Securing the Cloud Infrastructure: Native vs Cloud Control

Despite the rise of cloud security breaches, enterprises fail to understand the need to implement a future proof cloud security solution. Two questions we are constantly asked are:

  • Cloud is secure by default then why Cloud Control?
  • My cloud service provider offers me several native security tools, why should I invest in a third-party tool?

While these questions seem fairly simple and straightforward, to answer them is NOT!!!

Who is responsible for cloud security?

It is highly important that the enterprises adopting the cloud are familiar with the shared responsibility of security that is a standard across all the cloud providers. Cloud providers are responsible for security “of” the cloud while security “in” the cloud is the responsibility of the enterprise.

The cloud provider’s responsibilities can be summed up as follows:

  • Protecting the cloud provider’s physical premises, software, network, and hardware.
  • Server-level security i.e. protection against attacks that would affect the entire cloud server
  • Ensuring their systems are always updated and have the necessary patches in place
  • Providing business continuity services and contingencies in case of an accident or system failure

The customer is responsible for the following:

  • Ensuring systems are properly configured
  • Security of traffic coming in and out of the server
  • Maintenance and protection of all platforms and applications running on the cloud
  • Patching their OS and applications
  • Configuring their OS, databases, and applications
  • Managing and handling all matters related to login, authentication and access permissions
  • Protection of the data that enters and exits the cloud service
  • Controlling what data is loaded to the cloud and ensuring an appropriate level of encryption
  • Enforcing security best practices for the cloud

The cloud provider protects the underlying infrastructure of the cloud from vulnerabilities, intrusions, fraud, and abuse, and provide its customers with adequate security capabilities.

However, it is the customer’s responsibility to ensure that they make the most of these security capabilities. Eg: In the case of AWS, it is the customer’s responsibility to enforce necessary access control policies using AWS IAM, configure Security Groups, enable CloudTrial, etc.

What about native tools?

All the cloud service providers offer their own native security tools that can be easily configured and deployed. These tools normally reside within the same console as the infrastructure services and hence the tool can be easily used.

For an organisation with very minimal security aspirations, such a tool works perfectly. However, for an organisation that has great security aspirations and operates in a regulated industry such tools are not effective.

The native tools offered by the cloud providers are more of a feature than tools. They do not offer the depth of coverage that a tool like Cloud Control offers. Their capabilities are very superficial.

Below is a comparison between the native security tools offered by the cloud service providers and Cloud Control

If you would like to know more about C3M Cloud Control or about any of our services then please get in touch with us here.