What are Cloud security tools?

Cloud security tools

Many of the same tools used in on-premises environments should be used in the cloud, although cloud-specific versions of them may exist. These tools and mechanisms include encryption, IAM and single sign-on (SSO), data loss prevention (DLP), intrusion prevention and detection systems (IPSes/IDSes) and public key infrastructure (PKI).

Some cloud-specific tools include the following:

  • Cloud workload protections platforms (CWPPs). A CWPP is a security mechanism designed to protect workloads – for example, VMs, applications or data – in a consistent manner.
  • Cloud access security brokers ( CASBs). A CASB is a tool or service that sits between cloud customers and cloud services to enforce security policies and, as a gatekeeper, add a layer of security.
  • Cloud security posture management (CSPM). CSPM is a group of security products and services that monitor cloud security and compliance issues and aim to combat cloud misconfigurations, among other features.

Secure Access Service Edge (SASE) and zero-trust network access (ZTNA) are also emerging as two popular cloud security models/frameworks.

Security as a service, often shortened to SaaS or SECaaS, is a subset of software as a service. The Cloud Security Alliance (CSA) defined 10 SECaaS categories:

  1. IAM
  2. DLP
  3. web security
  4. email security
  5. security assessments
  6. intrusion management
  7. security information and event management (SIEM)
  8. encryption
  9. BC/disaster recovery (BCDR)
  10. network security

These include services such as firewall as a service, cloud-based virtual private networks (VPNs) and key management as a service (KMaaS).