cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
isc2clack
Newcomer I

AWS or Azure

Hi,

 

I was looking for general views on which of the major cloud vendors people feel have the more robust, consistent security model?

 

Thanks

12 Replies
Brendan
Newcomer II

AWS has the appeal for size and support and a larger pool of AWS certified architects and developers.  However, anecdotally I have seen Azure support more privacy controls and general security controls for the financial services industry.  AWS would be a wider canvas that would need an experienced team to implement.  Azure seems to work with clients more to support (and understands) the GDPR (privacy) concerns.  Hope this helps!

Steve-Wilme
Advocate II

It depends on what you're looking for in terms of your use case, rather than just look at technical security or compliance.  With both it's important you understand respective responsibilities of the CSP and yourself.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
CISOScott
Community Champion

I know for a long time the "cloud" was frowned upon by security people, myself included. Then I took a class on Azure and it opened up my eyes to the possibilities. It is doing the same basic things we were doing on premise (virtual devices, server administration, etc.) but on their infrastructure. I realized we could have a lot of the same security vulnerabilities here on site as well (poor or incorrect setup of security parameters, poor administration of resources, etc.). Once I understood how the "cloud" worked, I became more pro-cloud. Plus Azure (I'm sure AWS or others too) could do data replication and redundancy A LOT better than I could. I'm pretty sure they also have a big security staff as well.

 

Regardless of which way you go, I recommend not only sending your IT staff through the training classes, but your security folks as well. Once they understand how it works they can better secure it.

rslade
Influencer II

> CISOScott (Advocate I) posted a new reply in Tech Talk on 11-21-2018 07:36 AM in

> Then I took a class on Azure and it opened up my eyes to the
> possibilities.

Right, he's drunk the Microsoft koolaid. I don't think there's any hope, but he still
might be saved ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
... if they go to church sometimes, and abstain from the
grossest acts of mortal sin, though they are ignorant of the
spirit and power of godliness and have no sense of the love of
God and universal benevolence, yet they rest well satisfied of
their salvation and are pleased to think they may enjoy the world
as much as they can while they live and have heaven in reserve
when they die. - Susanna Wesley
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
CISOScott
Community Champion


@rslade wrote:
> CISOScott (Advocate I) posted a new reply in Tech Talk on 11-21-2018 07:36 AM in

> Then I took a class on Azure and it opened up my eyes to the
> possibilities.

Right, he's drunk the Microsoft koolaid. I don't think there's any hope, but he still
might be saved ...


 

Oh Yeah!

 

Some of you will get the Kool-Aid reference.

 

I feel that I would feel the same way had it been an AWS class........

rslade
Influencer II

> CISOScott (Advocate I) mentioned you in a post! Join the conversation below:

>    I feel that I would feel the same way had it
> been an AWS class........

Different flavour, but ...   🙂


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

Lets put a filibuster into the mix here: 

 

So if you sat down, compared the core Cloud Providers by the using the CSA Cloud security matrix, how would they stack up?

 

Anyone done this assessment?

 

Plus I think you should also weight up, how many public security breaches against both have occurred as well?

 

Plus how much is the business decision based on cost?  

 

I have seen some organisations spread the risk, by using a combination of Cloud providers including Private Cloud to ensure they are fully resilient.

 

Regards

 

Caute_cautim

Caute_cautim
Community Champion

Plus just to add some heat to this conversation:

 

https://itwire.com/security/85421-microsoft-cloud-services-hit-by-mfa-issues-again.html

 

Microsoft MFA just went into meltdown literally again.

 

regards

 

Caute_cautim

Kempy
Newcomer III

I made a preference for AWS because they less frequently change stuff in the control plane, they have a bigger footprint and due to less frequent changes have fewer outages. 

Having said that I still think the other cloud platforms are very good and enable businesses to attain new synergies. Pick and mix would be a good strategy, or spread your risk.