Changing perceptions of network security tools from CSPs
Research from Enterprise Strategy Group found the conversation about cloud service provider and third-party vendor network security tools is changing.
- John Grady,
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
Security teams have a variety of options when it comes to network security for cloud environments. Cloud service providers offer capabilities such as security groups to enforce traffic policies and act as a basic firewall as well as discrete products for additional protection. While historically CSP network security options were deemed not as secure as third-party tools, the perception is changing.
Let's look at how CSPs have improved their network security tools and begun achieving parity with third-party vendors.
Cloud service provider vs. third-party vendor network security
Beyond security groups, CSPs have introduced products, such as Azure Firewall and AWS Network Firewall, which offer additional threat-prevention capabilities. Meanwhile, third-party security vendors, such as Cisco, Fortinet and Palo Alto Networks, offer options ranging from VMs to cloud-native firewalls to protect cloud environments.
Historically, the choice of which firewall to use depended on how organizations prioritized ease of use versus efficacy. The belief was that CSP tools were easy to deploy, configure, scale and manage, but offered weaker threat protection. Conversely, third-party tools -- VMs in particular -- required more work to deploy, but provided strong efficacy backed by global threat intelligence networks and years of security expertise.
CSPs and vendors have worked to close the gap in both directions. The introduction of cloud-native firewalls by third-party vendors, in close collaboration with CSP partners, addresses the deployment and configuration concerns voiced around VMs.
On the other side, CSPs continue to invest in security across the board, and it appears to be paying dividends. Research from Enterprise Strategy Group, now part of Omdia, found that among organizations using network security tools from CSPs, 60% said the most common reason was better efficacy. This was also the top reason organizations using third-party tools said they did so, but the important point is that many feel the protection they get from CSP tools is now more than "good enough."
How do companies select network security from CSPs or vendors?
Third-party vendors still have an advantage from an efficacy perspective. The fact that CSPs are partnering to add third-party intrusion prevention is one example. So, the question becomes: How should security teams choose between the two options?
More and more, it comes down to enabling consistency for hybrid and multi-cloud environments. Security teams cite a variety of challenges when it comes to protecting their public cloud infrastructure. One area many organizations still struggle with is ensuring consistency across their cloud infrastructure and on-premises data centers.
Enterprise Strategy Group research found that while respondents listed a long list of challenges, 35% said ensuring consistent security policies across their entire environment was an issue, and 29% said maintaining consistent visibility across their entire environment was a challenge. Even more concerning, 44% of organizations that experienced an attack on their public cloud infrastructure in the last 24 months said it was due to malware moving laterally.
Security teams want to simplify their infrastructure. Nine out of 10 said they would prefer to use the same network security vendors for their cloud-native application environment as the rest of their environment, while 80% said consolidating firewall vendors is a critical or important priority. For organizations maintaining on-premises data centers, branch offices and other non-cloud locations that require a firewall, this could become the key rationale for choosing third-party tools.
Vendors must do their part to promote parity. Simple unified management to ensure policy consistency across on-premises, virtual and cloud-native firewalls; integrations with cloud automation tools; AI both for threat detection and operations; and, of course, advanced threat protection are just some of the key capabilities security teams should prioritize.
Every organization is different, so there's no right or wrong answer here. CSPs' tools have and will continue to make sense for many organizations and use cases. Attackers, however, continue to take advantage of unforced errors. Misconfigurations, gaps in visibility and incorrect policies that enable lateral movement are all examples. For complex, hybrid or multi-cloud environments, a unified third-party firewall approach likely makes the most sense.
John Grady is a principal analyst at Enterprise Strategy Group, now part of Omdia, who covers network security. Grady has more than 15 years of IT vendor and analyst experience.
Enterprise Strategy Group, now part of Omdia, is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.
