Here's your challenge: Pick the best public cloud provider from the leaders of the pack.
Your options: Amazon (AWS), Azure, Google (GCP), IBM Cloud and Rackspace.
Confused? You're not alone.
Not Created Equal
The five major cloud players each offer very specific features on their native public cloud Infrastructure-as-a-Service (IaaS) offerings – or what you automatically get as a customer.
But none of them do everything, warned Amir Naftali, CTO and co-founder of FortyCloud, a cloud security company with offices in Mansfield, Mass. and Hod HaSharon, Israel.
"It’s a shared services model, remember?" he added. "The cloud provider supplies the physical infrastructure, and the user supplies the application and security."
FortyCloud provides Software-as-a-Service (SaaS)-based solutions that enable companies to secure “all network and access aspects” of their public cloud IaaS deployments. In other words, it adds a layer of protection on top of virtual infrastructures from public cloud providers.
So how well do the leading providers secure your cloud? To find out, Naftali compared the following features:
- Shared Cloud Network: public IaaS environment where different cloud customers share the same cloud service subnet. In this model, each cloud server (VM) usually has a public IP address (permanent or temporary) as well as service IP address for the internal cloud service network
- Virtual Private Cloud (VPC) Network: the IaaS provider supports an isolation of customers’ cloud deployments, so that a customer can have a private subnet unreachable from other customers’ cloud servers or from the public Internet
- Firewall: collection of policies and rules to control the traffic allowed to and from a group of cloud servers or static IP Addresses
- Identity-based access management: firewall rules based on user identity, allowing access of specific users to specific set of compute resources
- Secure extension: ability to securely connect enterprise sites to the cloud deployment (usually a virtual private network) via static IPSec connections
- Secure remote access to individual server: ability to access an individual machine (VM) using a secure protocol (like SSH or RDP); this type of remote access is usually based on credentials specific to a single user and a single server
- Remote VPN access: the ability of the organization’s employees to securely connect on demand to the cloud deployment remotely using VPN clients, including central authentication of the employees’ identity before gaining access to the cloud deployment
Here's what he found.
"It's basically a starting point for customers who want to see what's out there," he told CMSWire. "What we want to do is get potential customers to ask questions, and examine what native functionalities the various providers offer."
Alon Maimoni, Chief Marketing Officer at FortyCloud, said the chart is a way to help "clear the fog" around cloud deployments.
"Cloud has become such a big buzzword," he said, noting that many cloud newbies assume they will get all the necessary features and security protocols right out of the box. "We're trying to present a clear picture so customers can make a more informed choice."
As Naftali added, more companies are aware of the benefits of using the cloud. Now they want to better plan their migration. "The question now is how do I move to the cloud in the safest way?" he said.
The right cloud provider depends on many factors, including cost, experience and capabilities, he added.
Once you select your provider, it's prudent to select additional security tools to harden your cloud environment to the level you require. Many cloud providers offer a marketplace of security solution partners, he added. These let you find the security tools you need at the price you want to pay.
Title image by Asa Aarons Smith/all rights reserved.