A fundamental decision for cloud security architects is how much to rely on the cloud-native security tools of their cloud provider, be it AWS, GCP, Azure, or any other provider. “As much as possible” is the wish of cloud engineers, while security specialists tend to prefer third-party security vendors. Many security specialists implemented and worked with vulnerability management, anti-malware, or data loss prevention tools for many years; why not use the same tools in the cloud? It is a clash of cultures, and the following six theses are designed to help move from emotion-based to fact-based architectural decision-making.