Cloud data security software has risen in importance as organizations realize that they can’t rely on the large cloud providers for all their security challenges.
Cloud data security represents a major area of confusion to many. Good luck suing a cloud provider if you suffer a breach after storing all your data in the cloud. The small print makes it very clear who is responsible for what. There are enough loopholes that it is hard to pin much on the provider.
That said, cloud service providers (CSPs) do a good job securing their part of the shared responsibility model. But the customer is responsible for securing everything that they build on the cloud. But the misconception that everything is secure and taken care of on behalf of the client has led to many a rude awakening. The truth is that cloud security is a joint responsibility between the cloud provider and the customer. Cloud providers must ensure that the platforms and services they provide are secure. But it’s up to the customer to ensure they implement security measures to protect the data stored in the cloud.
Thus, the area of cloud data security has risen in importance as the number of breaches multiplies and organizations come to terms with the fact that they can’t just dump stuff into the cloud and leave everything related to security to Amazon or Google. It is critical, therefore, that the right security tools are carefully selected to protect information in the cloud.
How that data is secured is up to the organization. Approaches differ, yet typically include:
- Data masking
- Endpoint protection
- Access control
- Database protection
- Threat detection and prevention
The vendors represented in this guide cover all of the above approaches and more. Some specialize in one area, some take care of a few, and a couple provide all encompassing platforms that promise to secure everything in the cloud and on-premises.
How To Choose a Cloud Data Security Vendor
Those considering a variety of candidates for cloud data security should make sure that the solution also works with on-premise applications so end-users do not have to learn multiple products and IT teams do not have to support multiple products. Organizations should also pick a solution that is seamless and easy for end users to utilize, as the success of security depends largely on the rate of end-user adoption.
Further factors to consider:
Operating system and cloud platform support. Some tools only support one OS or are specific to certain cloud platforms. Others support all clouds, and a wide range of applications, databases, and platforms.
Pricing. Licensing models vary considerably. Some are free if you buy the hardware, some are based on the size of data sources, some are per user, and a few are not disclosed unless you contact the sales department.
- Use Cases: Key use cases for cloud data security include:
- Prevent the use of compromised credentials.
- Protect access to applications.
- Gain visibility into user and device risk.
- Block access to unhealthy or unsecure devices.
- Secure network and cloud infrastructure access.
- Safeguard data if it is compromised by rendering it unreadable.
- Automating the application of compliance and security best practices.
- Runtime self-protection of cloud applications and workloads.
- Migrating workloads to the cloud securely.
Top Cloud Data Security Software
In this Enterprise Storage Forum list of top cloud data security vendors, we spotlight the following products. There are others on the market that at least touch on the area of cloud data protection. But these are our top picks.
- Cisco Duo Security
- Sonrai Security
- Data Masque
- Synology Disk Station Manager
- McAfee Cloud Security
- Imperva Cloud Data Security
- Druva Cloud Platform
- Check Point CloudGuard
While Duo is a cloud-based product, it protects both cloud and on-premise applications, allowing organizations to implement it regardless of how their IT environments are structured – whether that is the cloud, a hybrid-cloud, or on-premises, or a combination of all of them. Users can log in with a mobile app, letting them verify their identities by approving a push notification. Duo also supports authentication methods such as U2F and biometrics.
- Ensures that only trusted users and trustworthy devices can access cloud applications and services, regardless of location.
- Uses a combination of multi-factor authentication, device health and posture checks, adaptive policies and anomalous login detection to minimize risk of a data breach due to compromised credentials and vulnerable devices.
- Duo’s adaptive authentication can limit access rights on the fly based on contextual data about the user or device requesting access, such as login location and time, device type, etc.
- The use of single sign-on and the ability to access on-premise applications without VPN provides end users with a consistent authentication experience.
- Duo has more than 25,000 paying customers worldwide, encompassing organizations of all sizes, including Bird, Facebook, Lyft, University of Michigan, Yelp, and Zillow.
- Duo supports all current operating systems and cloud platforms.
- Pricing ranges from free for a basic version and a few users, and then a few dollars per user per month rising as the feature set grows.
Sonrai Security delivers an enterprise identity and data cloud security platform for AWS, Azure, Google Cloud, and Kubernetes. The Sonrai Dig platform identifies and monitors relationships between identities and data that exists inside an organization’s public cloud.
- Eliminate and auto-remediate all identity risks inside AWS environments.
- Dig maps every trust relationship, inherited permission, and policy, for every entity in your cloud.
- Discover, classify, lockdown, and monitor key data.
- Automated workflows and governance with enterprise ready integrations.
- Supports AWS, Azure, and Google Cloud.
- Integrate with container-orchestration systems, like Kubernetes, and secret stores, like HashiCorp Vault.
- Professional Package with 10 accounts and 10 data stores is approximately $25,000.
The sole focus of DataMasque is to protect sensitive data. “Our key differentiator is our uncompromised commitment to data security hence only providing masking techniques that provide best data protection (i.e. never employ questionable masking techniques) and constantly looking for ways to guide customers to best practice data masking.”
- The main value proposition is to provide data breach protection, data privacy compliance, and maintain data sovereignty in the cloud.
- DataMasque drives irreversibilities such as instance-specific secret key, encryption in transit and no compromise on the use of questionable masking techniques. For example, most data masking software in the market provides shuffling and encryption masking techniques which are considered reversible.
- Supports Red Hat Enterprise Linux.
- Cloud agnostic.
- Provides container-based installation to streamline deployment in on-prem and public cloud environments.
- A marketplace application for the Cohesity Data Platform is available.
- Licensing is based on the total size of the unique data sources, enabling customers to mask unlimited copies of the same source databases within the same license term without incurring additional cost.
DiskStation Manager (DSM) is a web-based operation system for Synology products to help manage digital assets. It includes file sharing, file synching, data backup and NAS protection.
- Our NAS devices can function as a hybrid cloud using the DSM operating system.
- License-free software allows users to backup their preferred cloud services onto their NAS.
- The C2 cloud service lets you backup NAS data to cloud servers for backup and recovery purposes.
- Hyper Backup allows you to use both physical and cloud-based servers as backup destinations.
- Supports Windows, MacOS, and Linux.
- Supports most cloud platforms.
- NAS hardware starts at $600.
McAfee offers a range of products to protect the Cloud. This includes Unified Cloud Edge, Cloud Access Security Broker, Cloud-Native Protection Platform, Next-gen Security Web Gateway, Container Security, and Workload Protection.
- Ability to move data into Office 365, AWS, Azure, and any kind of public, private, or hybrid cloud securely.
- Unify device and cloud data protection.
- Synchronize device data loss protection with cloud services.
- Structured data encryption.
Imperva Cloud Data Security
Protection and compliance for data stores in any cloud environment. Imperva adds value via its broad support for data held in almost any database whether a modern one or a legacy database.
- Monitors disparate data stores.
- More than 60 databases supported.
- Automate sensitive data discovery and classification.
- View who is accessing sensitive information and what they are doing with it.
- Notifications of risks and incidents.
- Supports AWS, Azure, Google Cloud, and a large number of databases.
Druva offers a SaaS data protection platform that encompasses data centers, cloud applications, and endpoints. This makes it possible to security backup and recover data in the cloud, enforce governance, and adds search and analytics.
- Cloud Backup and recovery.
- Cloud disaster recovery.
- Ransomware protection.
- Remote office/branch office and endpoint backup.
- Built on AWS, but also focuses on VMware, Microsoft 365, Kubernetes, Salesforce and NAS.
CloudGuard Network Security is part of the Check Point CloudGuard Cloud Native Security Platform. It offers threat prevention, automated cloud network security, and unified security management across multi-cloud and on-premises environments.
- Advanced threat prevention of cloud assets.
- Automated network security that supports rapid deployment, workflow automation.
- Unified management across all clouds.
- Supports almost all cloud and virtualization platforms including AWS, Azure, Alibaba, IBM Cloud, Kubernetes, Oracle Cloud, VMware.
- Cloud network traffic segmentation.
- The only unified cloud native security solution with the breadth and depth of protection and threat prevention needed to secure cloud native environments.