While considering a public cloud service, you need to keep several important considerations in mind. One of the most important among those is cyber security. The features and capabilities your public cloud service provider employs to keep their networks and services safe and ultimately your data safe.
There are three big players in the game; Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. All three take their security very seriously because one breach can cause a loss of millions of dollars in penalties, revenue, and reputation.
Here’s what they are offering in terms of cyber security to keep your data safe:
Network and Infrastructure Security
Amazon Web Services (AWS)
- Network firewalls that allow customers to create private networks and control access to instances or apps
- Companies also get access to control encryption in transit across AWS services.
- Connectivity options to enable private or dedicated connections
- DDoS mitigation
- Automatic encryption of all traffic between AWS secured facilities
Google Cloud Platform (GCP)
- Has purpose-built hardware for security. Titan, a custom security chip used to establish a hardware root in GCP servers and peripheral devices.
- Google also makes its network hardware for improving security.
- Multiple layers of physical and logical protection
- A global network infrastructure that is designed to withstand attacks such as DDoS.
- There are additional network security capabilities like cloud load balancing and Cloud Armor that can be deployed on the customer level.
- Several security measures are put in place to secure data in transit. Google encrypts and authenticates data in transit at multiple network layers.
Fun fact: In 2017, the infrastructure absorbed a 2.5 Tbps DDoS, the highest-bandwidth attack reported to date.
Microsoft Azure
- Microsoft has geographically dispersed data centers that comply with industry standards for security and reliability.
- Experienced Microsoft operations staff manage, monitor, and administer the Azure data centers.
- Operations personnel are profiled through a series of background verification checks. And based on those checks Microsoft limits access to applications, systems, and network infrastructure.
- Azure Virtual Network resources are protected by cloud-based network security called Azure Firewall. It is a firewall-as-a-service that comes with built-in high availability and unrestricted scalability. It can decrypt outbound traffic, perform security checks and then re-encrypt the traffic.
Identity and Access Control
Amazon Web Services (AWS)
- AWS Identity and Access Management (IAM) lets you define individual user accounts with permissions across AWS resources.
- AWS Multi-Factor Authentication for privileged accounts including software-based and hardware-based authenticators.
- You can use partner identity systems like Microsoft Active Directory to grant employees and applications federated access to AWS Management Console and service APIs.
- AWS single sign-on enables organizations to manage user access and permissions to all of their accounts in AWS.
- Amazon also offers a directory service which lets organizations integrate and federate with corporate directories to reduce administrative overheads and improve end-user experience.
Google Cloud Platform (GCP)
- Google Cloud Identity Access Management(IAM) lets administrators authorize people to take action on specific resources, with full control and visibility to manage GCP resources centrally.
- Cloud’s IAM provides a unified view into security policy across the entire organization to ease compliance processes for bigger organizations.
- Google Cloud comes with Cloud Identity, an Identity-as-a-Service(IDaaS) that centrally manages users and groups.
- Exclusive in its arsenal Google also provides Titan Security Keys that provide cryptographic proof that users are interacting with legitimate services.
- There’s also a resource manager, Cloud Resource Manager that provides resource containers like organizations, folders, and projects which let you organize your GCP resources group-wise and hierarchically.
Microsoft Azure
- For SSO or Single Sign-On, multi-factor authentication, and conditional access to Azure services, corporate networks, on-premise resources, and SaaS applications, Microsoft has Azure Active Directory(AD).
- Azure AD comes with secure adaptive access which simplifies access, streamlines control with unified identity management, and ensures compliance with simplified identity governance.
Fun Fact: Microsoft says that with these features, it can help protect users from 99.9% of cyber security attacks.
Data Protection and Encryption
Amazon Web Services (AWS)
- Apart from data-in-transit, Amazon also provides a scalable encryption feature for data at rest with its data-at-rest encryption.
- Amazon also has flexible key management options including AWS Key Management Service, AWS CloudHSM for hardware-based cryptographic key storage, and encrypted message queues for sensitive data.
Google Cloud Platform (GCP)
- Google utilizes Confidential Computing to secure data as it is being used. One of the firsts in the line of products that will benefit from Confidential Computing is Confidential VMs.
- Google also offers flexible Key management with its Cloud External Key Manager (Cloud EKM).
Microsoft Azure
- For the key management, Microsoft has Azure Key Vault which helps keep cryptographic keys safe.
- Azure Key Vault streamlines the key management process and also gives control of keys to organizations.
- Security admins can grant and revoke permission to keys as needed.
- Organizations can use Microsoft information protection and Microsoft Information Governance within Microsoft 365 to protect and govern data.
The security features and capabilities mentioned above for the respective Cloud Service Providers are a testament to the importance of Cyber security in a public cloud. As an organization, all these cloud security features are at your disposal but you need experts to manage your cloud and implement these security features to be able to secure yourself from attacks like DDoS and data breaches.
Our Cloud experts at Galaxy are here to help you implement and secure Public Clouds in Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Contact us for a free consultation.