Global IaaS Providers Tenant Security Controls
The KuppingerCole Market Compass reports provide an overview of vendors and their product or service offerings in a certain market segment. This Market Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and with a specific focus on the capabilities they provide for the tenant to ensure their secure and compliant use of the service.
1 Management Summary
The KuppingerCole Market Compass provides an overview of a market segment and the vendors in that segment. It covers the trends that are influencing that market segment, how it is further divided, and the essential capabilities required of solutions. It also provides ratings of how well these solutions meet our expectations.
This Market Compass:
Provides an assessment of the capabilities provided by Global IaaS providers with a focus on those for the tenant to ensure their secure and compliant use of the service. It covers the basic IaaS as well as the PaaS platform services that are included.
IaaS provides computing resources that can be used to develop and run software and store data. These services form an important pillar for digital transformation by providing rapid access to cutting edge technologies without the need for capital expenditure. However, cloud services are seldom used in isolation and are commonly used in conjunction with on-premises IT creating a Hybrid IT service delivery model.
The early exploitation of IaaS focussed on the development of new "born on the cloud" applications. However, while digital transformation demands the rapid deployment of new or modernized applications it must also support enterprise grade security and compliance. It is these areas of security and compliance that have become the limiting factor for organizational exploitation of cloud.
While the major CSPs (Cloud Service Providers) go to great lengths to secure the services that they provide it is up to the tenant to secure their use of these services. The responsibility for security and compliance when these services are used is shared between the tenant and the CSP. The tenant does not manage or control the underlying cloud infrastructure but is responsible for managing everything above the service provided. The tenant also remains responsible for compliance with laws and regulations governing the processing of data.
Most services provide some capabilities to help the tenant use the service in a way that is secure and compliant. It is important that tenants consider these capabilities when choosing and using the service.
This Market Compass report covers IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) to the extent that this is part of the IaaS offering. It provides an assessment of the capabilities provided by Global IaaS providers with a particular focus on those to assist the tenant to ensure their secure and compliant use of the service.
- This report focusses on how well the services provide capabilities to manage the common business risks such as loss of business continuity, data breaches and regulatory compliance failure when using cloud services as part of a hybrid IT delivery model.
- The market for cloud services is forecast to grow significantly over the next five years. Much of this growth will depend upon organizations moving, migrating, or modernizing business critical workloads. The factors limiting this growth are management, security, and compliance.
- We expect that the capabilities provided for IaaS / PaaS tenants to ensure their security and compliance will evolve in the following ways:
- Increased transparency of CSP controls for end-to-end compliance posture.
- Better integration between cloud / non cloud security capabilities providing integrated control over the tenant's security and compliance posture.
- Productization of confidential computing capabilities that provide protection for data during processing as well as in transit, and at rest.
- True multi-cloud management capabilities covering the whole hybrid IT delivery options will become widely available.
- Autonomous security and compliance for the tenants use of the services through the use of AI/ML will become the norm.
- As organizations go through digital transformation using IaaS / PaaS cloud services to change the way they do business this makes them more dependent upon the new digitized services and hence more vulnerable to the impact of cyber risks.
- The responsibility for security and compliance in the use of cloud services is shared between the tenant and the CSP (Cloud Service Provider). The majority of reported cloud related cyber incidents have been due to misconfigurations of the services by the tenant.
- Therefore, it is essential that services provide better tools and services to support the tenant to fulfil their responsibilities.
- Most organizations are now using a hybrid IT services delivery model where the use of multiple cloud services is integrated with business-critical services that are delivered in other ways.
- The hybrid nature of the IT service delivery increases the complexity of management and cloud services need to provide capabilities to reduce this.