Halo Login

Info Center

Featured report: What CISOs Need to Know About Cloud Computing

Not a CISO?: The Gauntlet - a live server exploitation exercise


Clouds, virtualization, and software-defined infrastructures dramatically change security capabilities. While such dynamic environments offer great benefits, security personnel must address the complex demands and compliance concerns that arise. Cloud enables new capabilities that can make protecting application workloads easier.


Solution Briefs

Halo Technical Overview

Automated Security for Amazon Web Services

CloudPassage Halo: Software Defined Security

Automated Security and Compliance for VMware environments


Use Cases

Halo for PCI Compliance

CloudPassage Halo provides a quick and easy way for e-commerce companies, to secure all of the organization's cloud servers and help with their regulatory compliance objectives. This paper describes where Halo can be applied and how it can help.

Download

Halo for SaaS Compliance

This paper describes how CloudPassage Halo can help SaaS vendors with both the security and compliance challenges of deploying servers in private, public and hybrid architectures.

Download

Halo for Media Compliance

Media companies are increasingly leveraging cloud architectures to keep up with the fluctuating usage demands of their users. Learn how CloudPassage Halo can help address security and compliance challenges.

Download

How RightScale Achieved PCI DSS Compliance on IaaS

RightScale - Leading Cloud Management Company Uses CloudPassage to Speed PCI DSS Compliance

Download


Case Studies

Citrix ShareFile Cloud for Healthcare

10 Days to Facilitate HIPAA Compliance

To offer the Citrix ShareFile Cloud for Healthcare, the IT team needed to meet HIPAA requirements as a Healthcare Business Associate.

Read More

White Papers

Securosis Whitepaper: What CISOs Need to Know About Cloud Computing

This is one of the best high-level whitepapers out there on how to build a cloud security strategy. Securosis lead analyst Rich Mogull explains how the cloud doesn’t increase or decrease risks, it shifts them, and that abstraction and automation are the most important aspects of cloud that impact security. He highlights issues such as autoscaling, server snapshots and admin credentials that create significant differences for security teams from the traditional datacenter and outlines key security strategies on how to address these shifting risks.

Download

Automating Security for Greater SaaS Success

Software-as-a-Service (SaaS) providers are enjoying considerable sales opportunity, but customer security and compliance concerns can make or break a SaaS provider’s success. To win customer trust and confidence, SaaS providers must effectively integrate security into their products. This white paper discusses the security controls needed to enable faster, better, and more reliable security and compliance for SaaS hosting infrastructure, as well as opportunities to automate those controls for efficiency and consistency.

Download

PCI Across Clouds

This white paper provides cloud teams with real-world advice on addressing PCI DSS in dynamic cloud environments. It includes guidelines on how the PCI DSS applies to cloud infrastructure, information on the shared security responsibility across cloud providers and clients, and strategies to maximize automation of security and compliance operations using a single approach across physical, virtual, and cloud servers.

Download

Cloud Servers: New Risk Considerations

This white paper from CloudPassage presents specific details on the most pertinent new risks associated with adoption of cloud IaaS. It is based on real world learning, shared by companies we have worked with, to achieve security and compliance in the cloud.

Download


Reports

Carving a path through IaaS security with CloudPassage

Security for IaaS is about more than preventing unauthorized access to instances; it is about doing an effective job at providing security and compliance services in a repeatable, manageable and scalable manner.

Download

Forrester Predictions For 2014: Cloud Computing

Cloud computing is no longer a "future" but a "now." Enterprise use is widespread, and the hybrid cloud model has arrived. Coud leverage will be both traditional and disruptive as the business and IT put cloud to work.

Download

Forrester: AWS Cloud Security

In The AWS world, security is a shared responsibility. The move to cloud will force security and risk pros to consider the options they have for securing cloud workloads.

Download

Gauntlet - A CloudPassage Report

CloudPassage report detailing the outcome of The Gauntlet, a recent capture-the-flag-style live server exploitation exercise aimed at understanding how vulnerable cloud environments are to motivated hackers.

Download

451 Research Impact Report: FIM in the Cloud

With its enhanced FIM in the cloud, CloudPassage provides users with the knowledge and assurance that data has not been altered while stored in a cloud environment. Read this report by 451 Research to learn more about CloudPassage Halo and its FIM capabilities.

Download

Understanding the Payment Card Industry Cloud SIG Guidance

Released by the PCI Council in February 2013, the PCI DSS Cloud Computing Guidelines Information Supplement finally sheds some light on how to address PCI DSS compliance concerns within cloud environments. CloudPassage not only contributed to the supplement, but has written its own report to supplement the PCI DSS guidance in an effort to assist businesses in better understanding the new PCI guidelines.

Download

Security and the Cloud 2012

This report reflects the detailed analysis of CloudPassage's 2012 Security and the Cloud survey. Survey respondents were asked a series of questions about their current cloud usage, future deployment plans, and security and compliance related concerns.

Download


Technical Guides

Halo API Developer's Guide

This document is a programmer's guide that describes all server-security operations available to you in the CloudPassage API. In addition, it serves as a detailed reference that includes sample requests, responses, and errors for all supported calls.

Download

Halo for PCI Reference Matrix

PCI and the cloud can be challenging. To make it easier for you, we have created a reference matrix that will help you understand the requirements of the PCI Data Security Standard (PCI-DSS) and how they map to the capabilities of CloudPassage Halo.

Download


Webcasts

Cloud Security - Make Your CISO Successful

Join Rich Mogull, Lead Analyst at Securosis, and Nick Piagentini, Sr. Solutions Architect at CloudPassage and learn how to build a cloud security strategy that makes your CISO successful as they discuss why the cloud is different, adapting security for cloud computing principles, and a CISO cloud security checklist.

View Recording

Security and Compliance Best Practices for SaaS Providers

Join Gigaom Research, Citrix Systems, and CloudPassage in this analyst roundtable webinar discussing security best practices for SaaS providers. Key topics include: the driving need for better security in SaaS apps, scaling security with your SaaS services without taxing limited IT resources, the trends shaping the SaaS infrastructure security market today, and more.

View Recording

Comprehensive Cloud Security Requires an Automated Approach

Modern enterprise infrastructure has become a complex mix of hardware, virtualization, private cloud and public cloud. These agile environments are driving a speed and scale of change that are orders of magnitude higher than before, which the previous generation of security products were never designed to handle. A new security and compliance architecture is needed that can automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments.

View Recording

Zero to Cloud Security in 15 Minutes

Join Harish Agastya, CloudPassage Sr. Director of Product Marketing and Ryan Thomas, CloudPassage Lead Product Manager to:

  • View a live 15-minute demonstration of using Halo to protect cloud infrastructure from start to finish.
  • Discover some of the most common vulnerabilities found in default cloud systems that Halo can detect, remediate, and monitor for.
  • Learn best practice approaches to access control, configuration management, and intrusion detection to satisfy security and compliance requirements across any infrastructure.

View Recording

Peer Stories: How RightScale Achieved PCI Compliance on Cloud Infrastructure

In this webinar, Phil Cox, Director of Security and Compliance at RightScale, and a certified Qualified Security Assessor (QSA) from an earlier role, will explain how his organization went about the task of meeting PCI compliance in their cloud deployment. Phil will share his best practice recommendations for PCI, identify potential pitfalls to watch out for and discuss what benefits RightScale has experienced with CloudPassage Halo. Rand Wacker, VP of Products at CloudPassage will join him.

View Recording

How to build security into your SaaS infrastructure

Join Dave Shackleford, Lead Faculty at IANS and Rand Wacker, VP of Products for CloudPassage, for a free webinar on ‘Security Architectures that work for, not against, your SaaS business’. They will be covering:

  • Why static security architectures break Software-as-a-Service business models
  • What a SaaS business needs to secure its infrastructure
  • Security-as-a-Service: A new security architecture for SaaS
  • How CloudPassage Halo has helped secure SaaS business

View Recording

Addressing PCI Compliance in Hybrid Clouds

Keren Elazari, Cyber Security Industry Analyst at GigaOm Research, Rand Wacker, VP of Product at CloudPassage, and Jarret Raim, Cloud Security Product Manager at Rackspace covered the PCI Council’s “PCI DSS Cloud Computing Guidelines” information supplement and how it applies to companies working to achieve compliance with an emphasis on achieving compliance for cloud-aware environments. They also discussed the new prescriptive guidelines and how they clarify the lines of shared responsibility between the Cloud Service Provider (CSP) and their customers.

View Recording

Integrating Security into DevOps

Rand Wacker, VP of Products and Tatiana Slater, Community Manager at CloudPassage discuss how security teams can automate and integrate security into their operations across private datacenter and cloud environments using CloudPassage Halo.

View Recording

What You Need To Know About The New PCI Cloud Guidelines

Chris Brenton, Director of Security at CloudPassage and member of the PCI Council's Cloud Special Interest Group (SIG) and Dave Shackleford, VP of Research and CTO at IANS dive into the changes and implications of the new PCI cloud guidance.

View Recording

Meeting PCI DSS Requirements with AWS and CloudPassage

Carson Sweet, co-founder & CEO at CloudPassage, Ryan Holland, Ecosystem Solutions Architect at AWS, and Philip Stehlik, CTO at Taulia talk about the current security capabilities of AWS and explain how to supplement them with best practices for server deployment and cloud-capable security tools.

View Recording

PCI and the Cloud

Dave Shackleford (IANS) and Andrew Hay (CloudPassage) discuss how to be PCI compliant in the cloud, why compliance in the cloud is so hard, what the QSA really looks for, and more.

View Recording

How to Develop Software in the Cloud - Securely

Companies look to develop their software and services in a Cloud-based environment for its convenient and flexible access. However, this convenience and flexibility comes with its own risk. Listen to this pre-recorded webinar as Grant Thornton and CloudPassage discuss how to develop software in the Cloud – securely.

View Recording

Securing Servers in Public and Hybrid Clouds

Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure.

View Recording