Help
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
isc2clack
Newcomer I
‎11-20-2018 05:09 PM
‎11-20-2018 05:09 PM

AWS or Azure

Hi,

 

I was looking for general views on which of the major cloud vendors people feel have the more robust, consistent security model?

 

Thanks

Reply
0 Kudos
12 Replies
Brendan
Newcomer II
‎11-20-2018 07:01 PM
‎11-20-2018 07:01 PM

AWS has the appeal for size and support and a larger pool of AWS certified architects and developers.  However, anecdotally I have seen Azure support more privacy controls and general security controls for the financial services industry.  AWS would be a wider canvas that would need an experienced team to implement.  Azure seems to work with clients more to support (and understands) the GDPR (privacy) concerns.  Hope this helps!

Reply
0 Kudos
Steve-Wilme
Advocate II
‎11-21-2018 04:27 AM
‎11-21-2018 04:27 AM

It depends on what you're looking for in terms of your use case, rather than just look at technical security or compliance.  With both it's important you understand respective responsibilities of the CSP and yourself.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos
CISOScott
Community Champion
‎11-21-2018 07:36 AM
‎11-21-2018 07:36 AM

I know for a long time the "cloud" was frowned upon by security people, myself included. Then I took a class on Azure and it opened up my eyes to the possibilities. It is doing the same basic things we were doing on premise (virtual devices, server administration, etc.) but on their infrastructure. I realized we could have a lot of the same security vulnerabilities here on site as well (poor or incorrect setup of security parameters, poor administration of resources, etc.). Once I understood how the "cloud" worked, I became more pro-cloud. Plus Azure (I'm sure AWS or others too) could do data replication and redundancy A LOT better than I could. I'm pretty sure they also have a big security staff as well.

 

Regardless of which way you go, I recommend not only sending your IT staff through the training classes, but your security folks as well. Once they understand how it works they can better secure it.

Reply
rslade
Influencer II
‎11-21-2018 01:07 PM
‎11-21-2018 01:07 PM

> CISOScott (Advocate I) posted a new reply in Tech Talk on 11-21-2018 07:36 AM in

> Then I took a class on Azure and it opened up my eyes to the
> possibilities.

Right, he's drunk the Microsoft koolaid. I don't think there's any hope, but he still
might be saved ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
... if they go to church sometimes, and abstain from the
grossest acts of mortal sin, though they are ignorant of the
spirit and power of godliness and have no sense of the love of
God and universal benevolence, yet they rest well satisfied of
their salvation and are pleased to think they may enjoy the world
as much as they can while they live and have heaven in reserve
when they die. - Susanna Wesley
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
CISOScott
Community Champion
‎11-21-2018 01:41 PM
‎11-21-2018 01:41 PM

@rslade wrote:
> CISOScott (Advocate I) posted a new reply in Tech Talk on 11-21-2018 07:36 AM in

> Then I took a class on Azure and it opened up my eyes to the
> possibilities.

Right, he's drunk the Microsoft koolaid. I don't think there's any hope, but he still
might be saved ...

 

Oh Yeah!

 

Some of you will get the Kool-Aid reference.

 

I feel that I would feel the same way had it been an AWS class........

Reply
0 Kudos
rslade
Influencer II
‎11-22-2018 12:57 PM
‎11-22-2018 12:57 PM

> CISOScott (Advocate I) mentioned you in a post! Join the conversation below:

>    I feel that I would feel the same way had it
> been an AWS class........

Different flavour, but ...   🙂


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
Caute_cautim
Community Champion
‎11-27-2018 02:06 PM
‎11-27-2018 02:06 PM

Lets put a filibuster into the mix here: 

 

So if you sat down, compared the core Cloud Providers by the using the CSA Cloud security matrix, how would they stack up?

 

Anyone done this assessment?

 

Plus I think you should also weight up, how many public security breaches against both have occurred as well?

 

Plus how much is the business decision based on cost?  

 

I have seen some organisations spread the risk, by using a combination of Cloud providers including Private Cloud to ensure they are fully resilient.

 

Regards

 

Caute_cautim

Reply
Caute_cautim
Community Champion
‎11-27-2018 03:34 PM
‎11-27-2018 03:34 PM

Plus just to add some heat to this conversation:

 

https://itwire.com/security/85421-microsoft-cloud-services-hit-by-mfa-issues-again.html

 

Microsoft MFA just went into meltdown literally again.

 

regards

 

Caute_cautim

Reply
Kempy
Newcomer III
‎12-07-2018 11:12 AM
‎12-07-2018 11:12 AM

I made a preference for AWS because they less frequently change stuff in the control plane, they have a bigger footprint and due to less frequent changes have fewer outages. 

Having said that I still think the other cloud platforms are very good and enable businesses to attain new synergies. Pick and mix would be a good strategy, or spread your risk.

Reply
li.common.scroll-to.top