"Workloads that exploit public cloud capabilities to improve security protection will suffer 60% fewer security incidents."
Legacy, Host-Based Security Controls in Operating Systems reside in the middle of the attack zone and ignore Cloud-Native Controls, effectively opening the doors of your workloads to potential threats.
If you are only using host-based security controls, and not using native controls for each cloud provider, you are vulnerable to attack.
Cloud-native Security Controls (CSP)
Cloud Native Controls are separate from the attack zone and effectively build a moat around your workloads
Host-based Security Controls (Legacy)
Host-based security opens cloud hypervisor controls, effectively opening the doors of your workloads to potential threats
Cloud-Native security controls are outside of the attack zone (VM’s, Containers, Micro-services). This makes the environment much more secure
Legacy, host-based controls reside "inside" the OS of the attack zone. If the workload is attacked the security controls could also be compromised
Cloud-Native Security Controls determine what network communications are allowed inbound to any workload (VM, Container or Micro-service) before they reach the workload
Legacy controls are set from inside the workload (attack zone) allowing malicious communications to actually reach the workload.
Cloud-native controls must be monitored for compliance
Host-based controls do not monitor Cloud-Native controls
Cloud-Native Controls should be enforced. If a malicious change is made to the enforcement point, the security solution must be able to detect and rollback.
Host-based controls do not monitor or enforce Cloud-Native controls. This creates huge risk.
Cloud-Native controls are a mandate for controlling access to micro-services.
Host-based controls want cloud-native controls set to "allow all". This is a huge risk to the environment and will potentially expose micro-services to workloads that should not have access to them.