A Comparative Evaluation of Cloud-Native Security Controls in AWS, Azure, and GCP
DOI:
https://doi.org/10.54536/ajsts.v4i2.6147Keywords:
AWS, Azure, Cloud-Native Security, CSPM, GCP, Multi-Cloud Risk, Privileged Access Management, SandboxingAbstract
Cloud-native architectures have revolutionized modern computing, but their fast deployment has demonstrated inconsistencies in security among the major providers of these applications, such as AWS, Azure, and GCP. Although both platforms provide a set of controls designed specifically to allow regulating certain aspects, the presence of features like sandboxing, privileged access management (PAM), as well as workload isolation varies widely. The differences have implications for the security posture of organisations trying to use a multi-cloud approach. This article will seek to identify and contrast the natural shortcomings of native security tooling, evaluate the use of cloud marketplaces to address critical security gaps, and analyse the risks architecturally arising out of excessive use of third-party integrations. A cross-platform study of the existing controls offered by AWS, Azure, and GCP was performed through the review of technical documentation, CSPM capabilities, and scholarly/commercial research published in 2020-25. To conduct this comparative evaluation, a matrix was developed to compare native features with industry best practices in cloud security, along with the particulars of PAM, sandboxing, micro-segmentation, and threat detection. We found that the implementation of least privilege access is not consistent across platforms, with Azure providing more role-based access control (RBAC), and GCP having less developed controls on sandboxing compute workloads. Configurations CSPM products tend not to notice a drift in configuration in real time, and many of the most important controls need to be tooled. Also, extensions to marketplaces make it harder to comply and respond to incidents. Cloud providers have evolved to provide security primitives, but critical gaps remain in the interpretation of the principles of zero trust in its native form. These inadequacies have to be addressed by organisations in terms of layered defence plans, active modelling of threats and enforcement of tight integration checks. Cross-platform security alignment is a vital requirement for healthy multi-cloud resilience.
Downloads
References
Arif, T., Jo, B., & Park, J. H. (2025). A Comprehensive Survey of Privacy-Enhancing and Trust-Centric Cloud-Native Security Techniques Against Cyber Threats. Sensors, 25(8), 2350.
Arora, A. (2025). Securing Multi-Cloud Architectures using Advanced Cloud Security Management Tools. Available at SSRN 5268184.
Balasubramanian, P., Nazari, S., Kholgh, D. K., Mahmoodi, A., Seby, J., & Kostakos, P. (2025). A cognitive platform for collecting cyber threat intelligence and real-time detection using cloud computing. Decision Analytics Journal, 14, 100545.
Blessing, M. (2024). Incident Response and Recovery in Cloud-Based Systems. ResearchGate.
Chauhan, A. (2020). A Comparative Study of Cloud Computing Platforms. Journal of Computer and Mathematics Education (TURCOMAT), 11(1), 821–826.
Dhiman, P., Saini, N., Gulzar, Y., Turaev, S., Kaur, A., Nisa, K. U., & Hamid, Y. (2024). A review and comparative analysis of relevant approaches of zero trust network model. Sensors, 24(4), 1328.
Drissi, S., Chergui, M., & Khatar, Z. (2025). A Systematic Literature Review on Risk Assessment in Cloud Computing: Recent Research Advancements. IEEE Access.
Fakhouri, H. N., Alhadidi, B., AlSharaiah, M. A., Al Naddaf, H., & Data, A. S. A. (2024). Critical Evaluation of the Role of Cloud Systems and Networking in the Security and Growth of the Business Market. 2024 2nd International Conference on Cyber Resilience (ICCR).
Folorunso, A., Adewa, A., Babalola, O., & Nwatu, C. E. (2024). A governance framework model for cloud computing: Role of AI, security, compliance, and management. World Journal of Advanced Research and Reviews, 24(2), 1969–1982.
Jim, M. M. I. (2024). Cloud Security Posture Management Automating Risk Identification and Response In Cloud Infrastructures. Academic Journal on Science, Technology, Engineering & Mathematics Education, 4(3), 10.69593.
Kumar, E. S., Ramamoorthy, R., Kesavan, S., Shobha, T., Patil, S., & Vighneshwari, B. (2024). Comparative study and analysis of cloud container technology. 2024 11th International Conference on Computing for Sustainable Global Development (INDIACom).
Kumar, S., & Raju, S. (2024). Enhancing Threat Detection and Response Through Cloud-Native Security Solutions. 2024 International Conference on Engineering and Emerging Technologies (ICEET).
Leaua, M. S., Chiş, A., Bălan, T.-C., & Ilca, L. F. (2024). Assesment of Cloud Security Posture Management Scenarios. 2024 23rd RoEduNet Conference: Networking in Education and Research (RoEduNet).
Mahavaishnavi, V., Saminathan, R., & Prithviraj, R. (2025). Secure container orchestration: A framework for detecting and mitigating orchestrator-level vulnerabilities. Multimedia Tools and Applications, 84(17), 18351–18371.
Manchana, R. (2024). DevSecOps in Cloud Native CyberSecurity: Shifting Left for Early Security, Securing Right with Continuous Protection. International Journal of Science and Research, 13(8), 1374–1382.
Najana, M., & Ranjan, P. (2024). Compliance and regulatory challenges in cloud computing: a sector-wise analysis. International Journal of Global Innovations and Solutions, 1–21.
Nevalainen, S. (2022). Risk management and architecture design in securing cloud platforms: Case study of cloud. Univ. Turku.
Olabanji, S. O., Marquis, Y., Adigwe, C. S., Ajayi, S. A., Oladoyinbo, T. O., & Olaniyi, O. O. (2024). AI-driven cloud security: Examining the impact of user behavior analysis on threat detection. Asian Journal of Research in Computer Science, 17(3), 57–74.
Paidy, P., & Chaganti, K. (2025). Cloud-native Security Posture Management in AWS and Azure: Audit-Driven Approaches to Risk and Compliance. CS & IT Conference Proceedings.
Rahaman, M. S., Tisha, S. N., Song, E., & Cerny, T. (2023). Access control design practice and solutions in cloud-native architecture: A systematic mapping study. Sensors, 23(7), 3413.
Reyes, C. M. a. C. (2024). Exploring The Impact Of Shared Responsibility Models On Cloud Security Posture And Vulnerability Management. Journal of Emerging Technologies. https://www.researchgate.net/publication/386220026_exploring_the_impact_of_shared_responsibility_models_on_cloud_security_posture_and_vulnerability_management
Sailakshmi, V. (2021). Analysis of Cloud Security Controls in AWS, Azure, and Google Cloud.
Saqib, M., Mehta, D., Yashu, F., & Malhotra, S. (2025). Adaptive Security Policy Management in Cloud Environments Using Reinforcement Learning. arXiv preprint arXiv:2505.08837.
Singh, N., Buyya, R., & Kim, H. (2024). Securing cloud-based internet of things: challenges and mitigations. Sensors, 25(1), 79.
Theodoropoulos, T., Rosa, L., Benzaid, C., Gray, P., Marin, E., Makris, A., Cordeiro, L., Diego, F., Sorokin, P., & Girolamo, M. D. (2023). Security in cloud-native services: A survey. Journal of Cybersecurity and Privacy, 3(4), 758–793.
Thota, R. C. (2024). Cloud-Native DevSecOps: Integrating Security Automation into CI/CD Pipelines. International Journal of Innovative Research And Creative Technology, 10(6), 1–19.
Torkura, K. A., Sukmana, M. I., Cheng, F., & Meinel, C. (2021). Continuous auditing and threat detection in multi-cloud infrastructure. Computers & Security, 102, 102124.
Venkata, B. (2024). Enhancing Performance And Security In Multi-Cloud And Hybrid-Cloud Environments.
Verdet, A. (2023). Exploring security practices in infrastructure as code: An empirical study. Ecole Polytechnique, Montreal (Canada).
Wairagade, A. (2024). Modern Permissions Management Strategies for Enforcing Least Privilege in Cloud: A Comparative Assessment.
Zeng, Q., Kavousi, M., Luo, Y., Jin, L., & Chen, Y. (2023). Full-stack vulnerability analysis of the cloud-native platform. Computers & Security, 129, 103173.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Zain Muhammad
This work is licensed under a Creative Commons Attribution 4.0 International License.
