Cloud security tools
Many of the same tools used in on-premises environments should be used in the cloud, although cloud-specific versions of them may exist. These tools and mechanisms include encryption, IAM and single sign-on (SSO), data loss prevention (DLP), intrusion prevention and detection systems (IPSes/IDSes) and public key infrastructure (PKI).
Some cloud-specific tools include the following:
- Cloud workload protections platforms (CWPPs). A CWPP is a security mechanism designed to protect workloads – for example, VMs, applications or data – in a consistent manner.
- Cloud access security brokers ( CASBs). A CASB is a tool or service that sits between cloud customers and cloud services to enforce security policies and, as a gatekeeper, add a layer of security.
- Cloud security posture management (CSPM). CSPM is a group of security products and services that monitor cloud security and compliance issues and aim to combat cloud misconfigurations, among other features.
Secure Access Service Edge (SASE) and zero-trust network access (ZTNA) are also emerging as two popular cloud security models/frameworks.
Security as a service, often shortened to SaaS or SECaaS, is a subset of software as a service. The Cloud Security Alliance (CSA) defined 10 SECaaS categories:
- IAM
- DLP
- web security
- email security
- security assessments
- intrusion management
- security information and event management (SIEM)
- encryption
- BC/disaster recovery (BCDR)
- network security
These include services such as firewall as a service, cloud-based virtual private networks (VPNs) and key management as a service (KMaaS).