Cloud security has risen to top of mind following a spate of data breaches and ransomware attacks over the last few months. With so many organizations housing data and applications in the cloud, more and more people are taking a deeper look at what exactly cloud security involves.
What is Cloud Security?
Cloud security can be something of a nebulous area. It can apply to:
- Data in the cloud
- Applications running in the cloud
- Cloud services being used by the enterprise
- Securing data that is being sent to or from the cloud
- Encryption of cloud data
- Access rights for cloud data and functions
- Authentication for the cloud
- Secure storage of data in the cloud
- Segmentation of data hosted in the cloud
Even though that is only a partial list, it makes it obvious that cloud security is not that much different from enterprise security. There are a great many avenues of access to secure as well as platforms and data repositories to safeguard.
Cloud security, then, encompasses a wide swath of the IT landscape. It includes prevention of unsanctioned access as well as detection of potentially malevolent activity. It deals with securing the perimeter, often now regarded as little more than a speed bump for attackers, as well as user education to thwart phishing and ransomware, and even backup, recovery, and disaster recovery.
Read More: What is Cloud Security Posture Management (CSPM)?
Top Cloud Security Vendors
As there are so many aspects to cloud security, it is challenging to narrow down the many vendors that cater to this security category. Therefore, this list has more entries than most other top vendor lists in an effort to cover as much ground as possible.
The Guardicore Centra security platform delivers microsegmentation controls to reduce the attack surface and detect and control breaches within east-west traffic. It protects cloud-native applications, including serverless computing and Platform as a Service (PaaS), It also offers access control, application ringfencing, and ransomware prevention and containment.
Pentera’s automated security validation platform provides visibility into vulnerabilities that adversaries and ransomware exploit to compromise assets in cloud and hybrid environments. Security teams are provided a comprehensive attack operation view to assess resilience against attacks and security control efficacy. It automates real-time penetration tests at cloud scale, performing the actions a malicious adversary would — reconnaissance, sniffing, spoofing, cracking, (harmless) malware injection, file-less exploitation, post-exploitation, lateral movement and privilege escalation — all the way to data exfiltration.
Veritas NetBackUp Recovery Vault secures data in the cloud, keeps it safe from ransomware, and prepares for disaster recovery while being able to meet compliance and governance requirements. It is cloud-based storage-as-a-service that provides a fully managed secondary storage option for NetBackup users. A UI simplifies provisioning, management, and monitoring of cloud storage resources and retention policies. Recovery Vault offers a single repository for on-premises and public cloud workloads.
Cloudian’s HyperStore object storage provides data immutability via S3 Object Lock technology. Once data is written, it can’t be changed or deleted for a user-specified time period. That data is protected from hacker encryption, and organizations can recover their data in the event of an attack. Unlike air-gap solutions that require manual intervention and may entail long recovery times, Object Lock can be part of an automated backup process.
Also read: Object Storage vs. Block Storage: Which is Right for Your Enterprise?
Quest Software’s Qorestor enables organizations to better protect against ransomware attacks, and utilize the cloud for backup, disaster recovery, and long-term retention. With deduplication, compression, and cloud-tiering capabilities, QoreStor can be run anywhere including the cloud. Added layers of protection into backup data are provided via rapid data access (RDA) immutability, and an immutable data recycle bin.
Rewind is a Software-as-a-Service (SaaS) backup and restoration tool that protects over 53 billion data points in cloud apps such as BigCommerce, GitHub, QuickBooks Online, Shopify, Shopify Plus, and Trello for customers in more than 100 countries. The platform enables companies to back up, restore, and copy critical data.
Tintri Vmstore T7000 NVMe-based systems are positioned as intelligent storage management systems. They feature AI-driven autonomous operations, app-level visibility, and real-time and predictive analytics for administrative tasks. The T7000 series leverages the same NVMe hardware used by DDN systems in demanding AI, analytics, deep learning, and high IOPS environments to provide high performance.
CrowdStrike Falcon Horizon
CrowdStrike Falcon Horizon streamlines the cloud security posture management across the application development lifecycle for any cloud. This enables users to securely deploy applications in the cloud with speed and efficiency. The cloud-native platform provides visibility into the user’s cloud infrastructure, continuous monitoring for misconfigurations and proactive threat detection. This allows DevSecOps teams to fix issues faster and be more productive.
Spectra’s Vail is a distributed multi-cloud software designed to provide universal access and placement of data across multi-site and multi-cloud storage, enabling hybrid and multi-cloud workflows. It does not matter where data is created or stored, whether in a public cloud, on-premises, a hybrid set-up or multi-cloud, because all files appear in their native format and are readily accessible and securely protected. It offers a single name space for objects, which may be located in multiple locations of varying storage types, as well as a secure, central repository for long-term data preservation and disaster recovery.
SIOS DataKeeper provides real-time data replication for disaster protection in Windows Server and Azure environments. It is a lightweight, host-based solution that minimizes the performance impact of replication on application servers and networks. It keeps copies of data synchronized across multiple servers and data centers for efficient disaster recovery. Block-level replication is used to transfer data across local and wide area networks with minimal bandwidth.
iland Secure DR-as-a-Service is built around VMware. It operates globally to protect applications from unplanned downtime. It has built-in multi-layer security, compliance credentials, visibility and management, and 24 x7 support. The company also has a Cloud Backup offering facilitated by Veeam Cloud Connect. Its recovery service can offer a RTO/RPO of up to 24 hours. The iland Secure Cloud Console provides management, control, and visibility across all iland services including public and private clouds, data protection, and disaster recovery.
Arcserve Business Continuity Cloud is cloud hosted, combining backup, availability, and email archiving. It can prevent data loss in any location, from applications and systems, at premises, and in the cloud. It aims to solve all data protection challenges as a single vendor with a data protection portfolio that can protect large and small environments. Additionally, it includes multi-cloud and cross-cloud data protection, as well as live cloud migration.
Sysdig Secure is a SaaS platform that provides unified security across containers and cloud. It is part of the Sysdig Secure DevOps platform. Security teams can use it to reduce risk with visibility across containers, hosts, Kubernetes, and cloud. It can detect and respond to threats and validate cloud posture and compliance. Additionally, it can maximize performance and availability by monitoring and troubleshooting cloud infrastructure and services.
Also read: Cloud Disaster Recovery Best Practices
Sungard Availability Services (Sungard AS) Cloud Recovery product suite delivers a fully managed, financial penalty-backed service level agreement (SLA) for physical, virtual, and IBM iSeries platforms. This fully managed service includes design, deployment, maintenance, updates, test and recovery execution. Cloud Recovery’s back-end is built on hardened cloud infrastructure with a 99.99% availability SLA and encrypted performance storage that delivers recovery for customers in an easily scalable model and a usage driven architecture.
Veeam Backup & Replication provides dedicated Microsoft Windows platform protection, migration and virtual conversion capabilities that natively offer all Veeam’s protection and recovery capabilities. It addresses endpoints, physical servers, failover clusters and other Microsoft Windows workloads, expanding beyond the typical data protection scenarios. Veeam operates across all cloud, virtual and physical workloads.
TierPoint’s Hypervisor-based replication protects virtualized production environments in any cloud. With recovery times measured in minutes, it partners with the likes of VMware, Microsoft Zerto, Nutanix, and Dell to be able to replicate from anywhere and meet any RPO or automated failover requirements. In the event of an outage, it coordinates and automates the orderly replication and recovery of the environment to Microsoft Azure using Azure Site Recovery.
FalconStor StorGuard is heterogeneous continuous replication software that operates between application servers and target storage systems to protect data. It logs every write to the server and enables a single recovery point objective (RPO) across the technology stack. It operates on-premise, in cloud, and on tape backups, and offers IT the ability to find the right mix of backup, security, and business continuity. A second copy of data can be for safety or used to migrate across arrays, data centers, colos, or public clouds.
Dell EMC PowerScale is a scale-out NAS storage system that was designed to store, protect, and share business-related information. This data lake has use cases that include IoT analytics, handling diverse data types, and streaming data with maximum ingestion speeds. It can support on-premises or cloud-based systems. The PowerScale F900, for example, is available in the cloud marketplace including options like Google cloud.
Acronis Cyber Protect Cloud and Acronis Advanced Backup enables organizations to extend cloud and server backup capabilities to protect data. Available in consumption-based or per-workload licensing models, its backup and recovery technology is enhanced with cyber protection and encryption. Available for Acronis-hosted storage as well as public clouds such as Microsoft Azure.
Syxsense Active Secure
Syxsense Active Secure is a managed service that offers vulnerability scanning, server and endpoint patch management, plus endpoint security. It enables IT to prevent cyberattacks by scanning authorization issues, security implementation, and antivirus status. IT can gain accurate data from thousands of devices in under 10 seconds.
Also read: Cyberstorage: A Proactive Approach to Storage Security
Alert Logic is a managed detection and response (MDR) provider that secures public clouds, SaaS, on-premises, and hybrid cloud environments. It provides a view of the security vulnerabilities within containerized environments by collecting and analyzing network traffic from the base host and the network traffic to, from, and between containers.
DH2i’s DxOdyssey is a Software Defined Perimeter (SDP) solution that enables secure, available, per-application connectivity between remote users, edge devices, sites, servers, and clouds. It uses Express Micro-Tunnel technology for discreet and private connectivity between distributed environments.
The Fidelis CloudPassage Halo platform provides visibility into hybrid, complex, multi-cloud environments. It gives IT teams the ability to automatically discover all cloud assets, remediate out-of-compliance cloud assets, and detect and respond to threats against cloud workloads. CloudPassage also provides cloud security posture management (CSPM).
Cohesity DataProtect offers a defense-in-depth architecture that protects organizations against ransomware. It includes immutable backups, WORM (DataLock), multi-factor authentication, granular role-based access control, two-person control, Security Advisor, and data isolation to protect the backup data and the platform. If the IT production environment becomes encrypted, it can be used to identify clean backups and recover data after an attack.
Microsoft Azure Site Recovery
Microsoft Azure Site Recovery can replicate an Azure VM to a different Azure region directly from the Azure portal. It helps to minimize recovery issues by sequencing the order of multi-tier applications running on multiple virtual machines. In addition, it can keep applications available during outages with automatic recovery.
Read next: Top Cloud Data Security Software