More

    Cloud Security: Technologies You Need to Safely Use the Cloud

    Businesses are nothing less than addicted to the speed and flexibility of using cloud-based software and infrastructure. However, there’s persistent confusion about what cloud security technologies businesses need, and the risks those technologies mitigate.

    In this slideshow, Carson Sweet, CEO and co-founder of CloudPassage, highlights a categorical review of cloud security needs associated with the use of public infrastructure as a service (IaaS), software as a service (SaaS) and governance of cloud services. This slideshow will help users navigate what cloud security technologies apply to their businesses. 

    Cloud Security: Technologies You Need to Safely Use the Cloud - slide 1

    Click through for a categorical review of cloud security needs associated with the use of public infrastructure as a service (IaaS), software as a service (SaaS) and governance of cloud services. as identified by Carson Sweet, CEO and co-founder of CloudPassage.

    Cloud Security: Technologies You Need to Safely Use the Cloud - slide 2

    Category 1: Public infrastructure as a service

    Overview: Many companies deploy their own applications, websites and other workloads in public infrastructure as a service (IaaS) and platform as a service (PaaS) solutions because it allows for rapid access to infrastructure on demand and can scale rapidly.

    Risk: The security that comes with public IaaS service is not complete as it fails to protect workloads – exposing the company to compliance failures, brand damage, fines, legal liability and data theft.

    Cloud Security: Technologies You Need to Safely Use the Cloud - slide 3

    Category 1: Public infrastructure as a service

    Technology: There are two categories of security for public IaaS – point solutions and platform providers. Point solutions only provide one or two functions; an example would be the SIEM capabilities provided by ArcSight or Splunk. Broader cloud-forward providers focus on the strategic capabilities that transcend any specific cloud provider, similar to CloudPassage’s software-defined security. These few technology providers offer a diverse group of security controls but all focus on securing the workload in the cloud. IaaS requires the ability to verify integrity of the workload, alert to unauthorized changes, and track for incidents of compromise – details that an IaaS provider would be unable to ascertain but are the responsibility of the business.

    Cloud Security: Technologies You Need to Safely Use the Cloud - slide 4

    Category 2: Software as a service

    Overview: SaaS providers offer ready-to-use business applications that are available on demand and can scale.

    Risk: SaaS providers handle sensitive business information, but your company is still ultimately responsible for its data and should perform due diligence on the SaaS providers. With SaaS, we see common routes to data theft through:

    1. Attackers exploiting weak or poorly managed SaaS authentication mechanisms to gain access to user accounts.
    2. Weaknesses in application functionality that allow intruders to gain a foothold or extract data.
    3. Vulnerabilities of infrastructure that can be exploited.

    Cloud Security: Technologies You Need to Safely Use the Cloud - slide 5

    Category 2: Software as a service

    Technologies: The two major focus areas for businesses to address regarding SaaS security are data encryption and user access control. Data encryption focuses on protecting the end-user data within the service infrastructure with companies like CipherCloud. User access control focuses on stronger authentication and more effective identity management that collectively protects access to a company’s SaaS data, accounts and supporting services. Examples include OneLogin, Okta and Ping Identity.

    Cloud Security: Technologies You Need to Safely Use the Cloud - slide 6

    Category 3: Governance of cloud services

    Overview: As companies use IaaS, PaaS and SaaS, they need to have mechanisms in place that will track, monitor and govern the use of these services, which is critical to companies maintaining control of information technology and protecting data assets.

    Risk: Without governance, there’s a lack of visibility into how company data is being used, where it’s being sent and the threats it’s being exposed to.

    Cloud Security: Technologies You Need to Safely Use the Cloud - slide 7

    Category 3: Governance of cloud services

    Technologies: The governance and utilization monitoring of cloud services is newly emerging. Companies can monitor and set granular policies regarding employee access to and usage of common SaaS, PaaS and IaaS providers, which allows them to mitigate potentially risky data handling in the cloud and cloud data loss protection. Companies can also control what can be used and done with approved cloud services and report on utilization and activity integrated with identity and access management. Examples of governance of cloud services include NetSkope and Skyhigh.

    Latest Articles