By Natalie DeCoste

Microsoft announced on July 21 that it is acquiring CloudKnox Security to help strengthen its cybersecurity.

The deal allows Microsoft to expand its security business and keep Windows and its other products secure. CloudKnox Security claims to be the only multi-cloud, hybrid cloud permissions management platform. The company provides “granular visibility,” automated remediation, and continuous monitoring for its customers.

“Today, Microsoft is taking a significant step toward this goal with the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk, and it employs continuous analytics to help prevent security breaches and ensure compliance. This strengthens our comprehensive approach to cloud security,” wrote Microsoft in the announcement.

CloudKnox was founded in 2016 and employs only 58 people. Through four rounds of outside funding, the company raised $22.8 million. It most recently closed a $12 million Series A funding round led by Sorenson Ventures in January 2020.

ClodKnox’s software works with Microsoft’s Azure public cloud, as well as the Amazon and Google clouds. The software identifies and can remove permissions for employees and virtual identities that are not actively in use and can also show alerts about unusual activity.

The security industry is important for Microsoft’s business. In January, the company said it had generated over $10 billion in security revenue in the previous 12 months, up more than 40% year over year. The revenue figures show Microsoft’s security sector is growing faster than most of its other product areas. Microsoft acknowledged both the growth of the online world and the importance of security online to consumers in its announcement.

“At Microsoft, we are committed to supporting organizations in their digital transformation and helping them to deliver secure and seamless experiences. Since IT modernization often spans multiple clouds, cloud security and identity are top of mind for most of our customers. Modern identity security needs to protect all users and resources consistently across multi-cloud and hybrid cloud environments,” wrote the company.

The acquisition is in line with Microsoft’s identity priorities for 2021 laid out by Joy Chik, Corporate Vice President of Microsoft Identity. Chik stressed the importance of a Zero Trust security approach, a security concept centered on the belief that organizations should not automatically trust anything inside or outside their perimeters and must verify everything.

“The acquisition of CloudKnox further enables Microsoft Azure Active Directory customers with granular visibility, continuous monitoring and automated remediation for hybrid and multi-cloud permissions. We are committed to providing our customers with unified privileged access management, identity governance and entitlement management,” explained the company.

This acquisition is similar to Microsoft’s acquisition of RiskIQ and ReFirm Labs. RiskIQ is a leader in global threat intelligence and attack surface management, and ReFirm Labs are the creators of the Binwalk open-source software. The software from Refirm is used to analyze thousands of device types for firmware security issues. It has uncovered unpatched common vulnerabilities and exposures, insecure secrets, and numerous other security problems in embedded firmware.