set different policies for different types of workloads.
- A new Power BI Dashboard allows customers to better visualize, analyze and filter security alerts from any of their systems and devices to discover possible attack patterns and trends.
- The Microsoft Operations Management Suite has a new dashboard to better show details about network activity, authentication events, malware incidents and system updates across customer data centers.
- The Azure Security Center can collect crash events from Azure-hosted virtual machines, analyze them, and alert customers of potential compromises.
- Azure Active Directory Identity Protection is a new feature to be previewed next week to detect suspicious end user activities by using Microsoft's data on brute force attacks, leaked credentials, authentications from unfamiliar locations and known infected devices.
"These enhancements, which cover both core security and content-level controls, will do well to reassure customers about their data in Microsoft's cloud," said Scott Petry, CEO of Authentic8.
Browser BlundersRegardless of the cloud security enhancements, the Web browser will remain a concern.
Bad guys' favorite attack surface is not the cloud vendors' infrastructure -- it is the browser, Petry told the E-Commerce Times.
"Users who access cloud-based resources use a browser that is fundamentally insecure and unmanageable. The company data may be safe within the Azure/365 environment, but when a user connects to other non-Microsoft Web services or accesses the data from home devices, these security measures can fall short and data can be exposed," he said.
To mitigate that issue, Petry urged the use of a policy-controlled virtual browser. By running a virtual browser in a secure, cloud-based container, no Web code ever reaches the client device.
"With the browser running centrally, it can be configured to enable or restrict key functions like secure login, data access and data transfer," he noted.
Consumers of Azure and Office 365 will gain deeper visibility into user activity and behavior. Security professionals will have the capability to see who is accessing what and what changes are made, said George Gerchow, faculty member at the Institute for Applied Network Security.
"This is very hard to do on-premises. I would argue that this functionality is easier to do off-premises by leveraging APIs," he told the E-Commerce Times.
In terms of security ratings, Azure is clearly the second best "cloud provider on the planet behind Amazon Web Services," he said, crediting Microsoft's attestation and certifications.
Critical Concerns Continue
Surveys once identified security as the top concern limiting cloud adoption, but now there is increasing recognition in the market that cloud providers are at least as secure as the typical corporate data center, according to Andrew Atkinson, senior director of product marketing at Cloud Cruiser.
Security "now often does not even break the top three. The types of cloud services being used by enterprises are changing, going from pretty benign test and dev to now running production applications in public cloud environments," he told the E-Commerce Times.
The growing list of services being offering is a testament to customers' increased comfort with cloud services, Atkinson said.
"After all, we tend to keep our money in banks, rather than under our mattresses, because we know that their facilities -- vaults -- and capabilities -- guards, procedures -- reflect more resources than we can dedicate to the task and more hard-won knowledge than we would care to accumulate," he said.
The best news to come out of Microsoft's cloud security announcements is the recognition that the company must work with others in the industry to better understand the current and future threats facing its systems, noted John Eustice, an attorney at Miller & Chevalier.
"No single corporation, even one as large as Microsoft, can obtain sufficient intelligence on cybersecurity threats to identify larger trends and accurately assess risk," he told the E-Commerce Times. "By pooling resources with similar providers and acquiring security-focused companies like Adallom, Microsoft is making an effort to provide better and broader security information to its clients."
Even with better information, however, clients will need to maintain proper security measures for their own employees using Microsoft's cloud-based services, Eustice added.
The keys to turning its efforts into a competitive advantage over other cloud computing service providers are marketing, which Microsoft does quite well, and transparency in contracting, where Microsoft sometimes struggles, he maintained.
"When a company contracts with Microsoft for cloud services, that company will need to understand both the benefits of increased security and the process through which it can work with Microsoft to minimize the risk of a cyberincident," Eustice concluded. "Without clarity in the contract, a company's incident response plan will be unlikely to take advantage of the increased security measures offered by Microsoft."