The document compares security patterns and solutions between Amazon Web Services (AWS) and Microsoft Azure for cloud computing. It discusses six key areas of comparison: 1) compliance and regulatory, 2) identity authentication and authorization, 3) secure development, operation and administration, 4) privacy and confidentiality, 5) secure architecture, and 6) provides examples of specific security solutions offered by each cloud provider for different security patterns within each area.
2. Author
• Abdul Khan
• IT Consultant based in Manchester, UK
• Engineering Lead, Executive, Technologist, Architect
• IT experience, within the private and public sectors (Retail, Banking, Digital, Insurance, M.O.D., HMRC, Aviation, Telecommunication,
Housing Associations, Education, Travel, and Pharmaceutical companies). Excellent architectural and strong DevOps experience with
proven-track record of delivering E2E, B2B and B2C solution on regional and global programs.
• SME in specializing in providing integration, data migration, digital transformations to the cloud solutions (Azure and AWS)
• Wealth of experience in global projects across EMEA, ASPAC and LATAM
• Liked in profile https://www.linkedin.com/in/abdul-khan-uk/
3. Content
1. Key Areas Of Cloud SaaS Security Patterns
2. Security Comparisons between AWS and Azure : Compliance and Regulatory
3. Security Comparisons between AWS and Azure : Identity Authentication and Authorisation
4. Security Comparisons between AWS and Azure : Secure Development, Operation and Administration
5. Security Comparisons between AWS and Azure : Privacy and Confidentially
6. Security Comparisons between AWS and Azure : Secure Architecture
Security Comparisons between AWS and Azure
4. 1. Key Areas Of Cloud SaaS Security Patterns
Cloud Security
Patterns
Compliance and Regulatory Patterns
• Data Citizenship
• Cryptographic Erasure
• Shared Responsibility Model
• Compliant Data Transfer
• Data Retention
• Data Lifecycle
• Intentional Data Remanence
Identity Authentication and Authorisation Patterns
• Multi-Factor Authentication
• Federation (single -on)
• Access Token
• Mutual Authentication
• Secure User Onboarding
• Identity and Access Manager
• Per-request Authentication
• Access Control Clearance
Secure Development, Operation and Administration
Patterns
• Bastion Server
• Automated Threat Detection
• Durable Availability
• Economic Durability
• Vulnerability Management and
Privacy and Confidentially Patterns
• End-to-End Security
• Computation on Encrypted Data
• Data Anonymisation
• Process Purpose Control
Secure Architecture Patterns
• Virtual Network
• Web Application Firewall
• Secure Element
• Secure Cold Storage
• Certificate and Key Manager
• Hardware Security Module
• Secure Auditing
5. 2. Security Comparisons between AWS and Azure :
Compliance and Regulatory
Category Pattern Solution In AWS Solution In Azure
Compliance and
Regulatory
Data Citizenship
Use AWS location Tags to designate the
location for the data processing
Azure information and location Tag. Azure
FrontDoor Service
Cryptographic Erasure Use AWS KMS Use Azure Key Vault
Shared Responsibility Model
AWS provides different Services to protect
data and systems. AWS is only responsible
for the availability and basic security of the
cloud platform
Azure provides different Services to protect
data and systems. Azure provides is only
responsible for the availability and basic
security of cloud platforms
Compliant Data Transfer AWS Location Tag Azure Location Tag
Data Retention
The Data retention policies can be defined
and executed by AWS (e.g. Lambda)
Azure provides option to define data
retention policy in Database System
Data Lifecycle AWS data lifecycle manager Azure blob storage lifecycle
International Data Remanences Database (e.g. DynamoDB) Database ( e.g. Azure Database backup)
6. 3. Security Comparisons between AWS and Azure :
Identity Authentication and Authorisation
Category Pattern Solution In AWS Solution In Azure
Identity Authentication
and Authorisation
actor Authentication AWS Azure
Multi-Federation (single -on) AWS SSO (Single Sign-On) Azure AD Seamless : Sign-On
Access Token AWS SSO (Single Sign-On) Azure AD Seamless : Sign-On
Mutual Authentication
AWS TLS/SSL Certification, Certification
Features of API Gateway (AWS Client VPN)
Azure App Service
Secure User Onboarding AWS customer on boarding Azure Security Centre
Identity and Access Manager AWS IAM and Cognito
Azure AP management & REST API
authentication
Per-request Authentication
AWS Signing and Authenticating REST
Requests
AWS API Management & REST API
Authentication
Access Control Clearance AWS cloud watch and AWS Cognito/IAM Azure access control Service
7. 4. Security Comparisons between AWS and Azure :
Secure Development, Operation and Administration
Category Pattern Solution In AWS Solution In Azure
Secure Development,
Operation and
Administration
Bastion Server AWS Bastion Host Azure Bastion Host
Automated Threat Detection AWS GuardDuty Azure Advance threat protection
Durable Availability AWS Cloud Watch, AWS WAF
Azure Web Access Firewall & firewall
application gateway
Economic Durability AWS Cloud Watch Azure Monitor
Vulnerability Management AWS Vulnerability scanning Vulnerability scan in Azure security centre
8. 5. Security Comparisons between AWS and Azure :
Privacy and Confidentially
Category Pattern Solution In AWS Solution In Azure
Privacy and
Confidentially
End-to-End Security AWS KMS, Certification Manager Azure Key Vault
Computation on Encrypted Data NA NA
Data Anonymisation
Algorithms can be defined and ran by AWS
Modules
Azure Dynamic Data Masking on SQL
databases
Process Purpose Control NA NA