Virtualization Technology News and Information
Cloud Security: Understated, but Undeniable.

By Julie Huang, Senior Product Marketing Manager, Hillstone Networks

In recent years the trend toward shifting more workloads to cloud services has accelerated, driven in part by the pandemic. Industry analyst firm Gartner has estimated that the global spend on public cloud services will grow to more than $480B in 2022, an increase of nearly 50% in just two years.  This rapid adoption is powered largely by the cloud's resiliency, flexibility, scalability and velocity - allowing workloads to be set up, torn down, moved and altered as needed to meet the changing needs of business.

Traditional data security architectures, however, do not adapt well to the cloud due to their inability to scale with workloads and the difficulty of management in the dynamic cloud environment. Further, the rise in cloud adoption has not escaped the notice of hackers, who actively search for ways to compromise cloud assets. Cloud security, then, is critical for protecting cloud resources through the ability to see through comprehensive visibility, to understand by integrating and correlating data to identify potential threats, and to act by orchestrating appropriate responses across multiple security products.

Defining Cloud Security

At its simplest, cloud security aims to defend cloud infrastructure, data and applications, as well as assuring the authentication of users, the accuracy of configurations, and the overall control of cloud resources. With that said, there can be a wide variety of interpretations of what exactly constitutes ‘cloud security.'

In planning a cloud security strategy, it can be helpful to turn to a reference architecture. In the report, "How to Make Cloud More Secure Than Your Own Data Center," Gartner has proposed a hierarchical approach that provides methodical and risk-centered guidelines toward achieving a strong cloud security posture.

The approach consists of a pyramid that rests upon the absolute essentials in establishing a cloud security strategy: infrastructure configuration checks, and identity and access management (IAM). According to research by IBM and the Ponemon Institute, cloud misconfiguration and compromised credentials are the top two cloud threat vectors, accounting for 38% of all malicious breaches.

Moving into the pyramid proper, the additional layers provide much more intricate and fine-grained controls to cloud security - and further, layering these defenses provides a force multiplier. Working from the bottom up on the pyramid, the relevant cloud security mechanisms include network security; security posture management; cloud workload protection platform, web application and API protection, and cloud threat intelligence.

Together, these capabilities can provide a full-stack cloud security solution with comprehensive visibility, highly accurate threat identification, and automatic, orchestrated security responses.

Putting it into Action

There are a number of cloud security solutions to consider as you develop your overall strategy. The public cloud providers like AWS and Azure do provide certain basic security services like encryption, key management and IAM for users and devices, but to get to the next level, look into cloud workload protection platforms (CWPPs). These solutions usually provide scanning for misconfigurations, compliance baselining, risk scanning, threat detection and other services for public, private and hybrid clouds, and across virtual machines, containers, and cloud-native applications.

Micro-segmentation solutions are important for full visibility into east-west traffic. This vector can be misused by threat actors for lateral attacks between VMs. For north-south traffic, virtual NGFWs combine a powerful set of security capabilities with visibility and control.

Another vital element of a layered cloud security strategy is virtual web application firewall (vWAF) technology. vWAFs provide comprehensive security for cloud applications, web servers and APIs at both the network and application layers. Typically, these solutions provide protections against DoS/DDoS attacks, the OWASP Top 10 security risks, and botnet attacks. Some vWAFs also provide protection against web page defacement, which can damage the company's reputation and lead to lost revenues, high remediation costs and excessive downtime.

The final component, which can address the top two tiers of Gartner's pyramid example, is extended detection and response, or XDR. These AI-powered solutions leverage the entire cloud security stack to help security teams see, understand and act against multi-stage, multi-layer attacks. XDR solutions gather data from across the entire cloud security stack, normalize and correlate it, then use the resulting real-time feeds to investigate and identify potential threats and automatically orchestrate security response across the stack.


Cloud security requires a pivot from the traditional data security architectures to address the unique needs and risks of the cloud environment. By adopting a systematic and hierarchical approach and a layered security infrastructure, security professionals can achieve comprehensive visibility, rapid and accurate identification of potential threats, and an orchestrated security response for a strong cloud security posture.



Julie Huang, Senior Product Marketing Manager, Hillstone Networks


Julie has decades of experience in technical marketing and technical sales in various high-tech industries. She is also a certified Information Systems Security Professional and currently working on a few cloud certifications. Julie is a lifelong learner and enjoys learning new technologies and thinks every life opportunity (good or bad) is a learning experience. In her spare time, she enjoys hiking, traveling, and cheering on her kids in their swimming, golf, cross-country, and track and field practices and competitions. 

Published Wednesday, November 02, 2022 9:50 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>