Do I go to my Cloud Service Provider (CSP) for cloud security tooling or to a third party vendor?
Who will secure my cloud use, a CSP or a focused specialty vendor?
Who is my primary cloud security tools provider?
This question asked in many ways has haunted me since my analyst days, and I’ve been itching for a good, fiery debate on this. So, we did this on our Cloud Security Podcast by Google where the co-hosts divided the positions, researched the arguments in advance of the debate and then just … WENT AT EACH OTHER 🙂
The results were so fun and interesting that this blog was born!
The Case for Third-Party Vendor Tooling
These arguments hinge on three primary concerns: trust, consistency, and innovation.
Some observers also highlight the theoretical conflict of interest when a CSP is responsible for both building and securing the cloud (no idea why people say this, as IMHO there is no conflict here). This side also stressed the importance of consistency across multi-cloud environments and argued that dedicated security vendors are more likely to innovate more rapidly. They also may address client needs faster, especially narrow vertical needs.
- You just can’t trust the cloud builder to secure their own stuff (or “letting the cat guard the cream” as somebody weirdly opined on social media). Third-party vendors promise unbiased security analysis and can uncover security issues that CSPs might deprioritize, benefiting the broader public and individual users. This separation of duties suggests a more objective evaluation of cloud security.
- Consistency is super critical for multicloud. Third-party tools provide a consistent security framework across multiple cloud platforms. This simplifies management and reduces the need for specialized knowledge in each CSP’s unique security offerings.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: