Comparing AWS, Azure, and GCP across compute, storage, and identity primitives — and understanding NIC MeghRaj and Indian data sovereignty requirements that shape every cloud deployment in India.
Sign in to mark this article as read and track your progress.
AWS, Microsoft Azure, and Google Cloud Platform (GCP) together hold over 65% of global cloud market share. For security practitioners, the key skill is not brand loyalty — it is the ability to map equivalent primitives across platforms.
| Function | AWS | Azure | GCP |
|---|---|---|---|
| Virtual compute | EC2 | Virtual Machines | Compute Engine |
| Object storage | S3 | Blob Storage | Cloud Storage |
| Managed Kubernetes | EKS | AKS | GKE |
| Identity & Access | IAM + STS | Entra ID (AAD) | Cloud IAM |
| Key management | KMS + CloudHSM | Key Vault | Cloud KMS + HSM |
| Threat detection | GuardDuty | Defender for Cloud | Security Command Center |
| Audit logging | CloudTrail | Activity Log | Cloud Audit Logs |
| WAF | AWS WAF | Azure WAF | Cloud Armor |
| Secrets management | Secrets Manager | Key Vault (secrets) | Secret Manager |
Knowing these equivalents lets you apply the same security methodology regardless of the provider in scope for a given engagement.
The National Informatics Centre (NIC) operates MeghRaj — the Government of India community cloud. It provides:
Key security considerations for MeghRaj:
India has enacted several frameworks that directly affect cloud architecture decisions:
| Framework | Key Requirement | Cloud Impact |
|---|---|---|
| IT Act 2000 + Rules | Reasonable security practices for sensitive personal data | Encryption and access controls are mandatory |
| DPDP Act 2023 | Personal data of Indian citizens processed lawfully with consent | Data residency, deletion rights, breach notification |
| RBI IT Framework | Financial data must be stored in India | Indian region deployments mandatory for banking workloads |
| CERT-In Directions 2022 | 6-hour breach reporting; 5-year log retention | CloudTrail and centralised logging are not optional |
| SEBI CSCRF 2024 | Cybersecurity resilience framework for capital markets | RTO/RPO requirements, third-party risk management |
When selecting a cloud provider for Indian workloads:
The cloud provider you choose inherits its own security posture into your stack. Verify provider certifications, understand region-level data residency guarantees, and map your workload requirements against Indian regulatory frameworks before the first resource is provisioned.