At its Ignite conference today, Microsoft announced Defender Cloud Security Posture Management and Defender for DevOps, two new offerings within the company’s Defender for Cloud service (previously Cloud App Security) aimed at managing software development and runtime security across multicloud, multiple-pipeline environments. Currently available in public preview, they work with GitHub and Azure DevOps to start, with additional product integrations to come down the line.
In a conversation with TechCrunch, Microsoft CVP of cloud security Shawn Bice said that Defender for DevOps and Defender Cloud Security Posture Management (or Defender CSPM, to refer to it by its more wieldy acronym) arose from the challenges companies are increasingly facing as they use cloud-native services to deploy and manage applications. These customers often have incomplete visibility and a lack of prioritized mitigations, he said, making their security reactive as opposed to proactive.
There’s truth to that. According to a 2020 report from
