The order of the 4Cs in Cloud Native Security, starting with the layer that a user has the most control over, is Code -> Container -> Cluster -> Cloud. In this hierarchy, 'Code' is the most directly controllable by the user as it involves the application's source code. Next, 'Container' refers to how the application is packaged, which is also under significant control of the user. 'Cluster' involves the orchestration and management of containers, which the user can configure but with less direct control compared to code and containers. Finally, 'Cloud' represents the underlying infrastructure, which is the least controllable layer by the user.