Securing Multi-Cloud Environments – envisioning, proof of concept and implementation service.
Insight will help strengthen the client’s security posture across multicloud and hybrid environments with contextual security. Insight will gain a full understanding of the client’s cloud environments to design and deploy an instance of Microsoft Defender for Cloud.
We will deliver functionality for: • Cloud Security Posture Management: assessing your resources, subscriptions, and organisation for security issues to determine your secure score, to understand your risks and priorities to remediate. • Cloud Workload Protection: providing security alerts that are powered by Microsoft Threat Intelligence, which includes a range of advanced, intelligent, protections for your workloads in the cloud. • As part of the deployment process Insight consultants can demonstrate the tool running in your environment, helping you strengthen the value proposition by fully understanding how Defender for Cloud can reduce the security risks. On completion of the deployment our consultants will walk you through the findings in a workshop, helping you to interpret the outputs and advise what the next steps should be. You can either self-remediate or further engage Insight to carry out the remediation actions.
Example services approach The envisioning and Proof of Concept (PoC) will be conducted in 4 phases:
Planning: Organise a meeting with key stakeholders for the PoC. We will validate the scope, determine the requirements for role-based access controls, azure policies, subscriptions/workspaces, onboarding and included resources., with clearly defined success criteria. Insight will review the current configuration in which we will identify the registered resources, evaluate the status of Defender for Cloud plans, determine appropriateness of regulatory frameworks and identity hybrid and multi-cloud connections.
Preparation: Focused on documenting the environmental changes that are needed to meet the requirements. A schedule will be determined, and responsibilities of people confirmed.
Implementation and Validation: During the Implementation and Validation phase, features will be enabled, recommendations reviewed, action plans for security alerts developed, inventory changes documented, and workbooks evaluated for usefulness. We will focus on improving the security posture, reducing the attack surface, and treat detection and response. The following tasks may be performed: • Add additional subscriptions • Add non-Azure servers using Azure Arc • Add virtual machines from other clouds • Enable Defender for Cloud plans (Servers, App Service, Storage, SQL, Containers, Key Vault, Resource Manager, DNS, or open-source relational databases) • Configure auto provisioning for agents and extensions from Defender for Cloud portal • Configure email notifications for security alerts • Connect hybrid and multi-cloud machines • Choose standards for regulatory compliance dashboard • Determine requirements for continuous data export (alerts, recommendations, and/or regulatory compliance data) • Determine export method and destination (Log analytics workspace or Azure Event Hubs)
Conclusion: Insight will document the scenarios tested and their results, including learnings so that any potential roadblocks are considered when creating the production implementation plan.
Based on the outcome of the POC Insight will assist to roll-out the Defender for Cloud CWPP capabilities to other subscriptions.
From a Cloud Security Posture management perspective Insight will: • Review status of regulatory compliance configuration in the Defender for Cloud portal • Onboard additional compliance policies as appropriate • Configure Compliance Over Time Workbook • Enable Regulatory Compliance workbook from the Community Git repository • Adjust the dashboard to show the desired standards • Create plan for implementing compliance controls that are needed (providing an overview of additional costs if Insight’s assistance is required)