DisruptOps: The Security Pro’s Quick Comparison: AWS vs. Azure vs. GCP

Posted under: Research and Analysis

I’ve seen a huge increase in the number of questions about cloud providers beyond AWS over the past year, and especially in recent months. I decided to write up an overview comparison in a post over at DisruptOps. This is going to be part of a slow-roll series going into the differences across the major security program domains, such as monitoring, perimeter security, and security management. Here’s an excerpt:

For security professionals the problem is that the security models and controls across these providers are very different, often poorly documented, and completely incompatible. Anyone who tells you they can pick up on these nuances in a few weeks or months with a couple training classes is lying or ignorant. It takes years of hands-on experience to really understand the security ins and outs of a cloud provider.

AWS is the oldest and most mature of the major cloud providers. This is both good and bad, since some of their enterprise-level options are kind of kludged together when the underlying services weren’t architected for the scope of modern cloud deployments. (Don’t worry, the competitors are often kludged together at lower levels which creates entirely different sets of issues).

Azure is the provider I run into the most when running projects and assessments. Azure can be maddening at times due to lack of consistency and poor documentation. Many services also default to less secure configurations. For example, if you create a virtual network and run a virtual machine on it all ports and protocols are open. Where AWS and GCP always start with default deny, Azure starts with default open.

Like Azure, GCP is better centralized since those capabilities were planned from the start (AWS only added it a few years ago). Within your account you have Projects which are isolated from each other except where you connect the services. GCP overall isn’t as mature as AWS but some services, like their container management and AI are class-leading.

– Rich
(0) Comments
Subscribe to our daily email digest

*** This is a Security Bloggers Network syndicated blog from Securosis Blog authored by [email protected] (Securosis). Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)