Cloud security solutions are generally deployed and used to help protect workloads running in both private clouds and across the major public cloud services from cloud computing companies.
There are multiple types of cloud security solutions to help organizations reduce risk and improve security. Among them are:
- Cloud Workload Protection Platforms. Cloud workload protection technologies work with both cloud infrastructure as well as virtual machines, providing monitoring and threat prevention features.
- Cloud Access Security Brokers (CASB). Another category of cloud security solutions is often identified as Cloud Access Security Broker (CASB) platforms, which monitor activity and enforce security policies from an access perspective.
- SaaS. There is also a broad range of security tools and technologies that are delivered from the cloud, in a software-as-a-service (SaaS) model to help protect both cloud and on-premises workloads. Explore leading SaaS companies to learn about the overall SaaS market.
Cloud security solutions suites may include capabilities from both cloud workload and CASB technologies, to help provide a comprehensive set of features that secure cloud access and deployments.
What should you know when selecting a cloud security solution for your business? Take a look below:
How to Choose
It’s important to identify the workloads you need to protect and ensure that the cloud security solution provides protection features that are appropriate for the given workload.
Organizations often have on-premises directory systems; it’s important to make sure that a given cloud security solution can integrate with existing policy systems and provide a uniform policy.
Given that so many companies now use a multicloud strategy, a solution must have the ability to work in a multicloud scenario, with diverse types of deployments. Vendor lock-in is to be avoided.
Cloud security solutions come at a wide variety of price points, so it’s important that you do your research to determine what solution covers all of your needs and still meets your budget. Avoid purchasing add-ons that your organization doesn’t necessarily need, and also look out for free trial options.
Support and Customer Reviews
You can learn a lot about a security solution from the user reviews that you find online. We’ve linked to some below, but take a look at what users have to say, especially about the reliability and availability of customer support.
Seven Top Cloud Security Solution Providers
Below we outline the capabilities of seven top cloud security solution providers that can help organizations improve security posture and reduce risk. The vendors listed below cross multiple categories of cloud security solutions, including both workload protection and CASB.
Check Point CloudGuard
Symantec Cloud Workload Protection
Threat Stack Cloud Security platform
Trend Micro Cloud One
An early pioneer in providing vulnerability management solutions, Qualys has continued to grow its product offerings, now delivering cloud-based compliance and web app security tools. The software is robust enough to handle large-scale environments.
The Qualys Cloud Platform offers a single, unified platform that provides visibility into security and compliance issues for the entire enterprise. It can monitor everything from containers to endpoints to mobile devices.
A key differentiator is the Qualys Web Application Scanning tool. Available as a cloud-based service, the tool automatically deep-scans custom web apps, testing for a variety of security problems, such as SQL injection and cross-site scripting. It can prioritize and rank the security problems it finds. The tool works quickly to scan complex systems.
The software is known for its ease of deployment and its ability to offer a single solution to complex security challenges.
Check Point CloudGuard
Check Point’s CloudGuard platform has multiple capabilities to help organizations maintain consistent security policies and protect different types of cloud deployments. The platform encompasses security for both IaaS (infrastructure as a service) as well as SaaS (software as a service) cloud use cases.
A key differentiator for CloudGuard is the platform’s SmartConsole, which offers the promise of multicloud visibility for security policy and control from within a unified graphical user interface. With CloudGuard, organizations also benefit from the ability to protect workloads at the virtual machine level. This enables security policies to migrate with the workloads as they move between on-premises deployments and different cloud environments.
Ease of deployment is often highlighted by organizations as being a key benefit of the Check Point CloudGuard platform.
See our in-depth look at Check Point CloudGuard
CloudPassage Halo is a cloud workload security solution that integrates a number of differentiated capabilities into its platform.
At the core of Halo is visibility across different workloads, including both cloud and servers to identify insecure configurations and to help organizations maintain compliance with different regulatory and security policy requirements. CloudPassage takes an agent-based approach to provide visibility across different workloads and deployments.
Looking beyond visibility, key differentiators for CloudPassage Halo include the platform’s software vulnerability assessment and secure configuration assessment capabilities.
See our in-depth look at CloudPassage
Lacework provides cloud workload protection for public cloud infrastructure. The Lacework platform continuously monitors cloud deployments for changes that could be indicative of misconfigurations or potential attacks.
Alerts are ranked based on criticality and context, which is an area of differentiation for Lacework, with its polygraph feature. With Lacework’s polygraph, there is a visual representation of different cloud assets, workloads, APIs, and account roles to provide better context into how everything relates. This functionality is critical to building the right context for security.
Users of the Lacework platform also benefit from regular reporting that provides insights into best practices and risks, to help further improve cloud workload security.
See our in-depth look at Lacework
Netskope is generally categorized by analysts as a Cloud Access Security Broker (CASB), though the company’s Security Cloud platform now integrates a broad set of capabilities that go beyond just securing cloud access.
Netskope’s platform provides cloud access security, advanced threat protection, and data protection. The Data Loss Prevention (DLP) capabilities are particularly powerful, as they enable organizations to identify and protect sensitive and personally identifiable information, wherever it is in a cloud deployment.
A key differentiator for Netskope is its CloudXD technology, which provides contextual detail about activity that can be used by enterprises to better understand risks as well as overall cloud usage.
See our in-depth look at Netskope
Symantec Cloud Workload Protection
There are a number of different technologies for cloud security within the expansive Broadcom Symantec cybersecurity portfolio. Among them is Symantec Cloud Workload Protection, which can automatically discover what an organization is running across multicloud deployments.
Aside from cloud visibility, which is often a blind spot for organizations, Cloud Workload Protection integrates monitoring for unauthorized changes, file integrity, and user activity. A key differentiator is the platform’s application binary monitoring capabilities, which can identify potential corruption in application code.
Another strong key feature is the platform’s ability to help identify misconfigured cloud storage buckets, which could potentially leak corporate information.
See our in-depth look at Symantec Cloud Workload Protection
Threat Stack Cloud Security platform
Cloud visibility, monitoring, and alerting are core capabilities of the Threat Stack Cloud Security platform. The real differentiator for Threat Stack, however, is the platform’s focus on identifying cloud intrusions and then working with different tools to remediate the threat.
Tracking various threats is enabled via the dashboard, which provides insight into cloud configuration, potentially vulnerable servers, and the status of alert remediation.
Regulatory compliance with different regulatory certification efforts is another key capability of the platform, with compliance rule set templates designed to make it easier for organizations to have the right configuration and controls in place for cloud workloads.
See our in-depth look at Threat Stack Cloud Security platform
Trend Micro Cloud One Security Solution
Adding elastic security policies for cloud servers as they are deployed is among the key attributes of Trend Micro Cloud One.
If security issues are detected, Deep Security’s dashboard interface provides actionable insights to help rapidly remediate.
Among Deep Security’s key differentiators is its integration with Trend Micro’s extensive threat defense capabilities, delivering additional context about potential threats that organizations need to consider and defend against.
Cloud Security Solutions Comparison Chart
|Qualys||Regulatory and security policy compliance. Works with complex and large-scale environments.||
Deep-scans custom web apps, incl. SQL injection and cross-site scripting
|Web application scanning tool: discovers vulnerabilities and misconfigurations in web apps||On Request|
|Check Point CloudGuard||Workload security for both on-premises and cloud virtualized workloads||
Security policy control and enforcement
|SmartConsole for multi-cloud visibility||On request|
|CloudPassage Halo||Regulatory and security policy compliance||
Log-based intrusion detection
|Software vulnerability assessment and secure configuration assessment capabilities||All three versions are licensed by usage level, with automatic discounts as usage increases.|
|Lacework||Cloud workload protection for public cloud infrastructure||
Monitoring of workloads for changes
Best practice guidance for workload security
|Polygraph features for visual representation cloud assets, workloads, APIs, and account roles||Free trial available. Full pricing not publicly disclosed.|
|Netskope||Cloud Access Security Broker capabilities||
Data Loss Prevention (DLP)
|CloudXD technology provides contextual detail about activities||Contact Netskope for pricing|
|Symantec Cloud Workload Protection||Multi-cloud workload monitoring security||
User activity monitoring
File integrity monitoring
|Application binary monitoring||
SaaS Contract with Flexible Pricing.
Small 1 vCPU server at $60 per server/ year
Medium – 2 or 3 vCPU at $174.96/server/yer
Large – 4 or more vCPU at $350.04 / server/year
|Threat Stack Cloud Security Platform||Cloud intrusion prevention||
Regulatory compliance rulesets
|Remediation workflow capabilities for cloud intrusions||
Pricing is per agent per month.
Contact vendor for full details.
|Trend Micro Cloud One||Multi-cloud security detection and protection||
Host-based intrusion prevention
|Integration with broader Trend Micro threat defense capabilities||
Varies based on cloud deployment size and volume discounts.
On a single AWS large EC2 instance the estimated monthly cost is $22.