* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/)
* Cloud Native Security Bey...

# Cloud Native Security Beyond Your Vendor's Tools

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-native-security-beyond-vendor%2F)  
[](https://twitter.com/share?text=Cloud+Native+Security+Beyond+Your+Vendor%E2%80%99s+Tools&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-native-security-beyond-vendor%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-native-security-beyond-vendor%2F&title=Cloud+Native+Security+Beyond+Your+Vendor%E2%80%99s+Tools&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/cloud-native-security-beyond-vendor/&ts=markdown)  
\[\](mailto:?subject=Cloud Native Security Beyond Your Vendor’s Tools)  
Link copied  
By [Maame Efua Boham](https://www.paloaltonetworks.com/blog/author/maame-efua-boham/?ts=markdown "Posts by Maame Efua Boham")  
Feb 11, 2020  
5 minutes  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[30 Days of Cloud](https://www.paloaltonetworks.com/blog/tag/30-days-of-cloud/?ts=markdown)  
[Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/tag/cloud-native-security-platform/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/tag/cloud-security/?ts=markdown)  
[cloud service](https://www.paloaltonetworks.com/blog/tag/cloud-service/?ts=markdown)

Cloud service providers play an important role in making sure users have what they need to run cloud native applications, but they don't take responsibility for security beyond what they promise in their agreements. There are important steps that users need to take to ensure cloud native security and protect their cloud environments and workloads --- especially those that vendors cannot effectively secure. Here's what cloud vendors do to improve serverless security and which additional vulnerability management precautions users need to take.

## **Your Vendor's Security Responsibility**

The cloud native security your vendor provides will vary depending on exactly which type of service you use.

#### IaaS

If you're using an infrastructure as a service (IaaS) offering like AWS EC2 or Azure Virtual Machines, your vendor is only responsible for the underlying infrastructure. The responsibility for OS, middleware, [cloud native firewall](https://www.paloaltonetworks.com/cyberpedia/what-is-a-virtual-firewall?ts=markdown) and other runtimes falls on the client.

#### PaaS

For platform as a service (PaaS), such as Google App Engine, clients builds their own applications, but tasks such as data storage and management are abstracted away.

#### SaaS

With software as a service (SaaS), vendors will host, manage and offer infrastructure as well as applications and serverless security features that companies can purchase and use. With these cloud computing categories, the client is responsible for the data involved.

## **End-Users' Security Responsibilities**

No matter which type of cloud service you use, the burden of securing certain types of workloads will always fall on you, never your vendor.

In general, you'll want to keep the following pointers in mind to maximize your cloud environment security.

#### Review default settings

While certain settings are automatically set by the provider, some must be manually activated. It's always better to have [your own set of security policies](https://www.paloaltonetworks.com/blog/2019/09/cloud-default-aggressive-cloud-security/?ts=markdown) than to assume that the vendor is taking care of a particular aspect of your cloud native security.

#### Adapt data storage and authentication configurations to your organization

All locations where data will be uploaded should be [password-protected](https://www.paloaltonetworks.com/blog/2019/09/cloud-zero-trust-approach/?ts=markdown). In addition, password expiration policies should be carefully selected to suit the needs of your organization.

#### Don't assume your cloud data is safe

Never assume that vendor-encrypted data is totally safe. Some vendors provide encryption services before upload, and some do not. Whichever the case, make sure to encrypt your data in transit and at rest using your own keys.

#### Integrate with your cloud's data retention policy

Understanding your vendor's data retention and deletion policy is essential. It's important to have multiple copies of your data and have a fixed data retention period. But what happens when you delete data from the cloud? Is it still accessible to the vendor? Are there other places where it might have been cached or copied? These are things you should verify upfront when spinning up a new cloud environment.

#### Set appropriate privileges

Appropriate settings for privilege levels go a long way toward make your cloud environment more secure. By using Role-Based Access Controls for authorization, you can ensure that every person who views or works with your data only has access to the things that are absolutely necessary. Alternatively, a Role-Based Access Control service such as [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) simplifies this process.

#### Keep cloud software up-to-date

Your vendor may provide infrastructure, and in some cases, a prebuilt software environment or cloud native firewall. But anything that you add is on you to secure.

Thus, it's your responsibility as a user to ensure that your security patches, OS, etc. are up to date. The simplest way to prevent tech debt and backlogs is to automate the updates.

#### Build security policies and best practices into your cloud images

Leaving your cloud native security to different developers on your DevOps security team might result in policy discrepancies. A good way to combat this is to create cloud images with security tools configured and policies applied so that developers can simply create instances of them and work with those.

#### Isolate your cloud resources

To reduce the risk of hackers gaining complete control over your system, it is advisable to separate admin accounts for development, deployment, testing, etc. That way, if a bad actor accesses one account, he or she cannot hop on to other aspects of the environment.

## **Conclusion**

Your vendor will do what it can to secure resources you run in the cloud, but the fact is that your provider cannot protect you alone. [Your collaboration is critical](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility?ts=markdown) for serverless security services and resources that the vendor either does not manage, or may not have configured in a way that ideally suits your organization's needs.

Get an in-depth look at what a full suite of cloud native security tools can look like. Watch the [Cloud Native Security Summit](https://register.paloaltonetworks.com/prisma-cloud-native-security-virtual-summit).

*This post originally appeared on* [The New Stack](https://thenewstack.io/how-to-secure-your-cloud-environment-beyond-your-cloud-vendors-tools/).

*** ** * ** ***

## Related Blogs

### [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Prisma Cloud 2.0 Just Launched: Why a Comprehensive CNSP is Essential](https://www.paloaltonetworks.com/blog/2020/10/cloud-comprehensive-cnsp-essential/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Prisma Cloud 2.0: The Industry's Most Comprehensive CNSP](https://www.paloaltonetworks.com/blog/2020/10/cloud-evolution-comprehensive-cnsp/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Using a Full Lifecycle Approach to Secure Cloud Native Applications](https://www.paloaltonetworks.com/blog/2020/05/cloud-secure-cloud-native-applications/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### 3 Myths About Security in the Cloud](https://www.paloaltonetworks.com/blog/2020/04/cloud-3-myths-about-security-in-the-cloud/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Cloud Security 2021: 4 Key Trends You Shouldn't Miss](https://www.paloaltonetworks.com/blog/2020/04/cloud-security-2021/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Prisma Cloud Native Security Platform Embeds Security into DevOps Lifecycle](https://www.paloaltonetworks.com/blog/cloud-security/cloud-native-security-platform-2/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language