Why Relying on Native Cloud Firewalls Could Be a Critical Mistake
Imagine buying the most talked-about, high-tech car on the market. It’s sleek, fast, and everyone wants one. But then, after the excitement fades, you find out it flunked every safety test—earning a flat zero on the crash test rating scale. Suddenly, that flashy new car feels more like a liability than a luxury.
This metaphor is exactly how Keith Ward, moderator and analyst at ActualTech Media, frames a chilling discovery in cloud security: the native firewalls provided by major public cloud vendors—Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)—recently received zero percent effectiveness ratings in an independent security test.
The Shocking Report from CyberRatings.org
The findings come from CyberRatings.org, a nonprofit organization that rigorously evaluates cybersecurity products. In its most recent comparative test report on cloud network firewalls, the organization included the built-in firewalls of AWS, Azure, and GCP.
The result? All three major cloud providers failed miserably, scoring 0% security effectiveness.
According to CyberRatings, these native firewalls offer convenience—but at a significant cost. They allowed basic attacks to bypass existing security measures at OSI layers 3 and 4, which represent the network and transport layers. These are foundational levels of defense, and if attackers can get through them, the rest of your cloud infrastructure is essentially exposed.
In other words, if you’re relying solely on native cloud firewalls, you’re gambling with your organization’s data, uptime, and reputation.
IT Malpractice in the Making?
Ward doesn’t mince words: “Relying on the built-in firewalls from the public cloud big dogs is to commit IT malpractice.”
The analogy he uses—driving an unsafe car with your family inside—drives home the urgency. Companies entrust public cloud providers with critical data and operations, assuming that these environments come with baseline security. But this assumption can be dangerous, especially if it leads to complacency.
And while cloud vendors tout their native security tools as robust and enterprise-ready, CyberRatings’ analysis suggests otherwise. As Ward points out, these firewalls “might as well not exist.”
There Is a Better Way
Fortunately, all is not lost. The same CyberRatings report also evaluated a range of third-party firewall solutions, and the contrast couldn’t be starker. These products consistently scored in the 99% to 100% effectiveness range, showcasing just how much better security can be with the right tools in place.
The CEO of CyberRatings had this blunt but critical advice:
“Until cloud service provider native firewalls provide better protection, customers should be looking to third parties for their cloud security needs.”
Third-party solutions are often more customizable, more robust, and better supported when it comes to proactive threat detection, advanced logging, segmentation, and more.
The Takeaway: Act Now
For organizations running workloads in the public cloud, this should be a wake-up call. Cloud adoption doesn’t eliminate your security responsibilities. In fact, in the shared responsibility model, security of the data and workloads remains squarely on the shoulders of the customer.
Whether you’re in IT leadership, security operations, or DevOps, this is a moment to reassess. Are you protected—or just hopeful? If your security strategy leans heavily on default cloud tools, now is the time to explore and invest in stronger, third-party firewall solutions.
In short: ditch the unsafe car. Your data—and your business—deserve better protection.
Here’s the Transcript in case you missed it:
I’m Keith Ward, a moderator and analyst with Actual Tech Media. And I want you to imagine the following scenario. You’re buying a car. It’s flashy and modern and everyone’s talking about it. It has all the hype and dealers can’t keep it on the lot. So you buy it, get it home, load up your wife and kids and take it out for a spin. You love it. It’s got everything you’ve ever wanted. But then you read about some accidents that this car is having. You start researching and eventually check out the cars.
National Highway Traffic Safety Administration rating. You discover that its rating is a big fat zero. No one is safe in the car. What do you do? Keep driving it, hoping for the best, assuming you won’t get into an accident? Or do you get a towed back to the dealer’s lot and demand your money back? The answer is easy and obvious, I think. Now this scenario could play out in cyberspace.
if you’re expecting the native cloud firewalls from the big three public vendors to protect any data you’ve got in their clouds. CyberRatings.org, a nonprofit organization that analyzes cybersecurity products, just published its latest comparative test report on cloud network firewalls. Among the products it tested were the built-in firewalls from Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
All of them received a goose egg rating in the test. Yikes. In a press release, CyberRating said that these firewalls, quote, offer a convenient alternative, but all received zero percent security effectiveness as they allowed attacks to bypass existing defenses. These defenses included layers three and four of the Open Systems Interconnect or OSI model, which
indicate the network and transport layers. Now, you don’t have to be a cybersecurity expert to understand that if your network and transport defenses fail, you are in deep guacamole. What all this means is that if you’re counting on the native firewall from these public cloud titans to protect you, you’re doing the exact opposite and inviting disaster. These firewalls, in fact, might as well not exist.
The silver lining in these storm clouds is that CyberRatings tested numerous third-party cloud firewall products as well, and most of those got great ratings on the order of 99 % plus to 100 % in terms of their effectiveness. The CEO of CyberRatings had this caution, quote, until cloud service provider native firewalls provide better protection, customers should be looking to third parties for their cloud security needs.
The takeaway here may be obvious, but it’s worth stating anyway. Relying on the built-in firewalls from the public cloud big dogs is to commit IT malpractice. The data and infrastructure in these clouds is unsafe, and you should take immediate steps to rectify the situation. Fortunately, you have options available. And the first option to take is getting rid of that car. It’s an accident waiting to happen.
