Businesses are increasingly adopting cloud services as the imperative way to embrace their digital transformation journey. By using cloud services, they are able to leverage on the latest technologies to increase productivity, reduce significant costs in terms of product ownership, operation and maintenance.
Though most businesses know the benefits that cloud services can bring, awareness around security for the cloud or cloud protection remains low due to the misconceptions surrounding it. These are usually about the security responsibility between cloud service providers and businesses themselves.
The misconception is also about the way businesses use technologies to protect cloud workloads. While protecting cloud requires a new approach, many businesses are still using legacy technologies deployed on-premises in the bid to protect their cloud assets. This is no longer effective due to the rapid changing cloud app workloads.
As cloud workloads are increasing in number and getting more complex, businesses need to have visibility into the cloud environment and fully understand what, where, and how to protect these workloads.
Increase in the number of cloud workloads indicates willingness of businesses to use cloud services. The shift from on-premise and private cloud deployment to IaaS, PaaS, or even SaaS service models gives greater flexibility and benefits to companies to focus more on their core business operations. By deploying business workloads in the cloud, companies are given the flexibility and room to adapt to the fast-changing business environments, which ultimately requires frequent changes to workloads.
A cloud workload protection (CWP) solution can be deployed in two different ways, as an agent or an API-based/ Agentless solution. Each deployment can offer advantages and disadvantages to protect workloads in the cloud. Businesses need to evaluate and prioritize needs and requirements in order to make the right decision in choosing the right deployment model for their organizations.
A powerful CWP solution is feature-rich and is able to provide multiple protection capabilities, which include but not limited to the likes of server/ instance discovery, configuration management, workload microservicization/ segmentation and tagging, hypervisor monitoring, app container protection, file integrity monitoring, malware protection, firewalling, intrusion prevention, etc. Not every CWP solution in the market right now offers a full set of these features. Some solutions are designed to manage cloud workloads configuration and monitor cloud workload activity, whereas others focus on compliance monitoring and control, monitoring network assets, identity theft protection, etc.
1. Executive Summary
- Key Findings
2. Understanding the Cloud Infrastructure
- Understanding the Cloud Infrastructure
- The Rise of Public Cloud Workloads
- The Cloud Workloads Landscape
- Typical Workloads in the Cloud
- Mounting Risks
- The Shared-responsibility Security Model
- The Failure of Legacy Security Tools
- New Requirements for Cloud Workload Protection
- CWP Architecture - Agent-based, Agent-less/API-based and Hybrid
- Cloud Workload Protection Architecture
- Hybrid Monitoring and Protection Model
- Key Features
- Market Landscape
- Vendor Profiling - Cisco Systems
- Vendor Profiling - Check Point Software Technologies
- Vendor Profiling - McAfee
- Vendor Profiling - Palo Alto Networks
- Vendor Profiling - Symantec
- Vendor Profiling - Trend Micro
- Vendor Key Capability Comparison
3. Growth Opportunities and Companies to Action
- Transformation in CWP Ecosystem
- Growth Opportunity - The need for Market Education and Collaborations with Local CSPs
- Strategic Imperatives for Success and Growth
- Legal Disclaimer
4. The Last Word
- Final Words
A selection of companies mentioned in this report includes:
- Check Point Software Technologies
- Cisco Systems
- Palo Alto Networks
- Trend Micro