# The evolution of cloud-native security

By [Doug Lane](https://paragraph.com/@axalane) · 2022-03-30

---

​Amazon famously promotes a [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) for cloud security.

The short version:

*   Amazon is responsible for security **of** the cloud.
    
*   The customer is responsible for security **in** the cloud.
    

AWS has cloud-native security features to help with this. But it's kind of on the customer to figure out how to best apply them alongside the rest of their security stack.

This is a fairly defensible way to approach things. But I do think it opens up opportunities for other cloud players to do more to show customers the way.

Google is making an interesting play on this front. I was a bit dismissive when they first announced their Siemplicity acquisition. But now that they've [dropped another $5.4 billion on Mandiant](https://www.googlecloudpresscorner.com/2022-03-08-mgc), there's a clear story coming into focus.

They now have:

*   A [substantive vision](https://cloud.google.com/beyondcorp-enterprise) around Zero Trust and proactive risk mitigation.
    
*   The combined capabilities of their Chronicle offering and Siemplicity to help customers detect threats and execute sophisticated response playbooks.
    
*   A premium set of research, advisory, and response services from Mandiant that also sets them up to be a leading industry voice and resource when large-scale security incidents break.
    

These are still disparate pieces that need to come together more cohesively. But if they can bring it together into a more prescriptive cloud security blueprint – backed by cloud-native tools and experts on demand – it will be a compelling point of differentiation.

\-Doug​

---

*Originally published on [Doug Lane](https://paragraph.com/@axalane/the-evolution-of-cloud-native-security)*