Microsoft distribution edge and AWS and Google integration moves are reshaping competitive dynamics

The emerging pattern of multicloud security consolidation has direct implications for both Amazon Web Services (AWS) and Microsoft, as enterprises reassess detection pipelines, governance models and operating frameworks heading into 2026. Although AWS remains well positioned in analytics-heavy workloads, the company needs to reevaluate its long-established “building block” approach, especially as peers deliver more integrated platforms. For Microsoft, its strengths will continue to be with organizations where Microsoft 365 already anchors their identity and collaboration strategies.

Interoperability in agentic systems calls for greater interoperability in security

Security has been a top concern among enterprises for years, and that history of investment has often translated into sprawling security estates, posing a challenge for AI adoption. If agentic AI systems are going to work across platforms, security needs to work across platforms as well.
 
At Ignite 2025, Microsoft outlined a path intended to pull customers toward a more unified operating model. Tighter integrations across the company’s Defender, Sentinel and Purview offerings as well as the new Agent 365 control plane were a major development. However, announcements stating Security Copilot capacity will be bundled with both Microsoft 365 E5 and expanded Sentinel connectors for AWS really caught TBR’s attention. Sentinel’s updated AWS integration now uses an S3- and SQS-based model that ingests CloudTrail, GuardDuty, VPC Flow Logs and selected CloudWatch exports through an AWS Identity and Access Management role, allowing those signals to be correlated with Microsoft-native alerts in a unified analytics and response workflow. Creating more streamlined cross-cloud security signals Microsoft’s clear expectation that customers centralize analytics, automate more of the SOC and apply enterprise-level governance to AI agents rather than allow fragmented, team-level management.
 
AWS and Google are also responding to cross-cloud telemetry challenges. AWS has broadened Security Lake into a hub that can ingest and normalize signals from a wide ecosystem, including tools such as CrowdStrike, Palo Alto Networks Prisma Cloud, Wiz, Lacework, SentinelOne, Zscaler, Okta, Cisco Secure Firewall, ExtraHop, Vectra AI, Splunk, IBM QRadar, Datadog and Sumo Logic. Security Lake standardizes these feeds via OCSF (open cybersecurity scheme framework) and allows downstream analytics through OpenSearch Service or partner SIEMs (security information and event management).
 
Google Security Operations has taken a different path, building a SIEM and SOAR (security orchestration, automation and response) platform with a large connector catalog spanning GuardDuty, Security Hub, CloudTrail, Azure Active Directory, Carbon Black, network-security vendors, CSPM (cloud security posture management) tools and a wide set of SaaS and identity integrations. These connectors feed normalized telemetry directly into SecOps’ analytics and playbook engine, enabling orchestration and automated response across heterogeneous environments. The strength of Google’s approach lies in its broad ingestion and automation capabilities, though its native alignment remains strongest where organizations standardize on Google Workspace and Cloud Identity.
 
With each vendor pursuing new security integrations, Microsoft’s greatest point of differentiation is its distribution advantage. The company’s security capabilities sit on top of the widespread Microsoft 365 and Entra ID install base, giving Microsoft direct access to identity, endpoint and collaboration signals without requiring separate platform deployment. Moreover, partners can attach services to an installed base rather than drive net-new platform adoption, enabling faster scale and lower friction. AWS and Google can compete on analytics, automation or integration, though arguably both lack the access to enterprise control points that Microsoft derives from its productivity stack.

Explore deeper data and analysis

Although the cloud ecosystems market is complex, it is the backbone of the broader digital transformation (DT) opportunity. As a result, studying the relationship between services vendors and technology vendors provides a glimpse into some of the key issues many participants face as they work toward the same outcome: winning both market share and mindshare. As it leverages insights across all of TBR’s practices, the Cloud Ecosystem Report can help you better understand the nuanced trends and forces at play within cloud, professional services and other IT markets.
 
With TBR Insight Center’s interactive data visualization feature, your team can quickly adapt thousands of data points for their competitive analysis, go-to-market strategy, and executive briefings. The tool enables users to curate relevant quantitative insights by company, business unit and/or market segment, creating a report specific to your needs and ensuring consistent frameworks across projects.
 
Explore Insight Center’s data visualization tool with the video below, and start your free trial today to access this one-of-a-kind tool.
 

TBR Insight Center™ Data Visualization Tool

 

The mobile industry continues to beat the drum for more spectrum, but it should instead focus on fully utilizing the spectrum already allocated. TBR notes there are vast tranches of spectrum in the U.S. market that are broadly underutilized, either for technical or economic reasons. And challenges will only worsen as the industry aims to bring upper midband frequencies into the fray, which have greater propagation challenges and are less suited for macro coverage.
 

The U.S. needs to do a better job, guided by government institutions like the Federal Communications Commission, of utilizing Citizens Broadband Radio Service (CBRS), C-Band, 6GHz and mmWave bands, which are woefully underutilized today. For example, only a relatively small portion of midband spectrum has been deployed in the U.S. market to date, implying that well over half of it has not yet been put to use. (CSPs are either sitting on it or hoarding it.)
 

Most 4G and 5G network traffic in the U.S. today runs over low bands, such as 600MHz to 800MHz, and the lower midband (1GHz to 2.6GHz, especially 2.5GHz), with C-Band increasing but still far from its full utilization potential. MmWave bands hold promise, but for economic and technical reasons, they were used only in very specific situations, mostly for LAN capacity.
 

Additionally, spectrum warehousing entities like EchoStar (which recently reluctantly agreed to sell a portion of its vast spectrum holdings to Starlink and AT&T) and private equities are still sitting on large tranches of unused spectrum. The government should redirect its efforts toward addressing these market dislocations rather than straining to bring new spectrum to a market that might not even be used (case in point, CBRS). This should be a mandatory government push because dislocations created by negative externalities of capitalism threaten to keep the U.S. behind China in key technological domains; specifically, corporations with a scarcity mindset are hoarding, but not necessarily using, the spectrum resources they have. The U.S. is already behind China across several key technologies (e.g., 5G, hypersonic missiles, electric batteries and vehicles, rare earth element processing). It is unacceptable for the U.S. to fall behind on 6G as well.
 

Explore TBR’s 2026 predictions for the telecom industry in our latest special report, Telecom Industry Will Adapt to K-shaped Economy in 2026.