Securing Cloud Infrastructure: Native vs Cloud Control

As the number of enterprises moving to the cloud exponentially grows, there has been an inevitable rise in cloud security breaches. Despite this rise enterprises still fail to understand the need to implement a future proof strategy securing cloud infrastructure and implement a cloud security solution. At Cyberseer we educate our clients as most organisations perceive that:

  1. Cloud is secure by default so why would I use Cloud Control?
  2. I already have native security tools that my cloud service provider offers me, so why should I invest in a third-party tool?

Here we answer these two common questions which may seem fairly simple and straightforward on the surface:

Who is responsible for cloud security?

It is highly important that the enterprises adopting the cloud are familiar with the shared responsibility of security that is a standard across all the cloud providers. Cloud providers are responsible for security “of” the cloud while security “in” the cloud is the responsibility of the enterprise.

The cloud provider’s responsibilities can be summed up as follows:

  • Protecting the cloud provider’s physical premises, software, network, and hardware.
  • Server-level security i.e. protection against attacks that would affect the entire cloud server
  • Ensuring their systems are always updated and have the necessary patches in place
  • Providing business continuity services and contingencies in case of an accident or system failure

The customer is responsible for the following:

  • Ensuring systems are properly configured
  • Security of traffic coming in and out of the server
  • Maintenance and protection of all platforms and applications running on the cloud
  • Patching their OS and applications
  • Configuring their OS, databases, and applications
  • Managing and handling all matters related to login, authentication and access permissions
  • Protection of the data that enters and exits the cloud service
  • Controlling what data is loaded to the cloud and ensuring an appropriate level of encryption
  • Enforcing security best practices for the cloud
C3M Cloud Control: Control​table of shared responsibility model

The cloud provider protects the underlying infrastructure of the cloud from vulnerabilities, intrusions, fraud, and abuse, and provide its customers with adequate security capabilities.

However, it is the customer’s responsibility to ensure that they make the most of these security capabilities. Eg: In the case of AWS, it is the customer’s responsibility to enforce necessary access control policies using AWS IAM, configure Security Groups, enable CloudTrial, etc.

What about native tools?

Cloud service providers all offer their own native security tools that can easily be configured and deployed. These tools normally reside within the same console as the infrastructure services and hence the tool can be easily used.

For organisations with very minimal security aspirations, such tools works perfectly. However, for an organisation that has greater security requirements and operates in a regulated industry such tools are not effective.

Cloud providers native tools do not offer the depth of coverage that Cloud Control offers. What’s more the portability across multiple clouds is impossible meaning a separate interface and configuration per cloud provider is required. By using Cloud Control, a consistent policy can be rolled out across multiple cloud providers using a single interface.

Below is a comparison between the native security tools offered by the cloud service providers and Cloud Control

Securing the Cloud Infrastructure: Native vs Cloud Control table of natvie tools vs cloud control

If you would like to know more about C3M Cloud Control or about any of our services then please get in touch with us here.

Published 23rd June

These advanced technologies power our MSSP SOC Service offering: