The rapid changes in technology have profoundly changed how we interact, communicate and live our day to day life. This has also drastically changed the way business and governments are providing services to consumers and citizens.
Inter connectedness and mobility has significantly changed the consumer expectations, regulators are trying to impose compliance requirements to protect citizen’s data as we well as national critical infrastructure.
The fierce competition to get products to the market as fast as one can have become a mandate to retain consumer loyalty. Businesses are under tremendous pressure to keep the services cost as low as they can and have the flexibility to scale up and down with short notice. This is where cloud services are playing a major role. the major tasks is evaluating the security provided at two layers, first is security for the cloud and second security in the cloud.
The major task while selecting cloud services provider is evaluating the security at two layers, first is security for the cloud and second security in the cloud.
- Security for the cloud
- Security in the cloud
Security for the cloud covers the security up to the hypervisor level. This includes security of the hardware operating system, network access controls for the environment used for providing the cloud services. Providing this security is a responsibility of Cloud service provider.
Security in the cloud is the security that is required for protecting the application, data that is hosted in the cloud. A responsibility of this layer of security varies as per the service type. For details please refer Cloud Security Alliance (CSA) guide.
While designing the security, one needs to understand features provided as a part of service and additional security tools/technologies that need to be deployed and additional security services to subscribe for complying with the regulatory requirements and keep the risks as low as possible.
In this article, we have provided details of the security features from two major cloud services providers Amazon Web Services (AWS) and Microsoft Azure. Hope this information helps you get started.
| Security Feature | AWS | Azure |
| Access Control – Authentication and Authorization | Identity and Access Management (IAM) | Azure Active Directory |
| Directory Services | AWS Directory Service | Azure Active Directory |
| Multifactor Authentication | AWS MFA | Azure Multifactor Authentication |
| Security Assessment service | Amazon Inspector | Azure Security Center |
| SSL Certificates | Amazon Certificate manager | App Service Certificate |
| Hardware Security Manager | AWS Cloud HSM | Azure Key Vault |
| Encryption Key Management | AWS Key Management Service | Azure KeyVault |
| Consolidated Multiple Cloud Account Management | AWS Organization | Not Available at this point in time |
| DDOS protection | AWS Shield | Add on from Azure Market Place |
| Web Application Firewalls | AWS WAF | Azure WAF |
| Security & Compliance | AWS Artifacts | Azure Security and Compliance |
| Web and Mobile Authentication Service | Amazon Cognito | Azure Mobile SDK,Offline/Sync |
| Disaster Recovery | AWS Disaster Recovery | Azure Site Recovery
Azure Backup |
| Security Advisor | AWS Trusted Advisor | Azure Advisor |
| Configuration Inventory | AWS Config. | Azure portal(audit logs) |
| Logging and Security Monitoring | Amazon CloudWatch | Log Analytics
|
| Private Connectivity | AWS Direct Connect | Azure Express Route |
| Network Gateway | Amazon VPN | Azure VPN Gateway |
| Virtual Private Network | Amazon VPC | Azure VNet |
| Antivirus / Antimalware | Antivirus for Gust OS is add on from AWS Market Place | Microsoft Antimalware for Azure Cloud Services & virtual machines |
| Information Protection | Solution from Market place | Azure Information Protection |
| Data Privacy protection | AWS Privacy protection | Microsoft Trust Center |
Note – This information is as per the best knowledge of author and subject to change.
