Amazon Web Services (AWS), Microsoft Azure, and Google Cloud announced new security services, product upgrades, and acquisitions this year to better their position in the public cloud and cloud security market.

Here are the top stories that SDxCentral covered on those moves in 2022.

Next year, we might see a cloud security showdown. Forrester analysts expect AWS to acquire a managed detection and response (MDR) vendor in 2023, aiming to reclaim the cloud security lead over Microsoft and Google.

“As the cloud market leader, AWS is under pressure to match its hyperscale cohorts with security breadth,” analysts wrote in their cloud computing predictions for 2023. “An MDR play would complement AWS’s silicon-focused security approach and mollify current and potential enterprise-class Microsoft customers susceptible to Azure’s lure.”

Lee Sustar, principal analyst at Forrester, expects AWS to select one or multiple MDR startups or a mature major security player to build out the capabilities. AWS has a lot of resources to ramp and integrate one or several small MDR vendors through acquisitions, or it could buy a strong brand name similar to Google's purchase of Mandiant.

AWS unveiled a preview of its Amazon Security Lake during its re:Invent 2022 event. The service is designed to automatically centralize users’ security data from on-premises, AWS, other cloud providers, and third-party sources into a purpose-built data lake in their AWS account to enable faster security actions.

The service allows customers to choose their security data sources, converts that data to the Apache Parquet format to store and query, and conforms to the Open Cybersecurity Schema Framework (OCSF) open standard to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party enterprise security data sources.

The vendor claims the ability to aggregate, manage, and optimize large volumes of disparate log and event data supports faster threat detection, investigation, and incident response.

AWS introduced its VPN-less, zero-trust network access (ZTNA)-like secure connectivity service, dubbed Verified Access, during its re:Invent 2022 event. The service is designed to provide secure access to corporate applications running on AWS without the need for a VPN while enforcing zero-trust principles.

“Your workforce is not required to use a VPN client anymore. A simple browser plugin is enough to securely grant access when the user and the device are identified and verified,” AWS’ Sébastien Stormacq noted, adding the service supports Chrome and Firefox web browsers.

Google and Microsoft both upgraded their confidential computing offerings in October during the Google Cloud Next and Microsoft Ignite events.

Microsoft announced its confidential virtual machines (VMs) in April 2020. Later that year, Google Cloud also introduced its confidential VMs as the first product in its confidential computing portfolio, while AWS announced the general availability of its Nitro Enclaves on top of the basic confidential computing capabilities from its Nitro System.

Those capabilities in general cover two dimensions of confidential computing. In addition to preventing cloud providers from seeing your data, the technology also can provide a secure platform for multiple parties to combine and analyze sensitive data without exposing the data to the other party. This enables use cases such as multi-party computing or federated learning, which can benefit health care, financial, and Web3 organizations.

Microsoft rolled out enhanced threat intelligence and external attack surface management services designed to track threat actor activities and patterns and offer an outside-in view of the user’s attack surface.

Microsoft Defender Threat Intelligence service is based on capabilities from the company’s RiskIQ acquisition; security information and signal Microsoft tracks; and analysis from former RiskIQ security research teams along with Microsoft’s nation-state tracking team, Threat Intelligence Center, and the Microsoft 365 Defender security research teams.

“The volume, scale, and depth of intelligence is designed to empower security operations centers (SOCs) to understand the specific threats their organization faces and to harden their security posture accordingly,” Vasu Jakkal, corporate VP of compliance, identity, management, and privacy at Microsoft Security, noted in a blog post.

Microsoft executives touted the tech giant’s ability to deliver comprehensive security during its annual Inspire conference. The latest addition was a cloud and data sovereignty service for the global public sector, dubbed Microsoft Cloud for Sovereignty.

“[In] today’s geopolitical and economic climate, data sovereignty has become increasingly important for customers, especially in the public sector,” Vasu Jakkal, corporate VP of security, compliance, and identity at Microsoft, said during her speech. The new service can “allow public sector customers to have the full power of cloud capabilities — resiliency, security, and scale, while respecting the public sector sovereignty.”

Microsoft Cloud for Sovereignty is built on the company’s public cloud to accelerate governments’ digital transformation, starting with its Azure regional data centers. The service helps customers meet regulatory requirements and implement policies to contain their data and applications within their preferred geographic boundary.

As cloud giants fight over cybersecurity, what might be next in Google’s security shopping cart?

The tech titan grabbed cyberdefense and response vendor Mandiant, which followed its acquisition of security orchestration, automation, and response (SOAR) vendor Siemplify. It previously acquired security information and event management (SIEM) platform Chronicle in 2019, which is now Google Cloud’s security analytics platform.

Google’s “spree is not over," as the hyperscaler still has major portfolio gaps in endpoint detection and response (EDR), Forrester analysts wrote. “Given that GCP needs EDR to gain full ownership of the technologies that comprise its XDR offering, its next shopping list likely includes an EDR tool," the firm explained.

“Microsoft publicly stated they have a $15 billion security business, and Google’s looking at opportunities that match its cloud delivery model … that Microsoft is doing well with,” Gartner VP Neil MacDonald told SDxCentral. “I think that’s a general way to look at that pattern.”

Mandiant CEO Kevin Mandia envisions its merger into Google Cloud will enable amplification and further automation of the security powerhouse’s capabilities to stop the most current attacks while remaining control agnostic.

Google Cloud CISO Phil Venables said Mandiant will bring proactive defense to the tech giant’s existing security portfolio and called this deal “complementary and compelling.”

Google Cloud announced Chronicle Security Operations, a cloud software suite that will better enable cybersecurity teams to detect, investigate, and respond to threats. Venables said the suite will lead Google Cloud to create a “complete end-to-end security operations stack.”

Chronicle Security Operations unifies Chronicle’s SIEM tech with SOAR solutions from Google’s Siemplify acquisition and threat intelligence from Google Cloud.

The suite’s capabilities include access to cloud-scale data, curated detections, and automated responses to common security threats such as phishing and malware, all on a common platform.