rvlsoft - Fotolia
When -- and when not -- to use cloud native security tools
Security tools from cloud vendors are convenient, but that doesn't mean they are always the right choice. Learn how to decide when you should opt to use third-party security tools.
With cyberattacks on the rise, it is no surprise that cloud security is a top priority for most -- if not all -- organizations. But IT teams often struggle to choose the right strategy because there are so many tools and services to help secure their environments.
There are two categories of services available to secure cloud workloads: cloud native security tools supplied by the vendors, and third-party security tools from other companies or, in some cases, open source projects.
But which type of cloud security tool is best? The answer depends largely on the specific cloud architecture and the nature of an enterprise's security needs.
Cloud native security tools
Most major public cloud providers offer several types of cloud native security tools, each meant to address different security demands. But it is up to the users to find the one that fits their specific security requirements.
Before deciding if a cloud native security tool is right for your workloads, explore the different types of security offerings available from AWS, Google and Microsoft. The functionality of the tools from each vendor within each category are more or less equivalent, although it's not always possible to draw a one-to-one comparison between them.
Identity and access management
All of the public clouds offer identity and access management (IAM) frameworks. Cloud admins can use these frameworks to configure which users or services have access to different cloud-based workloads or resources.
These types of vendor tools also offer complementary services for enforcing two-factor authentication, integrating cloud-based IAM frameworks with directory services, and managing other common tasks related to authentication and authorization.
Auditing and monitoring
Cloud native security tools like Amazon Inspector and Microsoft Azure Security Center automatically inspect the configuration of common types of cloud workloads and generate alerts when potential security problems are detected. Google Cloud Data Loss Prevention and Amazon Macie provide similar functionality for data by automatically detecting sensitive information that is not properly secured and alerting the user.
To protect data even further there are tools, such as Amazon GuardDuty and Azure Advanced Threat Protection, that monitor for events that could signal security issues within cloud-based and on-premises environments.
Firewalls and anti-DDoS
IT teams use services like Google Cloud Armor, AWS Web Application Firewall and Azure Firewall to configure firewalls that control network access to applications running in the cloud. Related tools provide mitigation against DDoS attacks that target cloud-based resources.
Encryption
Data stored on the major public clouds can be encrypted electively -- or is encrypted automatically by default -- using native functionality built into storage services like Amazon S3 and Azure Blob Storage. Public cloud vendors also offer cloud-based key management services, like Azure Key Vault and Google Key Management Service, for securely keeping track of encryption keys.
Security operations centers
Finally, to help cloud admins centrally manage all of the security tools and their associated data, cloud vendors also offer services that are more or less the equivalent of security operations centers. The Big Three providers offer Azure Security Center, AWS Security Hub and Google Cloud Platform's Security Command Center to help users manage their security tools.
Third-party cloud security tools
While some organizations will default to their cloud provider's native security tools, there are other options. In fact, many third-party tools can achieve the same functionality described above.
For example, if you want to monitor your cloud infrastructure for security events, you can use commercial services, such as Splunk, IBM QRadar or LogRhythm, which also offer many of the features of a security operations center.
Data stored in the cloud can be encrypted by open source tools such as VeraCrypt or AxCrypt. Third-party firewall services like Cloudflare and Akamai can protect cloud applications against network-borne threats.
This begs the question: Are you better off using your cloud vendor's security tools, or opting for a third-party offering? There are three factors to weigh in determining the best approach.
What are your on-premises security needs?
Although you can use some cloud native security services -- such as Amazon GuardDuty and Azure Advanced Threat Protection -- to manage security risks for on-premises and cloud-based infrastructure, others work only in the cloud. You can't use the native encryption features of a cloud-based data security service to encrypt on-premises data, for instance.
As another example, cloud-based firewall services could potentially be used to secure on-premises applications, but only if you set up a relatively complicated and expensive architecture to integrate those apps with cloud firewall services.
For this reason, organizations that have an extensive presence on premises and in the public cloud are better off using third-party options. In this scenario, public cloud native security tools are not enough because third-party providers offer greater parity in securing both cloud-based and on-premises resources.
Are you a multi-cloud organization?
Similarly, organizations with a multi-cloud strategy should probably choose third-party security tools. Native security offerings from one cloud vendor are not usually designed to work with those on competing public clouds.
It may be possible -- in some cases -- to build complex manual integrations that would enable an IT team to ingest security-related data from one cloud into a security monitoring tool on another cloud. But this is more trouble than it's worth. Instead, opt for a third-party tool that integrates with data or services from multiple cloud vendors at the same time.
How will your cloud security needs scale and evolve?
You'll also want to consider how extensive your cloud security needs are, and how you expect them to grow over time.
If you have just a few workloads running in the cloud and don't expect that to change for a while, it may be feasible to secure them with your cloud vendor's security tools alone. In most cases, this approach is faster to set up because the security tools are natively integrated with your cloud services.
However, if you expect your cloud footprint to grow steadily, or you need the flexibility to move to other clouds or migrate workloads back on premises, a third-party security service will offer greater agility.