Customers and prospects often ask if they should adopt the tools developed and provided by the cloud platforms themselves, or if it’s better to invest in third-party offerings. The answer, of course, is not binary. Probing for the meaning of “third-party offerings” typically reveals a desire to use existing on-premises security controls. After all, familiar tools provide a certain level of comfort. Before jumping to technology decisions, though, it is wise to review both requirements and existing tools.
Security Tools Inventory
Quick self-check: How many security tools are in your existing environment, and what risks do they reduce? There is power in knowing this, yet for many, the answer is unclear. Your move to cloud should be an opportunity to rationalize existing security vendors and tools. When working to gather this information, don't forget to include a list of risks each tool addresses. After all, security is about managing risk. Pair this information with what the cloud provider natively offers – only then will your team be ready to complete a gap analysis. Instead of guessing or going with the easy button, your team will be able to make informed decisions between tools developed by cloud providers and those built by third parties.
Requirements, Not Technology
In consultations, one of the first controls clients ask about is either firewalls or data loss prevention (old habits are hard to change):
Should we use our existing on-premises DLP in the cloud or a cloud-based offering?
This question, while important, more often than not indicates a focus on technology rather than requirements. If we ask the question focusing first on requirements, the answer becomes clearer:
Does the data in the environment have compliance requirements that would exclude the use of cloud-based DLP?
This focus on requirements is important for DLP or any other security tool. Specific to firewalls, in the old on-premises world, there was only one option when it came to firewalls: buy a box. Now, Microsoft Azure, Amazon Web Services and Google Cloud Platform all have their own firewall offerings. These offer functionality similar to traditional stateful firewalls, but they also lack critical integrations with threat intelligence feeds, anti-malware and intrusion prevention. That said, these firewalls absolutely work – many organizations just don’t fully realize what they are giving up when compared to what they already have on-premises.
Requirements-driven questioning can be utilized across the spectrum of security tools: data loss prevention, hardware security modules, endpoint protection, identity and access management, etc.
Summary: CSP-Built Security vs. Cloud-Native Third-Party Security
Use your move to the cloud as an opportunity to catalog all your existing security tools using a requirements-driven approach. Adopt cloud-based controls when requirements permit, and make sure any third-party products are truly “cloud native,” meaning they can ingest and make sense of the rich APIs offered by the cloud platforms. Security must embrace native APIs as well as a combination of controls from cloud service providers and third parties, or it may limit developer and business agility in the future.
This is where cloud-agnostic security tools can help. For more information on the benefits of cloud-agnostic security tools, please visit the Prisma™ Cloud page.