Welcome to the Talking Security podcast. We will talk about items related to Microsoft's security. Hi everyone, welcome back at a new recording of the Talking Security podcast. The summer break is over and we are continuing this Defender for Cloud series. As you know, Microsoft's comprehensive solution for protecting cloud workloads and hybrid environments. Last time we talked to Tom Janetscheck about Defender for Servers within Defender for Cloud and Pouyan.
together, we are hosting this podcast series. We are both Microsoft MVP in the Security category show. It's one of the reasons we try to realize that. And last time before Summer Break, you were in the United States at the MVP Summit Met and you talked to someone. Yes, Frans. It's great to be back. It's finally the summer holidays are over. Yeah, before the summer I was at the summit at the MVP summit and I met with David and we spoke a lot about the whole security about DevOps.
And I have been since looking forward to this session, one of my favorites. So I would also ask our special guest, David Trigano, please come introduce yourself to our listeners. Yes, we are. Thank you, friends. Thank you for our invitation. Hi everyone. My name is David Trigano. I'm a Senior Product Manager within the Microsoft Department of Cloud for the group. I've been on Microsoft since 2010, started my career as a sub-engineer in Microsoft Friends.
Both in Microsoft Israel to all can be Microsoft Defenders of Cloud for the group. And a year and a half ago I relocated to the US kind of making a collection of Microsoft offices around the globe. What is for you to real difference between Israel and the United States where you now based? Yes, so thank you. This is a great question. What I realize is that in Israel we obviously are all offices as way smaller.
So when we talk about empowering people and when we talk about opportunities and how we can collaborate with other products, I think that here in the US this is the opportunities that are in things. We have plenty of teams, we have plenty of organizations here that are working, are talking the same goal which is helping our customers or empowering our customers, what should we do?
And I think that even if this sounds like, okay, this is a mindset that we set that set that kind of infuses across the whole Microsoft organization, this is something that we feel and we can see them databases when we're working within the random campus. Awesome. Well, David, thanks for taking the time for joining us today at our episode. It's mentioned one of my favorites, one definitely in the time that we are in now with everything happening with cloud and a lot of development.
I think it's really important to have a good visibility and a good framework in place when it comes to the whole DevOps process. And to kick it off, I'm really curious, kick, kick, kick as a overview of how DevOps security and its role within the whole broader Defender for cloud ecosystems is. Yes, today.
Absolutely. So, I think our first of all, it's important to understand our Microsoft Defender for cloud has been here for a long time and we saw Microsoft Defender for cloud evolving from being a CSPM and CWP platform focused on a joule first where we'll call the Azure Security Center to a multi-cloud multi-pycline comprehensive Synapse solution called Microsoft Defender for cloud.
And when we talk about Synapse which is the terminology to say that we are protecting or providing a platform that provides a protection to cloud native applications is important to also consider the development security and the DevOps security aspect of a course, the sort of development lifecycle.
So, in using an integrating DevOps security within Microsoft Defender for cloud, for us it's something that is natural when it comes to moving from CSPMCWP to becoming a Synapse actor within Microsoft.
So, obviously protecting DevOps environment goes from searching for secrets that may be exposed in a code to finding vulnerabilities before the code is being deployed into production, analyzing IAC templates, so infrastructure as code template that our provisioning resources and being able to infuse all of those insights into Microsoft Defender for cloud in our cloud security explorers, in our recommendations and all the different places where Microsoft Defender for
cloud provides security visibility for all customers. Awesome, yeah, I think when we're in our first episode we talked a lot with a road about the whole Defender for cloud and how big it is and how massive and how we even started counting how many futures it contains at this moment. So in your opinion it's really playing a big role to have a completely overview when it comes towards the development.
So what if you look then on that topic what are the primary challenges for the organization to face? What are the basic when it comes to the DevOps security especially if you talk about maybe even multi cloud, multi pipeline environments? How does that work and fit? So I would say that this is a real challenge.
First of all this is a great question because this is obviously the one million dollar question that we all aim to solve is how we can bring two different worlds which is the infrastructure wall, the tech wall, the DevOps tech wall, the DevSecOps wall to collaborate.
Because when you think about it those different worlds are not talking the same language they're not using the same platform, they're not having the same agenda and our goal as a security provider is to facilitate to reduce the friction between those worlds.
How we help a developer who wants to build application fast who wants to deliver those application fast into production to communicate with a subscription owner with an application owners who also wants to have something fast but both of them want to make sure that this is secure because nobody wants to have a message to a YM saying hey there is a critical CBE you have to wake up because the application is down because the security team decided to turn
off the application because whatever what security issue happens within the organization.
So I think that again while we're trying to achieve within Microsoft this kind of a cloud is really the ability to reduce the friction between personas that are not talking the same language between personas that are not specifically designed to work together on the first side we have the security team that are here to make sure that the entire organization is securely built in architecture and design and on the other side we have
the application owner or the developer who are actually looking to have application and to deliver faster and faster application and plown native applications for all the businesses.
So these are the main challenges how we make sure that we have all the organization to collaborate together without having any friction without being able to understand the technology that happens behind the scene and the complexity behind the scene that we have in place and we put in place for helping those different organizations and personas to collaborate throughout building cloud native applications securely.
Yeah, I think that that's the key of the whole deaf circles in the day to learn and to achieve that I think that the feasibility is the key to have like a fully unified feasibility into the security posture but that is often happens at the moment in the production phase that the security finds the full of melody. So how do you see the role of the vendor for cloud when it comes to pre-production application for example and what kind of scans and security execute in that kind of platforms?
Yeah, good question. So Microsoft Defender for cloud again as I mentioned at the beginning of this podcast we aim to become a cleanup cloud native application protection platform and for achieving this role we actually want to shift left our visibility and security control with development or installation and to do development role.
So we talk about scanning we can talk about our ability to scan IIT templates with deafness configurations in advance we also have the ability to annotate fully requests near real time to inform the developers immediately when we found a list of configuration before those IIT templates will eventually provision and help the resources and native resources in their cloud environments which is a critical aspect to make sure that
we not only are building security applications but also building applications that are designed in a way that allow us to make sure that those applications or those resources are defined and deployed according to the security best practice and security rules and policies that will be defined by security teams within Microsoft Defender software.
So this is the first task I mentioned also something about secrets and finding CVEs before those risk or miscontribulation or vulnerability is a heating production environment and this is also where we are collaborating with GitHub events security for GitHub events security for Azure DevOps by aggregating all the different insights that are coming from those platforms and centralizing them and unifying the visibility of all those different insights that
sit at the file level or the repository level into Microsoft Defender for cloud and connecting those insights into the rest of the platform into the cloud environment how we are providing contact to cloud visibility for our customers. So it's a secret CVEs in terms of scanning and I think that's planning to identify vulnerabilities and miscontribulations before those security issues reached to your production or to customers production and sensitive critical environments.
Awesome, you have that sounds really amazing definitely what in mind that security is empowered to make decisions and to take controls before that happens to control the damage that's coming. And are there any key features? I mean the visibility is one of the big ones that I think you mentioned that making the whole DevOps process visible for security so that they can assess and share their feedback on it.
What are other key features or capabilities for example that you can mention how security can integrate or promote their security towards the developers and let them know are there any integrations in their for example that you can mention? Absolutely, absolutely.
So I mentioned already the PR annotations that is part of Microsoft Defender for cloud that we have simple click security admin and security teams can actually enable it to automatically approach their different insights coming from their for example Azure DevOps environments.
So the moment GitHub events security or Microsoft Defender for cloud identifies a security risk for security miscontribulation or vulnerability might sort of define a for cloud will automatically annotate the pull request that was initiated by the developer to inform him about the miscontribulation or vulnerability that's what a term during the pull rate.
There is also another aspect of Microsoft Defender for cloud which is something that currently exists and as I mentioned we extend to the cloud and to the code environment is about security graph explorer and a well-attack path analysis. So another of customers are talking to us about this what we call in this industry. This alert fatigue or this recommendation fatigue is security fatigue because they have plenty of different insights.
I have hundreds of recommendations thousands of failures thousands of signals coming from different platforms, different environments, different resources and they don't know how to buy it.
I don't know how to quickly identify the most critical resources that they have where they want developers over the action owners to focus on by connecting the DevOps insights and DevOps entities into the Microsoft Cloud security graph that we built within Microsoft Defender for cloud will give the ability to the security admin to quickly identify the most critical resources and the most critical repository they have based on CVIDs based on misconfiguration.
For example, as a security admin I can go to Microsoft Defender for cloud and ask the security graph to show me all the repositories that are exposed to the internet and have a specific CVID detected within that repository. So for example, when we talk about load for J, which was a storm that hit the entire industry a couple of years ago, couple of months ago, we can quickly identify all the repositories where load for J was imagined to model the load for JV2 that comes out of the nowhere.
Then Microsoft Defender for cloud can help security admin and developers to quickly identify all the repositories that were a load for JV2 for example, were found within this node, within this entity. And so by doing this, we are helping the security admin to collaborate with the developer quickly identified the most critical misconfiguration and CVID that are affecting their businesses and fix it very, very quickly.
And obviously, by combining all those defaults with existing capabilities within Microsoft Defender for cloud, such as the automated flow with logic up and workbooks, we also give the ability to security admins to automate all of these processes, making sure that the moment they have anything that is related to security and they want to automate it at scale, we already are using existing tools that are present in Microsoft Defender for cloud
to not only help them to prioritize but also make sure that they can prioritize at scale with the developers. Wow, amazing, I mean, oh, that's friends. And I'll go ahead.
Go ahead. Yeah, I mean, I think we are a lot of familiar with the PR registration, but I think we'll watch mentioned regarding log for G, I mean, having the possibility as it looks like partially on the fan of our endpoint with the vulnerability as such and how you can easily find all kind of vulnerabilities within your organization, look at the same visibility and controls, but now on your application and your code and finally. So these are really great future.
I mean, I really, I see a lot of our customers using the PR rotation where they easily integrate and give feedback to the developers before any code being merged into the production. And yeah, unfortunately, we can't share it here now, but if you look it up, that data and how everything is worked out and explained in an understandable language and pointing out really which line the vulnerability or the secret, as you mentioned indeed, was found.
So it makes it also really easy for the developers to be pointed like, okay, there in your code is the issue that you need to take a look at. I think that integration is really amazing because so to have this integration, you would imagine you need to do a lot to get this done, can you? Talk us through how this integration works. Where do we need to start? We want to integrate with, for example, one of our most popular DevOps users like GitHub or Azure DevOps. Where do you start?
That's a good question. So I think that what we are actually trying to do at Microsoft EngineRNR, Microsoft Security, is to simplify the onboarding and simplify the experience as we, as I said earlier, we don't to expose the complexity of our technologies for our customers because we do not believe that customers have to understand how it was behind the thing of course they have, we can document everything.
But when you talk about it from a user perspective, from a user experience perspective, we want the user to be able to quickly see, to have this what we call the five minutes while we're effect. So how we can give you the ability to quickly see the value, the security value that we give you out of Microsoft Defender for cloud.
So very simply, very simple sorry, you are a security admin goes into Microsoft Defender for cloud on both his Azure DevOps environment into Microsoft Defender for cloud the same way, security admins will on both their AWS or GCP environments into Microsoft Defender for cloud and I have the same capabilities extended capabilities for GitHub and Azure DevOps.
And the moment they onboard their Azure DevOps environment, we will actually start collecting insights that are coming from GitHub advance security GitHub advance security for Azure DevOps and developers that are actually using our extension which is MSDO for Microsoft security DevOps extension.
They actually just have to inject our extension into the pipelines and we will automatically scan everything or actually collaborate with GitHub advance security to add also the IIT scanning capabilities and consume the results from GitHub advance security in order to push and to populate those results into Microsoft Defender for cloud.
And as you and I mentioned, it's very simple, the security admins can go to the DevOps blade, the dedicated lady Microsoft Defender for cloud and they can configure PR annotation by just simply click on on and out of the box, we will do all the connections and all the logic behind the scene to inform the developers if something is found and to inform the security admins about all the different findings across the multiple SCNs that are using GitHub,
multiple instances in GitHub, multiple organizations in Azure DevOps, we will aggregate all those findings to give the unified visibility to Microsoft Defender for cloud. Amazing, that sounds as a really fast onboarding and gives you a huge visibility within what's going on into the developer perspective. We trust a little bit on there about the process, you already told about how you can do prioritization based on the fellow abilities found.
Can we also do when we do the PR annotations? Can we do some kind of also bring some of that precision back to the DevOps environment for example, or to the GitHub environment to make that feasible for them what has priority in that sense?
So this is something we're actually walking on. Obviously, your governments have been asking how we can have this synchronization between the DevOps environment and the cloud or the security, the scene up and the DevSecOps world that were these different personas are already. So the way it was today, we actually have this visibility at the PR levels and obviously we walk continuously and closely with the GitHub advance security teams for GitHub and Azure DevOps.
You see, one of the additional connections we can bring and the enrichment, we can bring for both sides to give extra visibility for developers and security admins. So when we talk about developers often we immediately go to a very complex and application. But what we see now a lot is if you look at a lot of customers, definitely in the net and there's a huge move towards Azure Cloud which brings a lot of infrastructure code solutions.
It's sometimes it's R, sometimes it's PICE, or other languages. It's the vendor for cloud also helping us towards that and and and and and and KU also what kind of security, finance can we expect when it comes to infrastructure code for example, is there a difference towards when we are talking an application development for example?
Yeah, this is a this is a real good question. So what we see right now and and what you say in the netizen I think you can actually use it as a good print and basically extend that almost every country in the world where we see also customers that are using more and more orchestration, mechanism such as infrastructure, a split template, we unified their resources and cloud native resources making sure that they have blueprints that they can use and templates they can use to
provision the resources. What we are actually doing within Microsoft different for cloud is that we are providing tools, they are kind of template, I know that are actually scanning the ISD templates to find these configurations which are very similar to the misconceptions or with the security assessment we have right now in Microsoft different for them. So we're talking about TLS version, we're talking about using HTPS, we're talking about all the different security best practices
that we have within Microsoft that we are extending. We are shifting left, I was security policies from our cloud environment into our code environment. Again we are actually we have I used to say that Microsoft if kind of a cloud is not only about it's not anymore only about state
security but it's also about build security. How we can help the developers to build secure so it's easier for them and for the security team to stay secure and the most basic one and you mentioned that is the ability to make sure that your resources are securely defined so that's securely provision
and they stay secure. So as I mentioned we talk about we have more than 200 checks that are documented and I highly encourage our customers to check in our documentation to what are the different controls we have in place for ISD templates and of course they can try it as I mentioned they just have to inject our extension into the pipelines and out of the box we will scan
all the different ISD templates be called that provisioning basis is into their own. Wow amazing this is really the start to I think we have called it a lot but it's not happening but to say it's we are going to treat our infrastructure as an application now it's it's it's it's it's we are also going to assess the security before even our resources hit the production or into into the real world I think that is a huge huge added value definitely if you combine that
well well well also the application that's going to run on top of it then we have the full chain from the the server or the past solution where it runs on towards the application I think this is this is a great great added value for customers definitely and are there any success stories for example that you can share with us on organizations that benefit from implementing the defender for cloud to give them this kind of control and visibility over their application but
also about on their infrastructure site you put me on the spot right now this is a tricky question so obviously I won't be able to give any customers name but but I have a funny story where we were actually talking with the customers that were not using any DevOps security tool and they were like so worry I know how I can figure out my depositories I know there is no secret in my production I know my asset templates are being configured properly should be fine and one like okay look I was
to return it's causing public preview it doesn't affect your performance run it let's talk in about a week let's see what's going on and let us know and literally to a three hours later we received an email and all I guess can have a quick chat I would love to show you something and end those 10 months going on and the customer actually opened Microsoft Defender for cloud and he was like I'm actually
seeing the result of these configurations and seek out that I expose what's going on and I was like interesting do you think that you have repositories that are publicly exposed it's like there is no way we have a bunch of vendors and consultants that are actually assessing our environment constantly making sure that nothing is exposed to the code let's go to the security explorer and see if you have repository for it that are publicly exposed and then we found that they were like five or six
repositories on and there is no way you have an issue in your in your backend let's go to our Azure DevOps check the name of the repository and let's see what the configuration is and the customers that are actually on the call were completely shocked I'm like it's going on that was not supposed to happen I was like okay let's see something different let's continue the crowd security explorer let's see if we have CVEs or let's see if we have secret exposed in those
repositories and we found that that one repository had secret exposed has secret exposed in publicly exposed and the customer was completely shocked and they were like we would like to apologize we thought that we would not need our solution but now we're going to deploy it everywhere that was a small POC and within a week they moved from we don't we don't feel the need to use a DevOps security product too we want to deploy it everywhere and help us to have more and more capabilities
so it shows that most of our customers don't know what they don't know they all think that security is something that is a kind of insurance or you just deploy it and you're ready to go and every time where we have I would say most of the time what we have customers that are willing to go into the findings spending time into understanding their environment get that visibility trying to search for publicly exposed repository to is now looking to find for critical repository secrets that
were exposed critical TV is that was still in their code this is where they usually surprise and they're like oh thank you we can now go ahead and work with our development teams to identify or to remediate and create processes to make sure that these kind of issues do not happen in the future so this is the for me that was it's not a funny story unfortunately but I think that it shows how critical is DevSecOps today in a cloud native application or detection and
development and how it is critical to implement DevSecOps processes across the software development lifecycle when we think about cloud native applications but how many companies you say already I think most of the companies are probably have a repository published publicly available that they don't know so if it's it possible to run it for a short trial time before getting into the full blown DevSecOps security within the fender for cloud
absolutely so we have different layers into so different layers for this question so first of all my stuff the fender for cloud has a trial version where you can actually even enable the entire stack of Microsoft Defender for cloud and get it free for a couple of weeks so that's the that is the first ask the second one is the fact that the well DevOps security are following right now in Microsoft Defender for cloud is in public preview which means that customers can deploy it
on their staging and non-production environment or even production environment that we actually Microsoft advice customers to use kelfooly for five public preview features and has no impact on on the performance we're using agentless capabilities and so yes what we actually advise our customers to do is to try to run a POC across different repositories so when customers onboard their environment into Microsoft Defender for cloud they have the ability to do an
full onboarding or partial onboarding what they can select for example in Azure DevSecOps they can select specific projects and within those specific projects then can select specific repositories so if they have three production repositories or they're repository that are using for POC they can actually involve those repositories into Microsoft Defender for cloud and our offering will actually run only of those repositories and those entities that they're onboarding into
them this and by doing this I will actually give them the ability to understand better the solution and then decide if they want to extend the visibility and the coverage of their DevOps security within Microsoft Defender for cloud so not nothing blocks to enable DevOps security in your environment and this for this particular story correct okay Puyon what's next yeah I mean I'm listening and I'm thinking amazing I mean you're the example you get David I think
customers that contact you are surprised so they are more often the more senior and the fellow and bigger customers and I think listening also to the first question how easy it is and hearing you telling how easy it is to onboard that there are no blocking or technology thing or really hard changes needed how easy it would be for also smaller organizations to adopt this technology to get the visibility because I think they keep taking what you are saying
this episode is visibility is a key if you know and you have seen what's going on within your environment then you are the captain on the ship and you can start stealing your ship towards the right direction so so I think that that's amazing to hear and other any recommendations when it comes from you or from Microsoft towards that's practices and for organizations that are getting started to improve their DevOps practices when it comes to DevSetOps where do they need to
start I think one of the key as mentioned is visibility definitely can you share some recommendations and best practices where they can start in the journey towards the DevSetOps in your opinion yes absolutely I think that for me the most important one as you mentioned is obviously the visibility making sure that you know what you don't know right or what you you didn't know a couple days minutes ago so having that visibility across how many repositories to have within your
organizations how many DevOps environments you have do you have virtual DevOps you have GitHub you have GitLab you have J folks you have Jenkins Beatbucket whatever try to do an inventory of all the different DevOps environments all the different DevOps tools that you have that the developers may be used as a shadow IT tool that you really need to get a visibility and understand what you have making inventory and then on board obviously all the different environments that are supported by
Microsoft different of a cloud so GitHub and Azure DevOps and then when you'll bold them see exactly what are the different insights and outcomes from the different scanning and trying and from the different capabilities you're offering part of our DevOps security offering I will probably say that you may not want to have repository that are vulnerable or that have CV or ticket obviously exposed to the internet you don't have repositories that you control you
control the access you want to make sure that your developers do not have a high-previle repository on entire organization so if it's an Azure DevOps you want to make sure that none of the developer has PCA access project collection admins when we're more is our poet on GitHub you don't want your developers to have OA organization admin because you want to make sure that you don't have super user or super admin that are actually doing some simple tasks so if there are identity is
being bridged now nobody can actually use those identities to perform malicious activities at the organization that's the first one when we talk about also pipelines you want to make sure that your pipeline pipelines are well configured you want to make sure that you have people that can review the full request and review the pipelines before anything is coming from your code to your production environment so that can avoid a malicious user to inject malicious code directly
into your organization without having any review or that can block this pipeline to make sure that he has to write question why we suddenly have someone at 2 a.m. from Brazil or from any other country that is not supposed to be the developer usually walks in Europe and then suddenly we see him at 2 a.m. in Brazil starting to push onto create pull-in voice so these are the kind of controls you want to have in place tools like Microsoft Sentinel can help you to do this you have
connect those to get all the logs so these are the kind of best practices we also advise about customers to follow and obviously the last one is what are the permission that each of your pipe and actually has within your environment which is a little explicit for example with your SPN so in our job to want to make sure that your unit using classic Azure traffic SPN you want to make sure that you have the latest version you want to make sure that you're not giving too many
permissions for pipeline if your pipeline has access for repository that is publicly available you don't want that repository to be able to for example push a specific code without having any
reviewer using an SPN that has access both sensitively. These are the kind of complicated attacks that we see more and more within our customers and lastly I think that was important also you want to make sure that your developers also are aware of all those security tools because it's always a trade-off between how secure you want your your applications to be in health process and heavy processes you want to have in place versus how fast you want to deliver solutions to the
market and I think that each organization must find the right balance between we want to have security we want to have fast application want to have a fast time to market so how we deal with it and I think the character here is really about your industry about the different compliance and governance may have in place but find the right way to make sure that you are well-configure and also adjining enough to give that freedom or to give the developers the ability to quickly develop and
to also quickly push things into production to stay in a CACD environment and not move back to what are for what when all legacy mindset we're actually building application for month testing testing testing and the idea and take this whole block and moving it to products and after how was
the days of time. So definitely helps within a development environment so if someone develops an application but on the other end what we see nowadays with pipelines and a releasing infrastructure as we're talking already about that that also helps within that kind of environment so it's not only development but also people that are realizing infrastructure as they that's also helping absolutely devs tech ops well what we talk about tech ops engineer today which is something that
is new sre second engineer they also have a lot of gain by consuming those insights to help them understand how secure the pipelines are how secure the automation is how secure the CACD pipelines are so definitely something that is also taken into consideration is how we can infuse all of these different insights across the LDC we talk a lot about code to cloud and SELC because we really want to position Microsoft different of our cloud across the software
development like cycle from the developer to the developer to the developer engineers to the IT admin going through the security and also to the application on the so they can all have the same visibility slice and dice based on what they have to know and what they have access.
Yeah so thanks for sharing this this insights at this point I'm if we look at the future and I know we can't share many things about what's coming but if we look in general what can we say about the future about securing code securing clouds and that's all kind of stuff.
Yeah so as you mentioned securing code securing cloud I think the first one is also to think about securing code in cloud together and this is the future that Microsoft depends on cloud aims to solve how we are really doing a real connection collaboration between those different tools how we are removing the friction that we have between developers and security admins and application owners.
So I think that what we are actually aiming to do is to provide more and more capabilities code to cloud capabilities for all customers how we help them to better understand that they must collaborate if they want to build secure application if they want to stay secure. We talk a lot about how we can infuse AI into our entire Microsoft ecosystem and obviously this is
something that we are looking into. We talk a lot about how we help the developer to be better informed we talk about piano patients how we can help the developer to better understand the why why I have to fix it why this is important to my organization how we can also as I mentioned reduce the friction and also increase the sharing knowledge between all of those different worlds.
The developer knows exactly why he implemented this line of code the security admins knows exactly why he implemented this particular policy and the application owner knows exactly why he meets this application to be up and running and how we can share that knowledge across the different worlds is for me a critical piece that will help us to work reducing the friction between
all those worlds. So if I had to summarize I would say better sharing real code to cloud collaboration and the developer's life second and how we can infuse AI into this entire ecosystem. I think the enhancements and the improvements that will be go fast probably in the next year. So probably we can make an appointment already to have you sometimes back in a few months or an hour a year to see if there is any update that we can share within this
review recording within this podcast for our audience. Let's do that then. I'm Puyon. Do you have any other things to mention or to ask? Well I think David again thank you for joining us.
I think it's one of the most important topics at the moment which you will be discussed today when it comes to the whole cloud and going towards the cloud and it touched on things like speed is important for going to cloud and also for the developers and having the flexibility and I really believe in that cloud is freedom and speed but as organization being controlled and I think how the benefit of cloud helps you to start your security at the beginning of the journey
towards that it's amazing but also what we as you mentioned there is a lot to do when it comes to the embracing and implementing the deaf cycles it's not all technology and it's not all. So yeah I think organizations I hope they enjoy this session and I see that the added value that Microsoft and your team is definitely providing to create this facility which is so important in this time. So yeah I'm really amazed at this with one of my
most favorite topics. Thank you for joining us. I don't know if you are closing deep feedback something for our listeners to close this episode. Yeah so early so pretty well thank you all for listening thank you gentlemen for inviting me it's always a pleasure.
I hope we'll be able to see each other more and more in the future without about the MVP summit we have so many events of Microsoft where we invite our customers and partners to come and talk to us we have the MVP summit ignite fields where plenty of events where we are always happy to see all of you so if you're free to join us virtually all physically if you have the ability to join us I think that what is important maybe if you have something to keep in mind for for the audience
is as I mentioned earlier my advice is to get a visibility into your own moments make sure that you know what you don't know or make sure that you don't have any shadow IT that could lead to potential bridges so get that inventory start using Microsoft to kind of for cloud as I mentioned we have a free trial we have the communications about almost everything that you want to know about Microsoft Defender for cloud there are so many podcasts and so many information that we are sharing
across different media we have plenty of different channels where you can follow Microsoft security on Microsoft Defender for cloud and it was continue to hear what we and friends are doing around Microsoft ecosystem thank you for obviously for doing this this is important also for our community to better understand how they can use and leverage our product so glad that we have people like you that are investing time to share your knowledge and invite us it's an honor to
be invited and share our knowledge with our community so obviously and again in general and thank you again for this invitation and help you for the audience can use and leverage some of the
kind of a cloud to improve your crowd native application security posture. It's like why so we having fun doing this and helping the community getting the information closer to them so thanks for listening or viewing this recording if you want to if you have feedback for us please let us know you can find us on talking security dot-and-out or our LinkedIn page please please search for it and we will be notified and we will get that feedback and probably we can use that in the next
recordings and if you find it valuable hit the notification button and subscribe on YouTube or on your favorite podcast platform and I say thank you for now put on an eye are looking really looking forward to the next recording about securing APIs with Defender for cloud so probably we will see each other then so thank you bye bye