This is the first time Microsoft has released a report sharing key insights across aspects of cloud security, including identity and data.
These threats and more are the driving forces behind Microsoft's work to advance cybersecurity protections by sharing the latest security intelligence and through programs like the recently expanded Secure Future Initiative, which works to guide Microsoft advancements according to secure by design, secure by default, and secure operations principles.
Any practitioner who has worked in cloud security can tell you just how challenging it is to analyze, prioritize, and address the hundreds of security alerts they receive every day.
Security teams are also responsible for managing all exposed assets and other potential risk vectors.
Cloud security posture management is one solution, but rather than taking a siloed approach, we recommend driving deeper, more contextualized CSPM as part of a cloud-native application protection platform.
In addition to delivering proactive protection during runtime, CNAPP can act as a shared platform for security teams to work with developers to unify, strengthen, and manage multipipeline DevOps security.
Because CNAPP unites multiple cloud security capabilities under a single umbrella, security teams can also enforce full-lifecycle protections from a centralized dashboard.
Multicloud security goes deeper than attack path analysis and strong DevSecOps.
Microsoft's CNAPP solution, Microsoft Defender for Cloud, has an extended detection and response integration that provides richer context to investigations and allows security teams to get the complete picture of an attack across cloud-native resources, devices, and identities.
Also central to multicloud security is the idea of identity and access management.
In the cloud, security teams must monitor and secure workload identities in addition to user identities.
Security teams can address this risk by establishing visibility into all existing super identities and enforcing least privilege access principles over any unused or unnecessary permissions-regardless of the cloud they access.
Finally, organizations need a comprehensive data security approach that can help them uncover risks to sensitive data and understand how their users interact with data.
Instead, organizations should deploy integrated solutions through a multilayered approach that allows them to combine user and data insights to drive more proactive data security.
At Microsoft, we accomplish this through Microsoft Purview-a comprehensive data security, compliance, and governance solution that discovers hidden risks to data wherever it lives or travels, protects and prevents data loss, and investigates and responds to data security incidents.
Ultimately, multicloud security has multiple considerations that security teams must account for.
Rather, security teams must continuously enforce best practices from the earliest stages of development to runtime, identity and access management, and data security.
In a recent episode of our podcast, Uncovering Hidden Risks, we sat down with Christian Koberg-Pineda, a Principal Security DevOps Engineer at S.A.C.I. Falabella, to dive into his journey toward uncovering the challenges and strategies for safeguarding cloud-native applications across various cloud platforms.
To learn more about Microsoft Security solutions, visit our website.
Bookmark the Security blog to keep up with our expert coverage on security matters.
This Cyber News was published on www.microsoft.com. Publication date: Wed, 29 May 2024 17:43:05 +0000