SlideShare a Scribd company logo

Technologies You Need to Safely Use the Cloud

Download as PPTX, PDF
CloudPassage, profile picture
CloudPassage

There are three main types of cloud services discussed in the document: 1) Infrastructure as a Service (IaaS) requires technologies to verify workload integrity, alert to unauthorized changes, and track incidents as the provider cannot do this. Point solutions and broader providers offer these controls. 2) Software as a Service (SaaS) presents risks if providers mishandle sensitive data or have authentication/application weaknesses exploited. Users should control access and encrypt data. 3) Governance is needed to track cloud service use, as without it companies lack visibility into how data is used and exposed. Technologies help monitor usage and set policies to mitigate risks and protect data.

TechnologyBusiness
1 of 7
Downloaded 16 times
1
2
3
4
5
6
7
Cloud Security: Technologies You Need to Safely Use the Cloud 1 Carson Sweet, CEO & Co-Founder CloudPassage
Public infrastructure as a service 2 Overview: Many companies deploy their own applications, websites and other workloads in public infrastructure as a service (IaaS) and platform as a service (PaaS) solutions because it allows for rapid access to infrastructure on demand and can scale rapidly. Risk: The security that comes with public IaaS service is not complete as it fails to protect workloads - exposing the company to compliance failures, brand damage, fines, legal liability and data theft.
Infrastructure as a service 3 Technology: There are two categories of security for public IaaS – point solutions and platform providers. Broader cloud-forward providers focus on the strategic capabilities that transcend any specific cloud provider, similar to CloudPassage's software-defined security. Point solutions only provide one or two functions; an example would be the SIEM capabilities provided by ArcSight or Splunk. These few technology providers offer a diverse group of security controls but all focus on securing the workload in the cloud. IaaS requires the ability to verify integrity of the workload, alert to unauthorized changes, and track for incidents of compromise – details that an IaaS provider would be unable to ascertain but are the responsibility of the business
Software as a service 4 Overview: SaaS providers offer ready-to-use business applications that are available on demand and can scale. Risk: SaaS providers handle sensitive business information, but your company is still ultimately responsible for its data and should perform due diligence on the SaaS providers. With SaaS, we see common routes to data theft through: 1. Attackers exploiting weak or poorly managed SaaS authentication mechanisms to gain access to user accounts. 2. Weaknesses in application functionality that allow intruders to gain a foothold or extract data. 3. Vulnerabilities of infrastructure that can be exploited.
Software as a service 5 Technologies: The two major focus areas for businesses to address regarding SaaS security are data encryption and user access control. Data encryption focuses on protecting the end- user data within the service infrastructure with companies like CipherCloud. User access control focuses on stronger authentication and more effective identity management that collectively protects access to a company's SaaS data, accounts and supporting services. Examples include OneLogin, Okta and Ping Identity.
Governance of cloud services 6 Overview: As companies use IaaS, PaaS and SaaS, they need to have mechanisms in place that will track, monitor and govern the use of these services, which is critical to companies maintaining control of information technology and protecting data assets. Risk: Without governance, there's a lack of visibility into how company data is being used, where it's being sent and the threats it's being exposed to.
Governance of cloud services 7 Technologies: The governance and utilization monitoring of cloud services is newly emerging. Companies can monitor and set granular policies regarding employee access to and usage of common SaaS, PaaS and IaaS providers, which allows them to mitigate potentially risky data handling in the cloud and cloud data loss protection. Companies can also control what can be used and done with approved cloud services and report on utilization and activity integrated with identity and access management. Examples of governance of cloud services include NetSkope and Skyhigh.

More Related Content

What's hot (19)

PPTX
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Georg Knon
 
PDF
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
Risk Analysis Consultants, s.r.o.
 
PDF
CSA SV Threat detection and prediction
Vishwas Manral
 
PPTX
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 
PPTX
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
PPTX
Pros and Cons of Moving to Cloud and Managed Services
Eagle Technologies
 
PPTX
Security for cloud native workloads
Runcy Oommen
 
PDF
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
AlgoSec
 
PDF
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
PDF
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
PDF
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Alert Logic
 
PDF
Securing Healthcare Data on AWS for HIPAA
Alert Logic
 
PPTX
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
PPTX
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
Alert Logic
 
PDF
Cloud university intel security
Ingram Micro Cloud
 
PPTX
Securing virtual workload and cloud
Himani Singh
 
PDF
SAP Cloud security overview 2.0
Rasmi Swain
 
PDF
compliance made easy. pass your audits stress-free webinar
AlgoSec
 
PPTX
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Georg Knon
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
Risk Analysis Consultants, s.r.o.
 
CSA SV Threat detection and prediction
Vishwas Manral
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
Pros and Cons of Moving to Cloud and Managed Services
Eagle Technologies
 
Security for cloud native workloads
Runcy Oommen
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
AlgoSec
 
best practices-managing_security_in_the hybrid cloud
AlgoSec
 
Migrating and Managing Security in an AWS Environment- Best Practices
shira koper
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Alert Logic
 
Securing Healthcare Data on AWS for HIPAA
Alert Logic
 
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
Alert Logic
 
Cloud university intel security
Ingram Micro Cloud
 
Securing virtual workload and cloud
Himani Singh
 
SAP Cloud security overview 2.0
Rasmi Swain
 
compliance made easy. pass your audits stress-free webinar
AlgoSec
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 

Similar to Technologies You Need to Safely Use the Cloud (20)

PDF
saassecurity-230424030940-08314322.pdf
SahilSingh316535
 
PPTX
SaaS Security.pptx
chelsi33
 
PDF
SaaS Platform Securing
Leo TechnoSoft
 
PPT
Cloud computing-security-issues
Aleem Mohammed
 
PPTX
Cloud security and cloud adoption public
John Mathon
 
PDF
Losing Control to the Cloud
Rochester Security Summit
 
PPSX
The security of SAAS and private cloud
Azure Group
 
PDF
Cloud Security - Made simple
Sameer Paradia
 
PDF
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
PPTX
What is Cloud Security, and Can I Have Some?
John Kinsella
 
PDF
Cloud_security_v2_chpater_9_s_version.pdf
alkabarala01
 
PDF
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
PPT
Cloud Computing Security
Orange Business Services
 
PPTX
talk6securingcloudamarprusty-191030091632.pptx
TrongMinhHoang1
 
PPT
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
 
PPTX
SaaS (Software-as-a-Service) as-a-secure-service
Tayyaba Farhat
 
PDF
INFORMATION SECURITY IN CLOUD COMPUTING
ijitcs
 
PDF
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
PDF
Critical_Review_of_Openstack_Security_Is.pdf
ArvindThakur69
 
PDF
Securing The Journey To The Cloud
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
saassecurity-230424030940-08314322.pdf
SahilSingh316535
 
SaaS Security.pptx
chelsi33
 
SaaS Platform Securing
Leo TechnoSoft
 
Cloud computing-security-issues
Aleem Mohammed
 
Cloud security and cloud adoption public
John Mathon
 
Losing Control to the Cloud
Rochester Security Summit
 
The security of SAAS and private cloud
Azure Group
 
Cloud Security - Made simple
Sameer Paradia
 
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
What is Cloud Security, and Can I Have Some?
John Kinsella
 
Cloud_security_v2_chpater_9_s_version.pdf
alkabarala01
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
Cloud Computing Security
Orange Business Services
 
talk6securingcloudamarprusty-191030091632.pptx
TrongMinhHoang1
 
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
 
SaaS (Software-as-a-Service) as-a-secure-service
Tayyaba Farhat
 
INFORMATION SECURITY IN CLOUD COMPUTING
ijitcs
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
Critical_Review_of_Openstack_Security_Is.pdf
ArvindThakur69
 
Securing The Journey To The Cloud
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Ad

More from CloudPassage (17)

PPTX
CloudPassage Careers
CloudPassage
 
PPTX
Transforming the CSO Role to Business Enabler
CloudPassage
 
PPTX
SecDevOps: The New Black of IT
CloudPassage
 
PPTX
Comprehensive Cloud Security Requires an Automated Approach
CloudPassage
 
PPTX
Security that works with, not against, your SaaS business
CloudPassage
 
PPTX
Integrating Security into DevOps
CloudPassage
 
PDF
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
PPTX
What You Haven't Heard (Yet) About Cloud Security
CloudPassage
 
PPTX
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
 
PPTX
Delivering Secure OpenStack IaaS for SaaS Products
CloudPassage
 
PPTX
CloudPassage Overview
CloudPassage
 
PPTX
PCI and the Cloud
CloudPassage
 
PDF
Halo Installfest Slides
CloudPassage
 
PPTX
Automating Security for the Cloud - Make it Easy, Make it Safe
CloudPassage
 
PPTX
BSides SF - Automating Security for the Cloud
CloudPassage
 
PPTX
Securing Your Cloud Servers with Halo NetSec
CloudPassage
 
PPTX
BayThreat Why The Cloud Changes Everything
CloudPassage
 
CloudPassage Careers
CloudPassage
 
Transforming the CSO Role to Business Enabler
CloudPassage
 
SecDevOps: The New Black of IT
CloudPassage
 
Comprehensive Cloud Security Requires an Automated Approach
CloudPassage
 
Security that works with, not against, your SaaS business
CloudPassage
 
Integrating Security into DevOps
CloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
What You Haven't Heard (Yet) About Cloud Security
CloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
CloudPassage
 
CloudPassage Overview
CloudPassage
 
PCI and the Cloud
CloudPassage
 
Halo Installfest Slides
CloudPassage
 
Automating Security for the Cloud - Make it Easy, Make it Safe
CloudPassage
 
BSides SF - Automating Security for the Cloud
CloudPassage
 
Securing Your Cloud Servers with Halo NetSec
CloudPassage
 
BayThreat Why The Cloud Changes Everything
CloudPassage
 
Ad

Recently uploaded (20)

PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
Build with AI and GDG Cloud Bydgoszcz- ADK .pdf
jaroslawgajewski1
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PPTX
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
RAT Builders - How to Catch Them All [DeepSec 2024]
malmoeb
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PPTX
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
Researching The Best Chat SDK Providers in 2025
Ray Fields
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PPTX
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
Build with AI and GDG Cloud Bydgoszcz- ADK .pdf
jaroslawgajewski1
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
RAT Builders - How to Catch Them All [DeepSec 2024]
malmoeb
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Researching The Best Chat SDK Providers in 2025
Ray Fields
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 

Technologies You Need to Safely Use the Cloud

  • 1. Cloud Security: Technologies You Need to Safely Use the Cloud 1 Carson Sweet, CEO & Co-Founder CloudPassage
  • 2. Public infrastructure as a service 2 Overview: Many companies deploy their own applications, websites and other workloads in public infrastructure as a service (IaaS) and platform as a service (PaaS) solutions because it allows for rapid access to infrastructure on demand and can scale rapidly. Risk: The security that comes with public IaaS service is not complete as it fails to protect workloads - exposing the company to compliance failures, brand damage, fines, legal liability and data theft.
  • 3. Infrastructure as a service 3 Technology: There are two categories of security for public IaaS – point solutions and platform providers. Broader cloud-forward providers focus on the strategic capabilities that transcend any specific cloud provider, similar to CloudPassage's software-defined security. Point solutions only provide one or two functions; an example would be the SIEM capabilities provided by ArcSight or Splunk. These few technology providers offer a diverse group of security controls but all focus on securing the workload in the cloud. IaaS requires the ability to verify integrity of the workload, alert to unauthorized changes, and track for incidents of compromise – details that an IaaS provider would be unable to ascertain but are the responsibility of the business
  • 4. Software as a service 4 Overview: SaaS providers offer ready-to-use business applications that are available on demand and can scale. Risk: SaaS providers handle sensitive business information, but your company is still ultimately responsible for its data and should perform due diligence on the SaaS providers. With SaaS, we see common routes to data theft through: 1. Attackers exploiting weak or poorly managed SaaS authentication mechanisms to gain access to user accounts. 2. Weaknesses in application functionality that allow intruders to gain a foothold or extract data. 3. Vulnerabilities of infrastructure that can be exploited.
  • 5. Software as a service 5 Technologies: The two major focus areas for businesses to address regarding SaaS security are data encryption and user access control. Data encryption focuses on protecting the end- user data within the service infrastructure with companies like CipherCloud. User access control focuses on stronger authentication and more effective identity management that collectively protects access to a company's SaaS data, accounts and supporting services. Examples include OneLogin, Okta and Ping Identity.
  • 6. Governance of cloud services 6 Overview: As companies use IaaS, PaaS and SaaS, they need to have mechanisms in place that will track, monitor and govern the use of these services, which is critical to companies maintaining control of information technology and protecting data assets. Risk: Without governance, there's a lack of visibility into how company data is being used, where it's being sent and the threats it's being exposed to.
  • 7. Governance of cloud services 7 Technologies: The governance and utilization monitoring of cloud services is newly emerging. Companies can monitor and set granular policies regarding employee access to and usage of common SaaS, PaaS and IaaS providers, which allows them to mitigate potentially risky data handling in the cloud and cloud data loss protection. Companies can also control what can be used and done with approved cloud services and report on utilization and activity integrated with identity and access management. Examples of governance of cloud services include NetSkope and Skyhigh.