10 Differences Between Cloud-Native & “Faux” Cloud Security Products

For IT and security teams with limited staff and tight budgets, cloud-native software-as-a-service (SaaS) security products offer tremendous value. Some CIOs have even mandated that new security tools be delivered in the cloud where possible. Some vendors with older on-premises products have tried to sneak in their products by claiming they are now “in the cloud,” but the truth is that that is a façade. 

Let’s call these products “faux” cloud security to contrast against products that are truly “cloud native.” Vendors of faux cloud products hope that with a little marketing smoke and mirrors, they can use some “cloudy” language and potential buyers will not know the difference. When we say faux cloud, technically speaking, we mean that the vendor is just allowing the customer to host their on-premises product in the customer’s public cloud account. This means the customer still must install, configure, deploy, maintain, update, and eventually decommission that product.  

In other words, you as the customer must do all the work. The only “cloud” aspect of this arrangement is that you can do all the work on a server you are renting (that is, paying for) from AWS, Azure, Oracle, Dell, etc.  

Faux Cloud Security in the Real–World

A real-world example of this software sleight-of-hand is Cisco’s Internet Security Engine (ISE). Cisco delivers ISE as a virtual appliance to handle network access control (NAC) – a critical component of any effective cyber security stack. As of ISE’s latest version, a customer can deploy the software in their own AWS or Azure accounts.  

That is the long and short of it, however. The well-known challenges of setting up ISE – or any other network security appliance – remain. It is difficult to get your ISE server configured properly, ensuring it communicates with all your network equipment, even after having committed over 1,200 pages of ISE documentation to memory. 

Cloud Native Reduces the Hassles

In contrast, a truly cloud-native solution allows the customer to sign up through a web page, configure as needed, and move on – the application just works out-of-the-box. Period. Now, that’s the easy part. As your organization consumes a cloud service, it does not have to concern itself with nagging issues and questions along the way common with on-premises software (e.g., How do we roll out patches and upgrades? Is there a security vulnerability in the operating system? Who is handling system backup?). You, as the end-user, have historically been responsible for these items with legacy on-premises software. 

Portnox CLEAR NAC-as-a-service is cloud-native – “born in the cloud” as it were. To deploy CLEAR, a customer just needs to visit the sign-up page, enter their wireless controller information, configure the RADIUS settings on the network device, and CLEAR will begin enforcing policies. Portnox customers have done this in as fast as 30 minutes from start to finish. As is true of cloud-native solutions in other domains, customers can see value in minutes, not days, weeks, or even months. No complexity. No hassle. 

Knowing the Difference Before You Commit

As a potential customer, how can you distinguish cloud-native from faux cloud security software? 

There are a few telltale signs. The table below summarizes some of the most salient differences. When you evaluate a new vendor, be sure to ask questions such as who is paying for the infrastructure? Who is responsible for updates and upgrades?  

[table id=8 /]