Cloud Comparison Chart and Mapping of On-Premises Security Controls vs Major Cloud Providers
Mapping of On-Premises Security Controls vs Major Cloud Providers.
A mapping at the very high level of on-premises security controls to native cloud services that can be used to replicate their specific role. As the cloud services tend to be more granular and overlapping in functionality, the mapping is at best approximate but it may bring some extra awareness on the options available in the cloud. Any suggestions are welcome as this chart will continue to be a work in progress.
| S. NO | ON-PREMISES | AWS | AZURE | ORACLE | IBM | ALIBABA | |
|---|---|---|---|---|---|---|---|
| 1 | Firewall & ACLs | Security Groups AWS Network ACLs | Network Security Groups Azure Firewall | Cloud Armor VPC Firewall | VNC Security Lists | Cloud Security Groups | NAT Gateway |
| 2 | IPS/IDS | 3rd Party Only | Azure Firewall | 3rd Party Only | 3rd Party Only | 3rd Party Only | Anti-Bot Service Website Threat Inspector |
| 3 | Web Application Firewall (WAF) | AWS WAF AWS Firewall Manager | Application Gateway | Cloud Armor | Oracle Dyn WAF | Cloud Internet Services | Web Application Firewall |
| 4 | SIEM & Log Analytics | Amazon Security Hub Amazon GuardDuty | Azure Sentinel Azure Monitor | Chronicle Backstory Event Threat Detection | Oracle Security Monitoring and Analytics | IBM Log Analysis Cloud Activity Tracker | ActionTrail |
| 5 | Antimalware | 3rd Party Only | Microsoft Antimalware / Azure Security Center | 3rd Party Only | 3rd Party Only | 3rd Party Only | Server Guard |
| 6 | Data Loss Prevention (DLP) | Amazon Macie | Information Protection (AIP) | Cloud Data Loss Prevention API | 3rd Party Only | 3rd Party Only | Web Application Firewall |
| 7 | File Integrity Monitoring (FIM) | 3rd Party Only | Azure Security Center | 3rd Party Only | 3rd Party Only | 3rd Party Only | 3rd Party Only |
| 8 | Key Management | Key Management Service (KMS) | Key Vault | Cloud Key Management Service | Cloud Infrastructure Key Management | Key Protect Cloud Security | Key Management Service |
| 9 | Encryption At Rest | EBS/EFS Volume Encryption, S3 SSE | Storage Encryption for Data at Rest | Part of google Cloud Platform | Cloud Infrastructure Block Volume | Hyper Protect Crypto Services | Object Storage Service |
| 10 | DDoS Protection | AWS Shield | Built-in DDoS Defense | Cloud Armor | Built-in DDoS Defense | Cloud Internet Services | Anti-DDoS |
| 11 | Email Protection | 3rd Party Only | Office Advanced Threat Protection | Various controls embeded in G-Suite | 3rd Party Only | 3rd Party Only | 3rd Party Only |
| 12 | SSL Decryption Reverse Proxy | Application Load Balancer | Application Gateway | HTTPS Load Balancing | 3rd Party Only | Cloud Load Balancer | Server Load Balancer (SLB) |
| 13 | EndPoint Protection | 3rd Party Only | Microsoft Defender ATP | 3rd Party Only | 3rd Party Only | 3rd Party Only | Server Guard |
| 14 | Certificate Management | AWS Certificate Manager | Key Vault | 3rd Party Only | 3rd Party Only | Certificate Manager | Cloud SSL Certificates Service |
| 15 | Container Security | Amazon EC2 Container Service (ECS) | Azure Container Service (ACS) | Kubernetes Engine | Oracle Container Services | Containers – Trusted Compute | Container Registry |
| 16 | Identity and Access Management | Identity and Access Management (IAM) | Azure Active Directory | Cloud Identity Cloud IAM | Oracle Cloud Infrastructure IAM | Cloud IAM App ID | Resource Access Management |
| 17 | Privileged Access Management (PAM) | 3rd Party Only | Azure AD Privileged Identity Management | 3rd Party Only | 3rd Party Only | 3rd Party Only | 3rd Party Only |
| 18 | Multi-Factor Authentication (MFA) | AWS MFA (part of AWS IAM) | Azure Active Directory | Security Key Enforcement | Oracle Cloud Infrastructure IAM | App ID | Resource Access Management |
| 19 | Centralized Logging / Auditing | CloudWatch / S3 bucket | Azure Audit Logs | Stackdriver Mon / Logging Access Transparency | Oracle Cloud Infrastructure Audit | Log Analysis with LogDNA | Log Service |
| 20 | Load Balancer | Application Load Balancer Classic Load Balancer | Azure Load Balancer | Cloud Load Balancing HTTPs Load Balancing | Cloud Infrastructure Load Balancing | Cloud Load Balancer | Server Load Balancer |
| 21 | LAN | Virtual Private Cloud (VPC) | Virtual Network | Virtual Private Cloud Network (VPCN) | Virtual Cloud Network (VCN) | VLANs | Virtual Private Cloud (VPC) |
| 22 | WAN | Direct Connect | ExpressRoute | Dedicated Interconnect | FastConnect | Direct Link | VPN Gateway Express Connect |
| 23 | VPN | VPC Customer Gateway AWS Transit Gateway | Virtual Network SSTP | Google VPN | Dynamic Routing Gateway (DRG) | IPSec VPN Secure Gateway | VPN Gateway |
| 24 | Governance Risk and Compliance Monitoring | AWS Security Hub AWS Compliance Center | Azure Security Center Azure Policy | Cloud Security Command Center | 3rd Party Only | 3rd Party Only | ActionTrail |
| 25 | Backup and Recovery | AWS Backup Amazon S3 Glacier | Azure Backup Azure Site Recovery | Object Versioning Cloud Storage Nearline | Archive Storage | IBM Cloud Backup | Hybrid Backup Recovery |
| 26 | Vulnerability Assessment | Amazon Inspector AWS Trusted Advisor | Azure Security Center | Cloud Security Scanner | Security Vulnerability Assessment Service | Cloud Security Advisor Vulnerability Advisor | Server Guard Website Threat Inspector |
| 27 | Patch Management | AWS Systems Manager | Azure Security Center Update Management | 3rd Party Only | 3rd Party Only | IBM Cloud Orchestrator | 3rd Party Only |
| 28 | Change Management | AWS Config | Azure Automation (Change Tracking) | 3rd Party Only | 3rd Party Only | 3rd Party Only | Application Configuration Management (ACM) |
| 29 |
Key Terms:
- Cloud Security ,
- Cloud Technology
