AWS Security vs. Azure Security

AWS and Azure are the top two cloud vendors. While AWS has a larger market share, Azure boasts of a larger customer base among the top Fortune companies. While AWS had the first mover advantage, Azure was quick to catch up. With every new update, they keep up with each other, and there’s little that separates these two leading cloud service providers.

However, AWS and Azure are not identical. They take somewhat different approaches to the cloud in certain key respects. One of them is security. Let’s look at the various security services offered by each of these platforms and see how they stack up against each other.

You can find a more extensive table here, although some of the items listed may be outdated.

Identity and access management

Identity and access management are the most important parts of cloud security from a customer’s point of view. And there are differences in how AWS and Azure approach this security aspect.

Active Directory is the legacy identity manager for Windows that Microsoft has extended to work with Azure. It has a free tier with data limits and three different paid tiers with advanced features like the ability to manage hybrid environments.
AD also has different versions, like B2B, B2C and more.

On AWS, IAM is exclusively cloud-centric and doesn’t incur additional charges. It can manage hybrid environments only by integrating with other on-premises tools like Active Directory.

Key-based encryption of data

KMS and Key Vault encrypt data in transit and at rest. The easiest way is to let Amazon or Microsoft manage the keys for you, but for compliance purposes, you may want full control over the encryption and management of your keys. In that case, an HSM (hardware security module) is the way to go. While Azure’s hardware security module service is part of Key Vault, Amazon has separated its CloudHSM service from the KMS service. Pricing is almost identical on both platforms.

Virtual private network

A virtual network gives you a private network to transfer data between your data center and a public cloud. It is extremely secure because it encrypts data as it is routed over the Internet.

AWS VPC and Direct Connect are two services that enable a virtual private network. However, it uses layer 2, and not layer 3 routing. ExpressRoute, and Virtual Network, two similar services from Azure, use layer 3 routing.

Storage data encryption

Encryption of object data is an important part of cloud security. AWS’ storage service is S3, while Azure’s is Blob. Both support data encryption using keys. However, only AWS allows you to allow AWS to manage your keys for you, or you can choose to manage your keys. Azure doesn’t support customer-managed keys, but this feature is on its roadmap.

Monitoring

Monitoring is a separate topic, but it is essential to enforcing security in the cloud. The two key components to be monitored in the cloud are the cloud services and the applications they support.

AWS CloudWatch integrates services and application monitoring into a single service, whereas in Azure, each is broken into a separate service. Azure Monitor tracks all Azure services, and Azure Application Insights monitors running applications. The features they offer are identical—It’s just the organization of these features that differs.

For more on monitoring, check out:
“Monitoring and Troubleshooting Using AWS CloudWatch Logs” ›
“How to Monitor Azure Services” ›

Microsoft shops go with Azure

Though AWS has more customers and larger revenue, Azure has a bigger footprint in Fortune 1000 companies. This is because of Microsoft’s long history of selling enterprise software like Windows Service, which it has used as a platform to grow Azure’s customer base.

As a result of this, Azure is more enterprise-focused. Loyal Microsoft shops buy into the full suite of Microsoft products like Visual Studio, TFS, Active Directory, PowerBI, and Windows Server. They’ve been using these tools for over a decade, and Azure is only happy to ease these customers into the cloud with little hassle and robust backward compatibility.

Aware of its customers’ needs, Azure is big on hybrid infrastructure. For example, the cloud-based Active Directory can be integrated with the on-premises Windows Server in just four clicks. This sort of integration with legacy toolsets is prominent across Azure. Integrations with Visual Studio, PowerBI, and more enable organizations to gain more mileage from their big investment in these tools.

AWS for control and innovation

AWS is the single biggest success story of cloud computing to date, and that’s because of the powerful features it provides, granular control over billing (hourly), and staying ahead of competitors with unique products like SnowMobile, Aurora Database, Lambda, and more.

AWS has a steep learning curve when setting it up, but it can potentially deliver more control and customization, both essential to cloud security. The ability to integrate with Lambda for custom checks, and exporting of security data is unique to AWS.

Whichever you choose, you can be assured that you’re getting the very best in cloud security by default. It’s just a matter of which flavor you prefer.

Learn about Sumo Logic Cloud SIEM, a hybrid and multi-cloud threat protection solution that reduces security blind spots with comprehensive visibility across multi-cloud and on-premises to identify issues before they become incidents, enhance security posture, and improve customers’ risk profiles with powerful SIEM capabilities.