Security

Cloud Computing Providers: Security Comparison

security guard standing on the gray floor

While the Cloud opens up a variety of benefits for organizations that enable them to enjoy seamless communication between systems and personnel from wherever they are in the world, a common concern with many is the security of the data that Cloud Service Provider’s (CSP) store, process, and transmit. In this paper, I will discuss how some of the major CSP’s approach data security and whether there are any concerns with their processes. Also, I will share how each CSP encrypts their data and what type they use. As even the best methods for ensuring the protection of data are worthless without some form of confirmation on whether they succeed or fail, I will conclude my research with how each organization accomplishes their systems of checks and balances.

I will first begin with Amazon Web Services (AWS); with this vast organization providing an extensive number of services to the population, securing each of their unique cloud services and products would seem to be challenging. AWS, however, has stated many times that the same security hardware and software used in the development of their own data centers are used in each of their Cloud services. Amazon’s over eighty-five security standards and compliance certifications are kept up to date via penetration testing, and publicly publishes all their results. What is also interesting is the ability for users to conduct their own penetration tests and security assessments without approval from Amazon; this allows organizations to be fully confident with the safety of their data.

Amazon offers several security services, such as Amazon GuardDuty, which is a threat detection service that continuously monitors for unauthorized or malicious behavior. Also in AWS’ security toolbox are security services such as AWS Security Hub, Cloud Directory, Identity and Access Management, Inspector, Macie, Artifact, Certificate Manager, CloudHSM, Firewall Manager, and AWS Shield. When it comes to encryption, open-source HDFSS and LUKS encryption are utilized while data is stored (at-rest). While data is in-transit, open-source EMR takes the lead, as well as S3 and TLS encryption. With the customization of encryption methods available to the consumer, SSE-S3, SSE-KMS, CSE-KMS, and CSE-Custom are all possible while data is stored (Gilmour, Lui, Briggs, (n.d.).

Google Cloud Platform (GCP), another major player in the Cloud world, offers a range of security-focused settings, applications, policies, and procedures that all facilitate the safety of their (and their user’s) data. Google explains its security measures using its detailed infrastructure security layers, including operational security, internet communication, storage services, user identity, service deployment, and hardware infrastructure. Google utilizes various approaches of encryption and security applications in their in-transit, storage, and processing procedures, including TLS, IPsec tunnels, Gmail S/MIME, managed SSL certificates, Istio, certificate transparency, Chrome API’s, and SMTP. GCP performs routine penetration tests and ensures compliance with current data and privacy regulations continuously (Google, (n.d.).

As Microsoft plays a leading role in various computing models and fields, cloud services are no different. Microsoft takes a unique approach offering blockchain-as-a-service, machine learning bots, and cognitive-learning API’s. Azure provides encryption for all of its models, such as client-side, server-side, Azure disk, Azure Storage Service, and client-side encryption of Azure blobs. Azure utilizes TDE, cell and column-level encryption (CLE), and use symmetric or asymmetric keys, public keys, and passphrases using 3DES. When data is in-transit, a data-link layer encryption method using MACsec is used for securing outside physical boundaries not controlled by Microsoft. In contrast, TLS is used between cloud services and customers. In Azure storage, all transactions use HTTPS. Azure performs routine penetration tests and ensures compliance with current data and privacy regulations continuously; with such a wide-reaching and successful company, this is undoubtedly taken quite seriously.

Salesforce’s cloud platform, focused primarily on business operations, provides SSL technology to secure their web browsers utilizing both server authentication and data encryption. TLS is used between a customer’s network and Cloud platform, including AES-256 encryption for data being transmitted between data centers. Salesforce performs routine penetration tests and ensures compliance with current data and privacy regulations continuously. As a CRM, Salesforce prides itself on its ability to securely store, process, and transmit an organization’s most sensitive information; to accomplish this, Salesforce includes the Salesforce Platform, which enables users to customize their own custom security measures, including encryption at rest, intelligent prevention, security intelligence, and a robust auditing feature.

While I must admit that I am not experienced with many of the mentioned CSPs, I have dabbled a bit into each one. In my opinion, the data security measures of AWS, in addition to its large assortment of applications fueled by artificial intelligence superiority, certainly make them stand out from the crowd. In my research for this assignment, I had a hard time finding relevant information on the other CSPs, whereas, with AWS, I quickly unraveled how they secure their data, how effective it is, and what steps they take to ensure the continuous performance of their often bold statements.

References

Maguire, J. (2020, August 10). Top 16 Cloud Computing Companies 2020. Retrieved September 28, 2020, from https://www.datamation.com/cloud-computing/cloud-computing-companies.html.

Amazon. (2017). Cloud Products. Retrieved from https://aws.amazon.com/products/.

Google Cloud Pricing Calculator. (n.d.). Retrieved September 28, 2020, from https://cloud.google.com/products/calculator.

Microsoft. Azure Support Plans Comparison: Microsoft Azure. (n.d.). Retrieved September 28, 2020, from https://azure.microsoft.com/en-us/support/plans/.

Google. Google Cloud Security Whitepapers. Retrieved September 28, 2020, from https://services.google.com/fh/files/misc/security_whitepapers_march2018.pdf.

Gilmour, Lui, Briggs. (n.d.). Encryption Options. Retrieved September 28, 2020, from https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-data-encryption-options.html.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s