Cloud Security Tools: Cloud Provider or Third Party Tools?

Who Is Responsible for Cloud Security?

It is important for cloud adopters to be aware of their shared responsibility for security. The shared responsibility model is practiced by all cloud providers. It means that the cloud provider must claim responsibility for the security of the cloud, while the responsibility for securing workloads and data running in the cloud is the responsibility of the cloud customer — your organization.

The following table summarizes the responsibilities of each of the parties.

Cloud Provider Responsibilities	Cloud Customer Responsibilities
Securing the cloud provider’s physical facilities, software, networks, and hardware	Securing your own applications, systems, and datasets running in the cloud
Preventing attacks that affect entire cloud servers	Preventing attacks that leverage traffic to your specific application, or connect directly to your workloads
Make sure cloud provider systems are updated and security patches are applied	Updating and patching any software you install or run on cloud resources
Providing options for business continuity for cloud provider infrastructure in case of disasters or system failures	Ensuring backups and disaster recovery are in place for your workloads, or setting up such capabilities via the cloud provider

In addition, the cloud customer is responsible for:

• Ongoing maintenance of platforms and applications running in the cloud (except those that are fully managed)
• Ensuring secure configuration of operating systems, databases and applications, logging, and secure configuration of all SaaS applications
• Login controls, authentication mechanisms, and permission management
• Protecting data in transit into and out of cloud resources (ingress/egress)
• Encrypting data stored in the cloud
• Applying relevant cloud security best practices across all cloud resources

Cloud Provider Security Tools: Pros and Cons

Major cloud providers such as AWS, Google Cloud Platform, and Microsoft Azure provide an extensive set of built-in security tools. For example:

• AWS provides the AWS Security Hub, AWS Shield, a DDoS mitigation service, and Amazon Web Application Firewall (WAF), a security solution that protects against application-layer attacks.
• Google Cloud Platform provides its cloud-based Firewall, Cloud Security Command Center and Cloud Armor, a WAF-based network security service. 
• Microsoft Azure offers a number of security products, specifically Azure Security Center for management, Azure DDoS Protection, Azure Sentinel, a cloud-native security information and event management (SIEM) solution, and Azure WAF.

Pros of first-party cloud security tools

The advantages of security tools offered by cloud providers include:

• Specially customized for defending against threat vectors and weaknesses on the cloud provider’s infrastructure
• Pre-built security policies, WAF rules, etc.
• Integrated with all other cloud provider services, including logging and reporting, out of the box
• Able to secure cloud resources on the same cloud with no major integration effort
• Some of these solutions are free or provided at low cost compared to third-party security tools

Cons of first-party cloud security tools

• Protection is limited — for example, cloud provider DDoS services mainly focus on network-level protection and not application-level DDoS, and WAF services enable limited customization.
• Ongoing maintenance — you will need to constantly monitor and fine-tune security policies to ensure protection.
• Non-holistic — none of the cloud providers offers a complete, holistic security solution. Some aspects of your cloud environment will remain insecure unless you identify security holes and securely configure systems or add other, third-party tools.
• False sense of security — many organizations feel that “the cloud is secure,” knowing that organizations like AWS have extensive security capabilities, especially if they are already using the cloud provider’s security tools. However, there may be multiple resources, systems, or applications outside the scope of the cloud provider’s tools. 

Related content: Read our explainer on Cloud Security Solution categories.

Cloud-Native Cecurity vs. Third-Party Cecurity: How to Choose?

When designing your security strategy, you should consider the following questions.

What do you require for on-premises security?

Some cloud-native security services — including Azure Advanced Threat Protection and Amazon GuardDuty — can be used to mitigate security risks for both cloud-based and on-site infrastructure. However, other services function solely in the cloud. 

For example, you can’t employ the native encryption attributes of a cloud-based information security service to encrypt on-site information. Cloud-based firewall services may be employed to safeguard on-site applications, but only if you establish a relatively expensive and complex architecture to integrate the applications with cloud firewall solutions.  

For this reason, organizations that experience a large presence on-site and in the public cloud should ideally use third-party options. In this situation, public cloud-native security features are not sufficient — third-party providers offer more uniformity when safeguarding both on-site and cloud-based resources. 

Does your organization have a multicloud strategy?

Organizations with a multicloud approach should also select third-party security tools. Native security features from one cloud vendor are not typically created to function with those on the public clouds of competitors.  

In some instances, it could be possible to create intricate manual integrations, allowing an IT team to ingest security-related information from one cloud into a security service on a different cloud. However, this creates more difficulties. Rather, choose a third-party tool that integrates with information or services via various cloud vendors simultaneously. 

How will your cloud security requirements grow and scale?

You will also need to think about the extent of your cloud security requirements, and how you believe they will develop over time. 

If you have only a couple of workloads performing in the cloud and don’t believe that this will change in the near future, it could be worthwhile to secure them just with your cloud vendor’s security tools. Often, this method is quicker to implement because the security features are natively integrated with the cloud services. 

If you anticipate that your cloud footprint will develop predictability, or you require the flexibility to migrate to different clouds to move workloads back on-site, a third-party security provider will provide better agility.

Related content: Read our explainer on Security Best Practices.

Cloud Security with Exabeam

Even if an all-cloud initiative is not in motion, it’s likely your organization will be moving operations into the cloud in the near future. Before taking this step, it’s critical to assess how you will go about securing cloud operations by understanding related security and compliance issues. Fortunately, a modern security information and event management (SIEM) or extended detection and response (XDR) solution will let your analysts address enterprise cloud security with advanced monitoring, behavioral analytics, and automation.

A modern approach automatically collects alert data from across multiple clouds, detects deviations in normal user and entity activity using behavioral analytics, and helps analysts quickly respond to attacks on cloud applications and infrastructure. A modern SIEM or XDR can help you combat increasingly targeted and complex attacks and insider threats by augmenting other cloud security solutions like Identity and Access Management (IAM), Cloud Access Security Broker (CASB), and Secure Access Service Edge (SASE) to better detect, investigate, and respond to cloud-based attacks, all while minimizing the detection of false positives.

As cloud-delivered offerings, Exabeam Fusion SIEM and XDR address cloud security in multiple ways to ensure the protection of sensitive data, applications, and infrastructure. As the leader in Next-gen SIEM and XDR Exabeam dramatically improves SOC productivity, allowing teams to detect, investigate and respond to cyberattacks in 51% less time. Here are a few of the ways Exabeam supports cloud security:

• Collects alert data by direct ingestion from dozens of cloud security tools and popular cloud-based services across multiple enterprise clouds, in addition to hundreds of other products
• Detects new and emerging threats with behavioral analytics
• Provides machine-built timelines to improve analyst productivity and reduce response times by automating incident investigation
• Includes response playbooks using pre-built connectors and hundreds of actions to contain and mitigate threats 
• Offers pre-built compliance packages (Exabeam Fusion SIEM)
• Supports detection and investigation with mappings to MITRE ATT&CK and the availability of the Exabeam Threat Intelligence Service, a daily updated stream of indicators of compromise (IoC), such as malicious IP addresses and domains
• Augments other cloud security solutions like IAM and CASB to better detect, investigate, and respond to cloud-based attacks while minimizing the detection of false positives

Related content: Learn more about Exabeam Fusion SIEM and Fusion XDR.