Skip to main content
banner image
venafi logo

Microsoft on Multi-Cloud: It’s the New Imperative But Cyberattacks Present Challenges

Microsoft on Multi-Cloud: It’s the New Imperative But Cyberattacks Present Challenges

February 25, 2022 | Brooke Crothers

Microsoft’s new message for combatting cyberattacks is “take shelter in the cloud.” The software giant said this week it has extended native capabilities of Microsoft Defender to the Google Cloud Platform (GCP) on top of the existing support for Amazon Web Services (AWS), announced last year, and its own Microsoft Azure. A critical element of this move is security. Venafi recognizes the challenges of maintaining consistent security for all multi-cloud instances and how important it is to keep an accurate inventory of all machine identities across Azure, AWS, and GCP.

Take control of your machine identities now with Venafi

“[Security] is the mother of all problems,” Microsoft’s new security chief Charlie Bell said to the Wall Street Journal in an interview. “If you don’t solve it, all the other technology stuff just doesn’t happen.”

The software giant, when announcing protection for Google’s GCP this week, spelled out the challenge as a “kind of a Frankenstein solution,” according to Bell, who was hired away from Amazon last year. “The problem is everywhere you glue things together, there are seams and those seams become places that people attack.”

Since Bell took the reins at Microsoft, he has moved to centralize Microsoft’s security efforts under one organization and now oversees an organization of 10,000 people. "He has a budget to spend billions of dollars to build security products,” according to the Journal. 

As organizations look to the cloud, the reality today is an increasing cadence of sophisticated ransomware and nation-state attacks, Microsoft said in announcement that came out the same day as the interview.

“Cloud, mobile, and edge platforms have driven unprecedented business innovation, adaptation, and resilience during this time, but this broad mix of technologies also introduces incredible complexity for security and compliance teams. The security operations center (SOC) must keep pace with safeguarding identities, devices, data, apps, infrastructure, and more. Further, they must take stock of evolving cyber risks in this multicloud, multi-platform world, and identify where blind spots may exist across a broad new set of users, devices, and destinations.”

--Microsoft, February 23, 2022

A whopping 92 percent of respondents are using a multi-cloud model, Microsoft said, citing the Flexera 2021 State of the Cloud Report. And a survey sponsored by Microsoft shows that 73 percent of respondents say it’s challenging to manage multi-cloud environments.

In another survey, Microsoft interviewed more than 500 CISOs and found that Cloud Security remains the No.1 concern and investment priority for security professionals.

Machine Identity in a multi-cloud world

Venafi is acutely aware of the challenge.

Very large organizations almost always have more than one cloud provider. And part of the success of their multi-cloud strategy is having a quick and easy way to change between cloud providers when the need arises.

But many organizations have not thought out this solution very far. For instance, what happens if an organization wants to move away from one provider, say AWS, and have this instance hosted by Azure? Their answer may be something like, "We’ll just get another instance at Azure." The problem is, they will not be able to use the certificate they got from AWS on Azure or any other cloud provider.

In many ways, changing cloud providers is like changing Certificate Authorities (CAs). You need to be able to identify all certificates associated with cloud instances in a given cloud provider, revoke them and reissue them on the new cloud provider. You can make this process relatively pain-free if you are able to automate it. But most organizations never get that far in their thinking.

In the cloud, as on premises, you need to have a complete and accurate inventory of all machine identities and you have to continually monitor them. It’s the only way that you will know whether the certificate is still on the AWS instance when it should be.

Related Posts

Like this blog? We think you will love this.
Featured Blog

How DoS/DDoS Attacks Impact Machine Identity, Digital Certificates

For safe and secure utilization of machine identities such as SSL/TLS cer

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more