With each cloud vendor doing its utmost to shove more features into its offerings and tie them all together, are we looking at a new technology monoculture? That is, a community of computers that run identical software -- sharing the same vulnerabilities and, thus, threat of widespread failure in case of successful attack.
With so much moving into the public cloud, it’s imperative that we acknowledge the risks involved in being part of a larger attack surface than if we simply ran our business in our private datacenter. At the same time, it’s important to realize that the security features in a public cloud typically far outweigh whatever most organizations can do on their own .
Microsoft is of course trying to be the cloud monoculture you choose. But so far, Microsoft seems to understand that the monoculture vulnerabilities inherent in a single platform and single vendor require a ton of additional security to protect your data.
That was evident at the Microsoft Ignite conference this week, where Microsoft's announcements focused heavily on security. For example, Advanced Threat Protection will go beyond Office 365’s Exchange Online and expand into threat detection for SharePoint Online, and OneDrive for Business windows Defender Advanced Threat Protection will share threat intelligence between Windows 10 and Office 365. The new Office 365 Threat Intelligence gives admins a greater opportunity to see attack origins and create dynamic policies to go into action immediately.
At Ignite, I also saw a slew of third-party tools providing increased security beyond what Microsoft offers.
A monoculture is subject to vulnerabilities at scale, but it also provides capabilities at scale. Thus, many IT organizations should find a big advantage from having both a desktop monoculture (with Windows 10) and a cloud monoculture (with Office 365 and Azure). You can minimize the monoculture vulnerabilities by using the additional protections from third parties.