I was looking for general views on which of the major cloud vendors people feel have the more robust, consistent security model?
AWS has the appeal for size and support and a larger pool of AWS certified architects and developers. However, anecdotally I have seen Azure support more privacy controls and general security controls for the financial services industry. AWS would be a wider canvas that would need an experienced team to implement. Azure seems to work with clients more to support (and understands) the GDPR (privacy) concerns. Hope this helps!
It depends on what you're looking for in terms of your use case, rather than just look at technical security or compliance. With both it's important you understand respective responsibilities of the CSP and yourself.
I know for a long time the "cloud" was frowned upon by security people, myself included. Then I took a class on Azure and it opened up my eyes to the possibilities. It is doing the same basic things we were doing on premise (virtual devices, server administration, etc.) but on their infrastructure. I realized we could have a lot of the same security vulnerabilities here on site as well (poor or incorrect setup of security parameters, poor administration of resources, etc.). Once I understood how the "cloud" worked, I became more pro-cloud. Plus Azure (I'm sure AWS or others too) could do data replication and redundancy A LOT better than I could. I'm pretty sure they also have a big security staff as well.
Regardless of which way you go, I recommend not only sending your IT staff through the training classes, but your security folks as well. Once they understand how it works they can better secure it.
> CISOScott (Advocate I) posted a new reply in Tech Talk on 11-21-2018 07:36 AM in
> Then I took a class on Azure and it opened up my eyes to the
Right, he's drunk the Microsoft koolaid. I don't think there's any hope, but he still
might be saved ...
Some of you will get the Kool-Aid reference.
I feel that I would feel the same way had it been an AWS class........
> CISOScott (Advocate I) mentioned you in a post! Join the conversation below:
> I feel that I would feel the same way had it
> been an AWS class........
Different flavour, but ... 🙂
Lets put a filibuster into the mix here:
So if you sat down, compared the core Cloud Providers by the using the CSA Cloud security matrix, how would they stack up?
Anyone done this assessment?
Plus I think you should also weight up, how many public security breaches against both have occurred as well?
Plus how much is the business decision based on cost?
I have seen some organisations spread the risk, by using a combination of Cloud providers including Private Cloud to ensure they are fully resilient.
Plus just to add some heat to this conversation:
Microsoft MFA just went into meltdown literally again.
I made a preference for AWS because they less frequently change stuff in the control plane, they have a bigger footprint and due to less frequent changes have fewer outages.
Having said that I still think the other cloud platforms are very good and enable businesses to attain new synergies. Pick and mix would be a good strategy, or spread your risk.