With the barrage of security breaches in the news, there is a strong focus on securing resources in the cloud. In this post, we’ll explore security offerings from Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. Show
Your keys to a better careerGet started with ACG and transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond. What is cloud security?Cloud security is actually a combination of security controls and settings, and not just a single setting or checkbox. There is often confusion around cloud security, and that’s because organizations don’t always know what they are responsible for. What’s even worse is that some organizations think that the cloud platforms are responsible for anything security-related — and that’s a big problem because it’s definitely not the case. Enter the first stop on our tour of all things security in the cloud: the shared responsibility model.
In order to better understand who is responsible for security in the cloud, we need to reference something called the shared responsibility model. The shared responsibility model is a framework that helps differentiate when the cloud provider is accountable for security and when your organization is accountable for security, based on what is deployed in the cloud. Now, let’s take a look at the three cloud platforms’ way of handling the shared responsibility model. In general, all three cloud providers follow the same principles for shared responsibility; they just have slightly different approaches. Azure’s shared responsibility modelAzure’s shared responsibility model splits responsibility into three main categories.
AWS shared responsibility modelFor the AWS Shared Responsibility Model, AWS takes a more simplistic approach. Customers are responsible for security in the cloud — meaning their own data, user accounts, applications, and so forth. While AWS is responsible for the security of the cloud — including underlying hardware within the data centers such as physical hosts, storage, and networking. Google Cloud’s shared responsibility modelGoogle’s approach to the shared responsibility model is a bit more complex as they specify in detail, in each instance, who is responsible for security. It’s called the Shared Responsibility Matrix. Identity and Access Management (IAM)As we saw under the different shared responsibility models, organizations are responsible for user accounts. This forms part of what is called identity and access management, or IAM for short. IAM is a term used for defining user access with a privileged role, also known as role-based access control. We’ll do a quick overview of IAM here, but for a deeper dive check out our separate post comparing AWS, Azure, and Google Cloud IAM services. There are some shared user and IAM features across all three platforms, including multi-factor authentication (MFA), single sign-on (SSO), built-in role-based access control (RBAC), and custom role-based access control. One key difference, though, across the platforms is privileged access management (PAM), which is used to manage privileged accounts for users or resources deployed based on IaaS, PaaS, or SaaS.
IAM feeling like a PITA? Check out Fixing 5 Common AWS IAM Errors for a look into the cause and resolution for some of the most common AWS IAM errors. IaaS SecurityLet’s compare some of the IAAS workload security solutions each platform offers. Distributed denial of service protection
Secrets management
Virtual private networking
Data security (PaaS)Next, let’s have a look at how the platforms approach platform as a service or PaaS security. Let’s focus on securing data as this hosts important organizational or customer information, which is one of the main goals for hackers. All three cloud platforms support the following security controls from a database point of view.
Get the Cloud Dictionary of Pain Built-in security and compliance (SaaS)Most organizations have to comply with a set of security standards, and the same rules apply for cloud workloads. Let’s take a moment to understand how the cloud platforms help organizations meet cloud security compliance.
Compliance tools on all three cloud platforms support the most compliance standards such as ISO 27001, PCI, DSS, and many more. These tools have the capability to audit the resources deployed and advise on security best practices to ensure your environment is secure and you have not missed anything major from a security or configuration point of view. Marketplace support for cloud securityLastly, it’s worth mentioning that each cloud platform offers a marketplace where customers can make use of third-party vendor applications to meet specific security requirements. AWS and Azure are leading the way on this, with GCP trying to catch up. At the end of the day, when you choose a cloud provider, there are multiple security decisions to make alongside other considerations such as pricing, hybrid identities, and skills to support your solutions. If you want to learn more about cloud security, check out our security-related learning paths, including Azure Security and AWS Security. These learning paths will guide from novice to guru with a hands-on learning approach. Thanks for reading, and keep being awesome, cloud gurus! Securing Your AWS EnvironmentIn this free, on-demand webinar, get a breakdown of taking complex AWS environments from zero to secure. Who has better security AWS or Azure?AWS and Azure are almost evenly matched. Except AWS offers slightly more secure encryption with the addition of the Galois Counter Mode (GCM). Furthermore, AWS has more encryption services and key management options. Finally, AWS has more in-depth documentation for its services and options than Azure.
Which cloud provider has the best security?On cloud security: Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.
Is Google Cloud better than AWS and Azure?Google Cloud is quite popular among startups as it offers various discounts for cloud users. Google Cloud is better for you if pricing is a significant aspect. Azure offers immense flexibility, and AWS has the edge over the others with its massive global footprint.
Why is a cloud infrastructure like AWS or Azure more secure?Encryption of Storage Data
The Simple Storage Service (S3) on AWS and Blob on Azure provide the cloud storage services and support encryption of data with keys.
|