ON-PREMISES AWS AZURE GOOGLE ORACLE IBM ALIBABA

Firewall & Security Groups Network Security Groups Cloud Armor

VCN Security Lists Cloud Security Groups NAT Gateway
ACLs AWS Network ACLs (NSG) VPC Firewall

Anti-Bot Service
IPS/IDS 3rd Party Only 3rd Party Only 3rd Party Only 3rd Party Only 3rd Party Only
Website Threat Inspector

Web Application Firewall AWS WAF

Application Gateway Cloud Armor Oracle Dyn WAF Cloud Internet Services Web Application Firewall
(WAF) AWS Firewall Manager

SIEM AWS Security Hub Advanced Log Analytics Stackdriver Monitoring Oracle Security IBM Log Analysis
ActionTrail
Log Analytics Amazon GuardDuty Azure Monitor Stackdriver Logging Monitoring and Analytics Cloud Activity Tracker

Microsoft Antimalware /
Antimalware 3rd Party Only 3rd Party Only 3rd Party Only 3rd Party Only Server Guard
Azure Security Center

Privileged Access Azure AD Privileged

3rd Party Only 3rd Party Only 3rd Party Only 3rd Party Only 3rd Party Only
Management (PAM) Identity Management

Data Loss Prevention Information Protection Cloud Data Loss

Amazon Macie 3rd Party Only 3rd Party Only Web Application Firewall
(DLP) (AIP) Prevention API

Amazon Inspector Security Vulnerability Cloud Security Advisor Server Guard

Vulnerability Assessment Azure Security Center Cloud Security Scanner
AWS Trusted Advisor Assessment Service Vulnerability Advisor Website Threat Inspector

Office Advanced Threat Various controls

Email Protection 3rd Party Only 3rd Party Only 3rd Party Only 3rd Party Only
Protection embedded in G-Suite

SSL Decryption Server Load Balancer

Elastic Load Balancer Application Gateway HTTPS Load Balancing 3rd Party Only Cloud Load Balancer
Reverse Proxy (SLB)

VPC Customer Gateway Virtual Network Dynamic Routing IPSec VPN

VPN Google VPN VPN Gateway
AWS Transit Gateway SSTP Gateway (DRG) Secure Gateway

Key Management Service Cloud Key Management Cloud Infrastructure Key Key Protect
Key Management Key Vault Key Management Service
(KMS) Service Management Cloud Security

Storage Encryption for Part of Google Cloud Cloud Infrastructure Block Hyper Protect Crypto
Encryption At Rest Elastic Block Storage Object Storage Service
Data at Rest Platform Volume Services

DDoS AWS Shield Built-in DDoS defense Cloud Armor Built-in DDoS defense Cloud Internet Services Anti-DDoS

Identity and Access Identity and Access Cloud Identity Oracle Cloud Cloud IAM Resource Access
Azure Active Directory
Management Management (IAM) Cloud IAM Infrastructure IAM App ID Management

Multi-Factor Oracle Cloud Resource Access

AWS MFA Azure Active Directory Security Key Enforcement App ID
Authentication Infrastructure IAM Management

Centralized Logging / VPC Flow Logs Oracle Cloud

CloudWatch / S3 bucket Azure Audit Logs Log Analysis with LogDNA Log Service
Auditing Access Transparency Infrastructure Audit

Elastic Load Balancer / Cloud Load Balancing Cloud Infrastructure Load

Load Balancer Azure Load Balancer Cloud Load Balancer Server Load Balancer
CloudFront HTTPS Load Balancing Balancing

Virtual Private Cloud Virtual Private Cloud Virtual Cloud Network Virtual Private Cloud
LAN Virtual Network VLANs
(VPC) Network (VPC) (VCN) (VPC)

VPN Gateway
WAN Direct Connect ExpressRoute / MPLS Dedicated Interconnect FastConnect Direct Link
Express Connect

Endpoint Protection 3rd Party Only Microsoft Defender ATP 3rd Party Only 3rd Party Only 3rd Party Only Server Guard

Cloud SSL Certificates

Certificate Management AWS Certificate Manager 3rd Party Only 3rd Party Only 3rd Party Only Certificate Manager
Service

Amazon EC2 Container Azure Container Service Containers - Trusted

Container Security Kubernetes Engine Oracle Container Services Container Registry
Service (ECS (ACS) Compute

Governance Risk and AWS CloudTrail Cloud Security Command

Azure Policy 3rd Party Only 3rd Party Only ActionTrail
Compliance Monitoring AWS Compliance Center Center

AWS Backup Azure Backup Object Versioning

Backup and Recovery Archive Storage IBM Cloud Backup Hybrid Backup Recovery
Amazon S3 Glacier Azure Site Recovery Cloud Storage Nearline

Mapping of On-Premises Security Controls vs Major Cloud Providers Version 3.2 Feb 2019 © Adrian Grigorof, Marius Mocanu