US technology giant Microsoft Corporation continued its investment in cloud security after announcing the purchase of CloudKnox Security on Wednesday. The Washington-based office software maker said it wants to offer unified privileged access and cloud entitlement management.
CloudKnox Security is a leading Cloud Infrastructure Entitlement Management (CIEM) offering organizations complete visibility into privileged access. CIEM solutions, such as the one offered by CloudKnox, adds enhanced identity security and controls to cloud environments.
This acquisition will help Microsoft’s Azure clients to reduce risk through offering right-sized permissions and consistently enforcing least-privileged principles. CloudKnox will also support Microsoft’s network of security measures by employing continuous security analytics to prevent security breaches and implement compliance.
Commenting on Mircrosoft acquisition of CloudKnox Security, Gartner Analyst David Mahdi said Microsoft recognises the fact that identity is critical to security, and security is critical to (and all) hybrid and multi cloud environments.
“As such the acquisition of CloudKnox brings additive identity security controls to Microsoft’s existing Azure identity and security suite. For the sector overall, this highlights the critical relationship of identity and cloud security (See Identity First Security – Gartner Top Security and Risk Trends for 2021),” said David Mahdi.
The rapid rise in cloud adoption in the corporate world attracts all types of cyber threats. To counter the risks associated with database breaches, companies must invest heavily in cloud security software. Microsoft’s continued investment in this segment of the cloud computing market will make its cloud services offered through Azure stand out in the market.
The company stated that the acquisition of CloudKnox, like others recent acquisition announcements on RiskIQ and ReFirm Labs, shows the company’s focus and execution in acquiring, integrating, and expanding the strongest defenses for our customers — from chip to cloud.
As the market has been moving to hybrid multi-cloud environments, many users are starting to discover critical security gaps in their cloud ecosystems. CIEM solutions fill a needed gap in cloud environments where they bring more attention and controls to privileged users, rights and entitlements in dynamic and complex cloud environments.
“In addition, many of the cloud providers are lacking in this specific area. As such this results in a growing number of avoidable cloud security weaknesses (i.e. potential of excessive and unnecessary access, etc.). Therefore, CIEM functions are likely to be subsumed by cloud providers (as Microsoft is demonstrating here) in order to ensure that clients have all round identity and cybersecurity controls,” said David Mahdi.
Overall, this acquisition will bring some attention to the notion of cloud-first identity but specifically to CIEM. Identity is now an attack vector for bad actors (i.e. stealing credentials, etc.); as such, by ensuring that identities are managed and secured, overall cybersecurity posture improves. Overall, for many Microsoft customers, this points to the fact they are investing heavily in security and identity with Azure – but also across the hybrid multi-cloud. As Gartner predicted last year, many of the remaining CIEM vendors will likely gain more attention, and it there is a high potential that they will be subsumed in the future.
The loudKnox acquisition is primarily focused on identity-first security functionality. “However, the RiskIQ, and ReFirm acquisitions (along with CloudKnox) – demonstrate Microsoft’s dedication to ensuring that Azure (and the hybrid multi-cloud) has the needed critical identity and cybersecurity foundational offerings. Clients today, are struggling with numerous security and identity solutions, and as such, many are focused on consolidation; Microsoft is positioning themselves well to offer more holistic identity and cybersecurity offerings,” said David Mahdi.