3 Comments

Great post. I don’t believe cloud providers are rushing to provide full security platforms to their customers. They give you building blocks to get one going. Multi cloud is another reason why I don’t think a single CSP will be able to dominate in the security space.

Expand full comment

Thanks Emilio, agree on both counts. It's interesting to see how different CSPs think of security: Amazon has been largely quiet on this topic, Microsoft is trying to position itself as "#1 security company" while Google most certainly sees security as one of the ways to compete (think of https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate ). Sure, there is a lot of marketing in this messaging, but it's also becoming clear that cloud providers can't simply throw a bunch of configurations to customers and hope they will set everything up in a "secure" way.

It will be interesting to see how this all unfolds, especially given the latest news around the National Cybersecurity Strategy that states: "We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us"

Expand full comment

Agree. Although I'm sure the focus of CISA's statement is building secure products vs providing security solutions.

Expand full comment