For security in a hybrid/multi cloud environment we suggest using a combination of native and third-party solutions, for Firewalling, IDS and IPS we use native tools as much as possible. You can deploy virtual copies of your on-premises firewall in the cloud but be careful not to create a chokepoint for your traffic by forcing it all through the firewall.

You still need some third-party tools, as things like Layer-7 security are tough to get in the public cloud and security teams are used to using their on-premises firewalls to solve this problem. Doing SSL termination for Deep Packet Inspection (DPI) can create performance issues as it’s not practical. Some DPI is needed for traffic going to the internet. You don’t want to do it for all traffic as it can create performance issues, so we work with our clients to overlay granular policies when we implement this.