BlueVoyant Launches Modern SOC for Splunk® Cloud Platform

Learn more
Seach
  • Home
  • Blog
  • Mapping of On-Premises Security Controls Versus Services Offered by Major Cloud Providers

Mapping of On-Premises Security Controls Versus Services Offered by Major Cloud Providers

By Adrian Grigorof, CISSP, CISM, CRISC, CCSK and Marius Mocanu, CISSP, CISM, CEH, SCF

We are happy to publish the fifth version of a diagram that started in March 2017, with just AWS and Azure versus On-Premises. The diagram began as an effort to make a translation between the typical on-premises security controls that everybody, more or less, knows what they do and the various services advertised by major public cloud providers. As the cloud providers tend to assign catchy names to products that quite often transcend the initial functionality of the on-prem control, it becomes harder and harder to stay up-to-date on what service does what.

All efforts have been made to stay 100% objective and represent the various cloud services as accurate as possible. Few of the cloud controls will match exactly the on-prem ones, so in many cases a cloud service will cover multiple on-prem security controls, while in others, the on-prem might be partially covered by the cloud service. The intent was to provide the closest-possible match.

As some of the feedback that we received indicates, not all services are equal, so when an on-prem functionality appears to be covered by a specific cloud provider, it doesn’t mean that the offer from cloud provider A is at the same level with the one from cloud provider B. It was not our intent to compare the quality of various cloud services, but to point to the service that matches as close as possible the on-prem function. We have also included services that rely on a cloud provider infrastructure while not being 100% a “cloud” offering (i.e. Office 365 or G-Suite). These types of services were grouped at the bottom of the diagram.

The gray areas indicate that the cloud provider has not implemented a service equivalent to the on-prem control. These gaps in functionality indicate that maybe the provider may focus on just specific type of offerings, may have something in the works or may rely on third party, more mature solutions.

A new cloud service provider, Tencent Cloud, has been added, bringing the number of cloud providers covered by the diagram, from the initial two in 2017 to seven in 2021.

The data used to create this chart is based on our own experience with the various cloud services or by researching the available services from various other sources. Any feedback is appreciated!

Marius Mocanu serves as Managed Sentinel’s CEO and Adrian Grigorof is its CTO.

High defintion PDF

Related reading