Every CSPM vendor is on a journey to bring new features every day. It is part of the vendor assessment process to make sure that the vendor you are choosing has the capabilities to support all other cloud environments your organization is using. For example, as of today while writing this chapter, Microsoft Defender for Cloud supports Azure DevOps and GitHub environment (in preview) but no other cloud environments, such as Oracle Cloud Infrastructure (OCI) or Alibaba Cloud. However, you can still onboard your SQL servers, Windows servers, or any other workloads by installing Microsoft Defender for Endpoint agents to the workloads. Defender for Cloud can monitor the security posture of non-Azure computers, but first, you need to connect them to Azure.
The following are some links that you can refer to when onboarding non-Azure workloads to Microsoft Defender for Cloud:
- Connect on-premises machines by using Azure Arc: https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines#connect-on-premises-machines-using-azure-arc
- Connect on-premises machines by using the Azure portal: https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines#connect-on-premises-machines-using-the-azure-portal
- Onboard your Windows server: https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines#onboard-your-windows-server
- Onboard your Linux server: https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines#onboard-your-linux-servers
Please refer to the Further reading section of this chapter to learn more about cloud account onboarding.
Let us now look at challenges and roadblocks that may arise during onboarding.
Onboarding roadblocks and mitigation best practices
During the onboarding process of cloud accounts to a CSPM tool, organizations may encounter several roadblocks. Let us understand these roadblocks one by one, along with mitigation best practices.
Roadblock #1 – Lack of necessary permissions
Obtaining the required permissions and credentials to connect cloud accounts can be challenging, especially in larger organizations.
Best practices are as follows:
- Work closely with your cloud service providers to grant the necessary access
- Clearly define and communicate the required permissions to relevant stakeholders
- Use role-based access control (RBAC) to manage access more effectively
Roadblock #2 – Complex cloud environments
Multi-cloud or hybrid environments can be complex, with different configurations and security practices across platforms.
Best practices are as follows:
- Develop a standardized approach for security policies and practices
- Ensure your CSPM tool can support multiple cloud platforms
- Create a comprehensive inventory of all cloud assets
Roadblock #3 – Resistance to change
Resistance from IT or development teams when introducing a CSPM tool can be a roadblock.
Best practices are as follows:
- Communicate the benefits of the CSPM tool, such as improved security and compliance
- Collaborate with teams to address their concerns and involve them in the onboarding process
- Provide training to ensure that teams can use the tool effectively