- Security and risk professionals are increasingly reliant on the security capabilities built into public cloud offerings, according to a Forrester Wave report. Native security can influence the selection of a provider and accelerate and smooth cloud adoption, and S&R professionals believe it offers better security and price compared to what in-house teams could do on-premise.
- Google and Amazon Web Services were ranked "leaders" in native security, followed by "strong performer" Microsoft in third, based on an assessment of 37 criteria across current offerings, development strategies and market presence.
- Forrester also assessed Alibaba and IBM, which were classified as "strong performers" — albeit with weaker current offerings than Microsoft — as well as CenturyLink and Rackspace, which were ranked as "contenders."
There's a host of security problems plaguing the move to serverless computing, including more surface attacks and less testing in interactions between applications and back-end systems, but it's still an inevitable move for most companies.
With more vendors, products and services offering security solutions every day, having a set of protocols and tools built into a public cloud platform can reduce the security headache for CIOs and CISOs. But capabilities can vary greatly between providers, and most customers can't get by with the default offerings.
This places pressure on cloud and security vendors to create security capabilities that integrate smoothly with other platforms and tools. For customers, it's a complex game of Tetris to create a comprehensive security plan composed of so many pieces.
For cloud providers, the investment in native security comes alongside a push to offer more products and services to remain competitive. The cloud is no longer about storage: it's about data analytics capabilities, management tools, drag-and-drop AI algorithms and — in today's dangerous landscape more than ever — security capabilities and integrations.
With customers buying for the present and the future, a clearly articulated roadmap for coming improvements, features and tools is important for vendors and CIOs to retain buyers and expand deeper into the market.
Native security assessment of top three providers
|Cloud Provider||Areas of strength||Areas for improvement|
Number of certifications
Support for guest OS
Security configuration policies
Role-based access controls
Active directory sync
Hardware security modules
Security in IaaS platform design
Flexible, configurable IAM roles
Support for guest OS
Virtual Private Cloud
Data discovery and classification
Key management service
Encryption key vault management
Console MFA/RBA setup