Information Center

Learn more about CloudPassage and software-defined security with the resources below.

FEATURED ASSET

Integrating Halo with SDSec

White Paper:

Implementing Software-Defined Security with CloudPassage Halo

This paper summarizes the five architectural principles of SDSec and the ways in which CloudPassage has implemented them by building the Halo SDSec platform for cloud infrastructure.

Download Now


Solution Briefs


Compliance For Cloud Environments Simplified


Enhanced Security & Compliance for Amazon EC2


CloudPassage Halo: Software Defined Security


Automated Security and Compliance for VMware environments


Product Briefs


CloudPassage Halo Technical Overview


CloudPassage Halo Agent in Audit Mode


Use Cases

Halo for PCI Compliance

CloudPassage Halo provides a quick and easy way for e-commerce companies, to secure all of the organization's cloud servers and help with their regulatory compliance objectives. This paper describes where Halo can be applied and how it can help.

Download

Halo for SaaS Compliance

This paper describes how CloudPassage Halo can help SaaS vendors with both the security and compliance challenges of deploying servers in private, public and hybrid architectures.

Download

How RightScale Achieved PCI DSS Compliance on IaaS

RightScale - Leading Cloud Management Company Uses CloudPassage to Speed PCI DSS Compliance

Download


Case Studies

Citrix ShareFile Cloud for Healthcare

10 Days to Facilitate HIPAA Compliance

To offer the Citrix ShareFile Cloud for Healthcare, the IT team needed to meet HIPAA requirements as a Healthcare Business Associate.

Read More

Halo Protects Hundreds of Artists from Digital Download Fraud

Major Digital Entertainment Business Protects Hundreds of Artist Websites with CloudPassage Halo

Ensuring Multi-Cloud Security Is Sweet Music to this Well-Known Recording Label

Read More

Obtain defense-in-depth protection with better visibility, control, and assurance

Recently Acquired SaaS Provider Secures Its IT Infrastructure with CloudPassage Halo

Parent Company Requires Start-Up to Increase Visibility, Authentication, and Compliance to Meet Higher Corporate Security Standards

Read More

White Papers

Implementing Software-Defined Security with CloudPassage Halo

This paper summarizes the five architectural principles of SDSec and the ways in which CloudPassage has implemented them by building the Halo SDSec platform for cloud infrastructure. For a more detailed discussion of SDSec architectural principals, please review “What CSOs Need To Know About Software-Defined Security”.

Download

What CSOs Need To Know About Software-Defined Security

As traditional infrastructure delivery shifts to virtualized, abstracted, software-defined models, the concept of software-defined security becomes increasingly important for security managers and technologists.

Download

Achieving PCI DSS Peace of Mind in the Cloud

The white paper details the evolution of industry regulations for PCI compliance and how the maintain compliance while benefiting from the scale and cost-effective benefits of the cloud.

Download

Securosis Whitepaper: What CISOs Need to Know About Cloud Computing

This is one of the best high-level white papers out there on how to build a cloud security strategy. Securosis lead analyst Rich Mogull explains how the cloud doesn’t increase or decrease risks, it shifts them, and that abstraction and automation are the most important aspects of cloud that impact security. He highlights issues such as auto-scaling, server snapshots and admin credentials that create significant differences for security teams from the traditional datacenter and outlines key security strategies on how to address these shifting risks.

Download

Automating Security for Greater SaaS Success

Software-as-a-Service (SaaS) providers are enjoying considerable sales opportunity, but customer security and compliance concerns can make or break a SaaS provider’s success. To win customer trust and confidence, SaaS providers must effectively integrate security into their products. This white paper discusses the security controls needed to enable faster, better, and more reliable security and compliance for SaaS hosting infrastructure, as well as opportunities to automate those controls for efficiency and consistency.

Download

PCI Across Clouds

This white paper provides cloud teams with real-world advice on addressing PCI DSS in dynamic cloud environments. It includes guidelines on how the PCI DSS applies to cloud infrastructure, information on the shared security responsibility across cloud providers and clients, and strategies to maximize automation of security and compliance operations using a single approach across physical, virtual, and cloud servers.

Download

Cloud Servers: New Risk Considerations

This white paper from CloudPassage presents specific details on the most pertinent new risks associated with adoption of cloud IaaS. It is based on real world learning, shared by companies we have worked with, to achieve security and compliance in the cloud.

Download


Reports

Carving a path through IaaS security with CloudPassage

Security for IaaS is about more than preventing unauthorized access to instances; it is about doing an effective job at providing security and compliance services in a repeatable, manageable and scalable manner.

Download

Forrester Predictions For 2014: Cloud Computing

Cloud computing is no longer a "future" but a "now." Enterprise use is widespread, and the hybrid cloud model has arrived. Coud leverage will be both traditional and disruptive as the business and IT put cloud to work.

Download

Forrester: AWS Cloud Security

In The AWS world, security is a shared responsibility. The move to cloud will force security and risk pros to consider the options they have for securing cloud workloads.

Download

Gauntlet - A CloudPassage Report

CloudPassage report detailing the outcome of The Gauntlet, a recent capture-the-flag-style live server exploitation exercise aimed at understanding how vulnerable cloud environments are to motivated hackers.

Download

451 Research Impact Report: FIM in the Cloud

With its enhanced FIM in the cloud, CloudPassage provides users with the knowledge and assurance that data has not been altered while stored in a cloud environment. Read this report by 451 Research to learn more about CloudPassage Halo and its FIM capabilities.

Download

Understanding the Payment Card Industry Cloud SIG Guidance

Released by the PCI Council in February 2013, the PCI DSS Cloud Computing Guidelines Information Supplement finally sheds some light on how to address PCI DSS compliance concerns within cloud environments. CloudPassage not only contributed to the supplement, but has written its own report to supplement the PCI DSS guidance in an effort to assist businesses in better understanding the new PCI guidelines.

Download

Security and the Cloud 2012

This report reflects the detailed analysis of CloudPassage's 2012 Security and the Cloud survey. Survey respondents were asked a series of questions about their current cloud usage, future deployment plans, and security and compliance related concerns.

Download


Technical Guides

Halo API Developer's Guide

This document is a programmer's guide that describes all server-security operations available to you in the CloudPassage API. In addition, it serves as a detailed reference that includes sample requests, responses, and errors for all supported calls.

Download


Webcasts

Coping With Cloud Migration Challenges: Best Practices & Security Considerations

Rishi Vaish, VP of Product at RightScale and Amrit Williams, CTO at CloudPassage discuss benefits and security challenges of migrating to cloud infrastructures.

View Recording

SecDevOps: The New Black of IT

Join Andrew Storms, Senior Director of DevOps at CloudPassage and Alan Shimmel, CEO & Co-founder of DevOps.com discuss the emerging hybrid role of DevOps and Security.

View Recording

Cloud Security - Make Your CISO Successful

Join Rich Mogull, Lead Analyst at Securosis, and Nick Piagentini, Sr. Solutions Architect at CloudPassage and learn how to build a cloud security strategy that makes your CISO successful as they discuss why the cloud is different, adapting security for cloud computing principles, and a CISO cloud security checklist.

View Recording

Security and Compliance Best Practices for SaaS Providers

Join Gigaom Research, Citrix Systems, and CloudPassage in this analyst roundtable webinar discussing security best practices for SaaS providers. Key topics include: the driving need for better security in SaaS apps, scaling security with your SaaS services without taxing limited IT resources, the trends shaping the SaaS infrastructure security market today, and more.

View Recording

Comprehensive Cloud Security Requires an Automated Approach

Modern enterprise infrastructure has become a complex mix of hardware, virtualization, private cloud and public cloud. These agile environments are driving a speed and scale of change that are orders of magnitude higher than before, which the previous generation of security products were never designed to handle. A new security and compliance architecture is needed that can automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments.

View Recording

Zero to Cloud Security in 15 Minutes

Join Rich Gardner, Enterprise Solution Architect at CloudPassage as he covers the following topics:

  • New parameters for security delivery.
  • Halo platform architecture overview.
  • Demo of Halo: Zero to cloud security in 15 minutes!

View Recording

Peer Stories: How RightScale Achieved PCI Compliance on Cloud Infrastructure

In this webinar, Phil Cox, Director of Security and Compliance at RightScale, and a certified Qualified Security Assessor (QSA) from an earlier role, will explain how his organization went about the task of meeting PCI compliance in their cloud deployment. Phil will share his best practice recommendations for PCI, identify potential pitfalls to watch out for and discuss what benefits RightScale has experienced with CloudPassage Halo. Rand Wacker, VP of Products at CloudPassage will join him.

View Recording

How to build security into your SaaS infrastructure

Join Dave Shackleford, Lead Faculty at IANS and Rand Wacker, VP of Products for CloudPassage, for a free webinar on ‘Security Architectures that work for, not against, your SaaS business’. They will be covering:

  • Why static security architectures break Software-as-a-Service business models
  • What a SaaS business needs to secure its infrastructure
  • Security-as-a-Service: A new security architecture for SaaS
  • How CloudPassage Halo has helped secure SaaS business

View Recording

Addressing PCI Compliance in Hybrid Clouds

Keren Elazari, Cyber Security Industry Analyst at GigaOm Research, Rand Wacker, VP of Product at CloudPassage, and Jarret Raim, Cloud Security Product Manager at Rackspace covered the PCI Council’s “PCI DSS Cloud Computing Guidelines” information supplement and how it applies to companies working to achieve compliance with an emphasis on achieving compliance for cloud-aware environments. They also discussed the new prescriptive guidelines and how they clarify the lines of shared responsibility between the Cloud Service Provider (CSP) and their customers.

View Recording

Integrating Security into DevOps

Rand Wacker, VP of Products and Tatiana Slater, Community Manager at CloudPassage discuss how security teams can automate and integrate security into their operations across private datacenter and cloud environments using CloudPassage Halo.

View Recording

What You Need To Know About The New PCI Cloud Guidelines

Chris Brenton, Director of Security at CloudPassage and member of the PCI Council's Cloud Special Interest Group (SIG) and Dave Shackleford, VP of Research and CTO at IANS dive into the changes and implications of the new PCI cloud guidance.

View Recording

Meeting PCI DSS Requirements with AWS and CloudPassage

Carson Sweet, co-founder & CEO at CloudPassage, Ryan Holland, Ecosystem Solutions Architect at AWS, and Philip Stehlik, CTO at Taulia talk about the current security capabilities of AWS and explain how to supplement them with best practices for server deployment and cloud-capable security tools.

View Recording

PCI and the Cloud

Dave Shackleford (IANS) and Andrew Hay (CloudPassage) discuss how to be PCI compliant in the cloud, why compliance in the cloud is so hard, what the QSA really looks for, and more.

View Recording

How to Develop Software in the Cloud - Securely

Companies look to develop their software and services in a Cloud-based environment for its convenient and flexible access. However, this convenience and flexibility comes with its own risk. Listen to this pre-recorded webinar as Grant Thornton and CloudPassage discuss how to develop software in the Cloud – securely.

View Recording

Securing Servers in Public and Hybrid Clouds

Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure.

View Recording