Cloud computing has become ubiquitous because of its agility and cost savings — but along with those benefits have come security concerns. Because cloud is a different way of delivering IT resources, cloud security encompasses the same security concerns as on-premises IT, plus others unique to the cloud. Among the areas addressed by cloud security products are access control, workload security, privacy and compliance, and more.
When considering cloud security products, it’s important to recognize and understand the different categories of solutions that are available to help organizations reduce risk and improve security. Among them are:
- Cloud access security brokers (CASB): A primary category of cloud security solutions is cloud access security broker (CASB) platforms, which monitor activity and enforce cloud access security policies. For more on CASB vendors, see our guide to the top CASB vendors.
- Software-defined compute (SDC) security: Among the newest categories, and sometimes referred to as Cloud Native security. These solutions look to protect containers and Kubernetes running across cloud deployments.
- Cloud workload protection platforms: Cloud workload protection technologies work with both cloud infrastructure and virtual machines, providing monitoring and threat prevention features.
- SaaS security: Multiple types of security technologies are also delivered as a service from the cloud, to help secure both on-premises and cloud workloads. These solutions can include vulnerability scanning and management features.
It’s also important to note that each of the major public cloud providers (Amazon Web Services, Google Cloud Platform and Microsoft Azure) also have their own native cloud security controls and services that organizations can enable.
How to choose a cloud security technology
With the wide variety of options available for users, it can often be a confusing and time-intensive task to select an appropriate offering. When looking at cloud security, there are several key considerations:
- Scope: It’s important to understand what’s at risk and what the organization is trying to protect. Often one or more services will be needed to protect an entire cloud deployment.
- Policy Integration: Making sure that a given cloud security solution can integrate with existing policy systems, whether they are on-premises or in the cloud, is important for enabling a uniform policy for an enterprise.
- Multi-Cloud Protection: The ability to work across multiple cloud providers and different types of deployments is important, since few organizations want to be locked in to any one vendor or cloud.
Top cloud security companies
In this eSecurity Planet top companies list, we spotlight 10 vendors that offer top cloud security tools.
Value proposition for potential buyers: CloudPassage’s Halo platform is a cloud workload protection platform that is suitable for organizations of any size.
- CloudPassage Halo is a single platform with three SKUs – Halo Cloud Secure, Halo Server Secure, and Halo Container Secure. All three are licensed by usage level.
- CloudPassage offers automated security visibility and compliance monitoring for workloads that run in any on-premises, public cloud, or hybrid cloud environment.
- Features include: File integrity monitoring, software vulnerability assessment and log-based intrusion detection.
- A key differentiator for CloudPassage is the platform’s automated approach to identify when and if a given workload or configuration strays outside of the defined policies.
Note: McAfee Enterprise and FireEye are now under the Trellix name after merging last year, while the McAfee cloud business has become Skyhigh Security. As Trellix is focused on enterprise security, we expect that only Skyhigh will remain on this list once all the product branding has settled.
Value proposition for potential buyers: FireEye is well known for its incident response and investigation capabilities, but the company has been expanding into cloud security in recent years as well. FireEye’s services provide cloud server workload protection against threats.
- In October 2019, FireEye announced its FireEye Cloud Security Solution, which includes cloud versions of FireEye Network Security, Detection On Demand security scanning, and the FireEye Helix security operations platform.
- The virtual network security capability is a key differentiator for FireEye, enabling organizations to get full visibility into traffic with deep granularity.
- Threat analytics is another area of deep expertise for FireEye, with its Helix data analytics platform that benefits from the company’s Mandiant incident response expertise.
- The Detection on Demand capability enables users to apply security controls to any AWS cloud service.
Note: As we noted in the FireEye entry above, McAfee’s cloud business is now Skyhigh Security and thus the main focal point of the McAfee-FireEye cloud business.
Value proposition for potential buyers: McAfee has a broad set of cloud security capabilities, including CASB, data loss prevention (DLP) and threat prevention, that will become part of the Skyhigh Security SASE platform.
- McAfee’s MVISION cloud is partnered with Amazon Detective, which is an Amazon Web Services (AWS) offering announced at the re:invent 2019 conference that helps users analyze and identify the root cause of cloud security incidents.
- One of the core components of MVISION Cloud is its CASB capability, which McAfee gained via the acquisition of Skyhigh Networks in 2017.
- Strong data loss prevention capabilities are a key differentiator for McAfee, with policy control that extends across cloud resources.
- Cloud security risk understanding is also a key feature, with trust ratings to help inform security policies.
Value proposition for potential buyers. Lacework is a cloud workload security and compliance solution that is well suited for organizations looking for a visual approach to cloud security.
- The Polygraph feature is a key differentiator for Lacework, providing a visual representation of relationships across account roles, workloads and APIs in an attempt to deliver better context.
- Lacework provides monitoring of cloud workloads, for both compliance as well as security concerns.
- Of particular value is the automated workload intrusion detection capability that is powered by machine learning to help reduce risks
- Configuration best practices support and guidance is another key value of the platform.
Value proposition for potential buyers: The Qualys cloud platform has multiple modules that can enable different facets of cloud security, including compliance, vulnerability scanning and cloud workload protection.
- The Web Application Scanning module is a key capability for Qualys, providing automatic scanning capabilities for web apps to help detect and rank security vulnerabilities.
- Compliance is a real differentiator for Qualys, with multiple modules for different use cases, including the PCI-DSS compliance module that scan all devices to identify compliance status.
- Compliance is also about best practices, which is what the Policy Compliance module enables with automated security configuration assessments across on-premises and cloud assets.
Value proposition for potential buyers: Palo Alto Networks has one of the most comprehensive cloud native security platforms in the market, with deep capabilities to help organizations with workload security.
- The Prisma Cloud platform is a new effort that Palo Alto Networks defines as a Cloud Native Security Platform (CNSP).
- Prisma integrates components from multiple companies that Palo Alto Network has acquired in recent years, including evident.io, RedLock, PureSec and TwistLock, providing container and cloud workload policy, threat detection and control.
- Full cloud workload visibility, including serverless functions, is a key differentiator for Palo Alto, with capabilities to secure an end-to-end cloud native deployment.
- Vulnerability management and runtime protection against threats are other key values for users of the Prisma Cloud offering.
Value proposition for potential buyers: Symantec has multiple cloud security functions within its portfolio, including workload protection and CASB.
- Symantec is in the process of undergoing a number of shifts, as the enterprise business unit, which includes cloud security, was acquired by Broadcom.
- The Cloud Workload Protection suite is able to identify and evaluate security risks for workloads running in the public cloud.
- Cloud Workload Assurance is a differentiator for Symantec, with automatic compliance reporting and remediation, including the ability to benchmark security posture for a given configuration.
- The CloudSOC CASB is one of the leading cloud access security broker technologies, according to analyst firms Forrester and Gartner.
Value proposition for potential buyers: Tenable has a long history in the vulnerability management space, which now extends into the cloud to help organizations of all sizes protect their workloads.
- Tenable has multiple services on its cloud-based tenable.io platform, including web application scanning, container security and asset management.
- The key differentiator for tenable.io is the ability to identify assets and their vulnerabilities, giving organizations visibility into their cloud risk.
- The ability to identify potential misconfigurations is also an important feature.
Value proposition for potential buyers: Trend Micro is well positioned as a leader in hybrid cloud security, helping organization unify policies across both on-premises and public cloud deployments.
- The Trend Micro Cloud One platform is a robust offering that integrates workload, storage and network security as well as compliance capabilities.
- The workload security feature is a key differentiator for Trend Micro, as it extends the same policy and protection to multiple deployment modalities, including on-premises, private and public cloud workloads.
- Going beyond just threat detection, Trend Micro also provides virtual patching for vulnerabilities to help limit risks as rapidly as possible.
- Security can be codified, with templates that align with leading security standards, and can be deployed with simple AWS CloudFormation templates.
Value proposition for potential buyers: VMware has multiple capabilities for cloud security, including its secure state and Cloudhealth products.
- VMware acquired CloudHealth in 2018 and expanded it in 2019 to provide deeper integration with VMware workloads, alongside public cloud.
- CloudHealth provides cloud governance features to help organizations align security and regulatory compliance.
- VMware Secure State delivers multi-cloud security posture management that focuses on configuration security.
- Secure State is particularly good at providing insights into security risks due to connections between cloud objects and services, which can represent a great deal of risk to an organization.