Cloud IaaS Providers Are Seriously Lacking IAM Security, Report Finds

The Cloud Will DeFrag the Identity and Access Management Solutions MarketA new report from cloud security solutions provider FortyCloud has pointed out some serious flaws in the security strategies of the top five cloud infrastructure as a service (IaaS) providers. The report, IaaS Security State of the Industry has found that not one of the five companies— Amazon Web Services (AWS), Rackspace, Microsoft Azure, Google Cloud Platform (GCP), and IBM Cloud— offers a native identity and access management (IAM) solution for their cloud.

For the yearly report, FortyCloud surveyed the security features of each IaaS provider, with a specific focus on data and network security, as well as IAM.

From Authentify to RSA, Solutions Review rounds up the top 24 Identity and Access Management SR_Identity_and_Access_Management_Buyers_Guide_Cover_350solutions in the 2015 IAM Solutions Buyer’s Guide. Download your free copy today!

FortyCloud evaluated each provider for seven features: Shared cloud network, virtual private cloud (VPC) network, Firewalls, identity and access management (IAM), secure extension, secure remote access to individual servers, and remote virtual private network (VPN) access.  You can view FortyClouds comparison chart below, or get a more detailed breakdown of cloud security features from their blog post.

Click to Enlarge

Click to Enlarge

As stated above, none of the five major IaaS CSPs are currently offering native IAM solutions though there are dozens of third party solutions available. Microsoft’s Azure does provide dynamic client based VPN access to the cloud but does not support identity-based access.

FortyCloud adds that several CSPs do offer central-identity based access to service management consoles and APIs, but not to the cloud servers themselves.

This research highlights a continued reliance by cloud IaaS providers on third-party solutions for security. We recommend that users looking for a cloud experience with more advanced platform-native security capabilities consider a platform as a service (PaaS) offering, as those products usually include some kind of role-based access management, as well as other security features.

FortyClouds notes that, while the cloud IaaS market continues to grow (Gartner predicts 38% growth in coming years), none of the leading CSP’s native public cloud offerings have shown strong advances in security in the past year. FortyClouds recommends that IaaS customers augment their IaaS solutions with third-party security solutions.

Research Disclaimer:

It is important to note that although the completeness of security offering is an important attribute in selecting your cloud provider, other attributes like maturity, service coverage, and level of support are also important factors in such a decision. this post does not consider the latter factors.

If you’re looking for more information on Cloud solutions, check out Solutions Review’s Cloud Platforms page for cloud news, best practices, and buyer’s guides.

 

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

2 thoughts on “Cloud IaaS Providers Are Seriously Lacking IAM Security, Report Finds”

  1. Pingback: Best IT books

Comments are closed.