I often hear about cloud-based security solutions that solve all security problems. It’s a simple fact that such an animal does not exist.
Why? Because the problem domains are just too different. Therefore, security requirements are different as well. If you try to push the same security solution across all workloads, you’ll find it doesn’t work across them all — and that’s if you’re lucky. If you’re not lucky, you won’t know until it’s too late where the solution doesn’t work.
Your applications are built with very different programming engines, databases, and middleware, and all those attributes help determine the type of security solution you should use. That brings in (necessary) complexity, which makes using “standard” security tools and processes an impossibility most of the time.