We received excellent comments and a question regarding cloud security features from an ISC reader today that we thought was important to share broadly. We'd certainly like to open this up to reader comments, insights, and feedback.
"With Azure adding to their security offerings, is the trend for more companies to start offloading their security needs to Microsoft? With Microsoft security & compliance, companies would rely more on Microsoft recommendations and alerting. Why even go through security learning when Microsoft would be handling the entire stack?"
My response to this follows, please note that I work at Microsoft, and that our replies are not exclusive to the Azure cloud:
"The continued growth of security features in Azure are intended to be of increased benefit to customers and their protection, but not supplant or replace their ongoing need to understand and apply security practices and learning. Organizations utilizing Azure are able to leverage these tools to greater affect but can't do so in the absence of understanding the same security principles that apply to on-premises computing. Yes, the technology and landscape are evolving but the core tenets of asset management, vulnerability management, secure configuration, security assessment, monitoring, analysis, and incident response all remain valid and true. Just because the likes of Microsoft Defender Advanced Threat Protection or Azure Sentinel exist for Azure resources and Microsoft customers doesn't mean you don't have to know how to utilize them effectively. Different tech, different landscape, same principles."
Another handler replied as well:
"My organisation does a lot of work within the various Microsoft stacks and unfortunately the assumption is often that Microsoft is taking care of it all, which unfortunately is not the case. The tools that people are being provided with are improving. What is available at your particular license level is different to what it was a few years ago, even a few months ago. However the same security principles people were applying previously still apply. If you had an on-prem SIEM that nobody looked at, having Sentinel and nobody looking at it will have the same end result. The tools are available, but they can still be implemented insecurely."
Again, cloud security features <>!=≠ personnel security capabilities, those are still up to you and your teams.
Cheers…until next time.
May 5th 2020
3 weeks ago