A Guide To Cloud Security Technologies And Vendor Landscape

Most enterprise data centers are expected to move to the cloud by 2025, according to Gartner. Which cloud security tools and approaches will scale and work for your business as you move to public clouds?

Hundreds of security vendors claim to have the right answer for your organization. One of the first steps you can take in choosing correctly is to understand the alphabet soup of cloud security technologies and where cloud security vendors are focused.

What Are The Main Cloud Security Technology Categories?

Cloud security technology platforms align with one or more of the three main cloud disciplines: Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

The following cloud security technologies align most closely with each of those three cloud disciplines:

Software as a Service:

• Cloud Access Security Broker (CASB). One of the technologies within the Secure Access Service Edge (SASE) architecture, CASB focuses on areas including compliance risks and access control. CASB serves as an intermediary between users and cloud service providers to consolidate enforcement for multiple types of security policies such as authentication, encryption, logging, and alerting. 

• Security Service Edge (SSE). As a subset of SASE, SSE has become an overarching category on top of CASB, secure web gateway, and zero trust network access. SSE secures SaaS applications, websites, and private applications.

• SaaS Security Posture Management (SSPM). An offshoot of the CASB space, SSPM includes API-driven integrations and focuses on areas including SaaS risk assessment, configuration drift monitoring, and security control automation. 

• SaaS Management Platform (SMP). As an overall management platform, SMP provides overarching SaaS usage monitoring, data monitoring, policy management, and automation. 

Infrastructure as a Service: 

• Cloud Workload Protection Platform (CWPP). CWPP focuses on protecting any type of workload in enterprise environments, including physical servers, virtual machines, containers, and serverless workloads.

• Cloud Native Application Protection Platform (CNAPP). This integrated set of CWPP and CSPM capabilities helps identify and reduce security and compliance risks during development and production of cloud-native applications.

Platform as a Service: 

• Cloud Security Posture Management (CSPM). This toolset identifies cloud platform configuration problems and compliance risks in the cloud, gauging them against a regulatory framework or a custom check you’ve created.
• CNAPP (see above).

Cloud Security Vendors See Growth And Technology Convergence

In the increasingly competitive world of cloud security, some technology vendors have started with one technology category and then added or combined others to broaden their scopes. 

“We’ve seen a lot of consolidation and growth of the vendor spaces in these areas,” says Ken Wisniewski, Senior Security Architect at Sayers. “For example, we’ve seen huge growth of CASB vendors moving into the broader SSE platform and getting into SASE. Some CASB vendors also have begun to add internet outbound security and zero trust network access-type capabilities.” He adds:

“It’s hard to pick a single vendor that is laser-focused on just one of these areas, since almost all of them have technologies that overlap into at least one other category.”

Looking at how vendors map to the various cloud security approaches, we see some familiar faces in several places. Netskope appears for most of the categories, and Palo Alto Networks and Zscaler show up across the board.

Palo Alto Networks has built up their SSE capabilities through in-house development, and they’ve acquired several companies to cover the CWPP, CNAPP, and CSPM categories.

Orca Security has shown good traction in the CSPM and CWPP cloud security spaces, offering ease of implementation and the benefit of covering both categories.

“Orca is somewhat unique in their ability to use cloud-native data management functionality,” says Wisniewski. “Instead of using an agent to scan live data on a cloud workload that’s actively running – which potentially could impact production – they can scan the same data but do it offline without risk of delays or complications in production. But there can be a potential trade-off in terms of runtime visibility with an out-of-band scanner versus a live system scanner.”

A direct competitor to Orca is Wiz in covering the CWPP and CSPM side of cloud security. In the SMP space, Axonius offers a solution to help customers see all SaaS assets in context and better manage their IT environment.

Vendors mentioned here aren’t intended as an exhaustive list. Instead, they represent examples of how the cloud security space continues to evolve.

Align Cloud Security Decisions With Short- And Long-Term Goals

The cloud security market includes a complex mix of technologies and vendors. Doug Close, Senior Vice President of Solutions at Sayers, says: 

“This market is becoming extremely complicated and filled with many vendors making a lot of statements. There’s a lot of FUD out there, so you need experts you can trust to help navigate the cloud security landscape.”

Recommendations for any of these specific technology areas should be considered in the context of a broader roadmap. “That way, you can solve not only for your organization’s immediate needs but also align with your longer-term cloud security goals,” Wisniewski says.

Questions? Contact us at Sayers today to learn more about your cloud security options.

---