10 Differences Between Cloud-Native & “Faux” Cloud Security Products

cloud security products

For IT and security teams with limited staff and tight budgets, cloud-native software-as-a-service (SaaS) security products offer tremendous value. Some CIOs have even mandated that new security tools be delivered in the cloud where possible. Some vendors with older on-premises products have tried to sneak in their products by claiming they are now “in the cloud,” but the truth is that that is a façade. 

Let’s call these products “faux” cloud security to contrast against products that are truly “cloud native.” Vendors of faux cloud products hope that with a little marketing smoke and mirrors, they can use some “cloudy” language and potential buyers will not know the difference. When we say faux cloud, technically speaking, we mean that the vendor is just allowing the customer to host their on-premises product in the customer’s public cloud account. This means the customer still must install, configure, deploy, maintain, update, and eventually decommission that product.  

In other words, you as the customer must do all the work. The only “cloud” aspect of this arrangement is that you can do all the work on a server you are renting (that is, paying for) from AWS, Azure, Oracle, Dell, etc.  

 

Faux Cloud Security in the RealWorld

A real-world example of this software sleight-of-hand is Cisco’s Internet Security Engine (ISE). Cisco delivers ISE as a virtual appliance to handle network access control (NAC) – a critical component of any effective cyber security stack. As of ISE’s latest version, a customer can deploy the software in their own AWS or Azure accounts.  

That is the long and short of it, however. The well-known challenges of setting up ISE – or any other network security appliance – remain. It is difficult to get your ISE server configured properly, ensuring it communicates with all your network equipment, even after having committed over 1,200 pages of ISE documentation to memory. 

 

Cloud Native Reduces the Hassles

In contrast, a truly cloud-native solution allows the customer to sign up through a web page, configure as needed, and move on – the application just works out-of-the-box. Period. Now, that’s the easy part. As your organization consumes a cloud service, it does not have to concern itself with nagging issues and questions along the way common with on-premises software (e.g., How do we roll out patches and upgrades? Is there a security vulnerability in the operating system? Who is handling system backup?). You, as the end-user, have historically been responsible for these items with legacy on-premises software. 

Portnox CLEAR NAC-as-a-service is cloud-native – “born in the cloud” as it were. To deploy CLEAR, a customer just needs to visit the sign-up page, enter their wireless controller information, configure the RADIUS settings on the network device, and CLEAR will begin enforcing policies. Portnox customers have done this in as fast as 30 minutes from start to finish. As is true of cloud-native solutions in other domains, customers can see value in minutes, not days, weeks, or even months. No complexity. No hassle. 

 

Knowing the Difference Before You Commit

As a potential customer, how can you distinguish cloud-native from faux cloud security software? 

There are a few telltale signs. The table below summarizes some of the most salient differences. When you evaluate a new vendor, be sure to ask questions such as who is paying for the infrastructure? Who is responsible for updates and upgrades?  

 Cloud Native Faux Cloud
InfrastructureProvided, paid, and managed by the vendor; mostly invisible to anyone utilizing the service Provided, paid, and managed by you through your own AWS or Azure account
ImplementationQuick time to value; much of the work is invisible to you Depends on the complexity of the app, but it is your responsibility to do the work or pay someone else to do it
PricingSubscription with lower up-front cost Perpetual license with expensive up-front cost that are amortized over time.

(Note: many vendors are moving away from perpetual licensing for on-prem or faux cloud products, but as they do, their customers are getting the worst of both worlds – paying more annually while still being responsible for on-going maintenance of the product)
Total Cost of OwnershipThe price of the product reflects the genuine cost of ownership The price of the product is only one (and sometimes only a small) part of the total cost that is reflected in the staff time and public cloud expenses; in many instances, you may not even know what it is going to cost you until it is too late
Vendor Lock-InEasy to switch to another vendor should your business needs change Expensive license, deployment and maintenance costs make switching prohibitive, often for years
AccessAccess anywhere via browser with internet connection On-premises model often requires access via VPN

(Note: what happens when there is a problem with your solution and your VPN is configured to use your on-premises system? Sounds like someone is driving into the office!)
ScalabilityAutomatically scales with usage Customer must increase capacity to keep up with usage
UpdatesVendor regularly updates the underlying components such as servers, databases, etc. This process will often be invisible to you. You are responsible for ensuring that the entire tech stack - components, databases, servers, network - is updated with the latest patches
UpgradesYou seamlessly and transparently reap the benefit of new features, enhancements, and other improvements with zero effort Any upgrade requires you to install, test, and then deploy the upgrade in production, often during nights and weekends in case something goes wrong
AccountabilityThe vendor takes ownership of the uptime and security, performance, and availability of the service Apart from the infrastructure as a service, you are on the hook for the performance, health, security, and availability of the solution, lock stock and barrel

Try Portnox CLEAR for Free Today

Gain access to all of Portnox CLEAR’s powerful NAC capabilities for 30 days!