Information Center

Learn more about CloudPassage and software-defined security with the resources below.

2015 Cloud Security Survey Report

LinkedIn Report:

Cloud Security Survey Report 2015

This paper summarizes survey findings conducted by the Information Security Group on LinkedIn.

Download Now

How can we help?

Solution Briefs

Compliance For Cloud Environments Simplified

Enhanced Security & Compliance for Amazon EC2

CloudPassage Halo: Software Defined Security

Automated Security and Compliance for VMware environments

Product Briefs

CloudPassage Overview

CloudPassage Halo Technical Overview

CloudPassage Halo Agent in Audit Mode

Use Cases

Halo for PCI Compliance

CloudPassage Halo provides a quick and easy way for e-commerce companies, to secure all of the organization's cloud servers and help with their regulatory compliance objectives. This paper describes where Halo can be applied and how it can help.


Halo for SaaS Compliance

This paper describes how CloudPassage Halo can help SaaS vendors with both the security and compliance challenges of deploying servers in private, public and hybrid architectures.


How RightScale Achieved PCI DSS Compliance on IaaS

RightScale - Leading Cloud Management Company Uses CloudPassage to Speed PCI DSS Compliance


Case Studies

Citrix ShareFile Cloud for Healthcare

10 Days to Facilitate HIPAA Compliance

To offer the Citrix ShareFile Cloud for Healthcare, the IT team needed to meet HIPAA requirements as a Healthcare Business Associate.

Read More

Halo Protects Hundreds of Artists from Digital Download Fraud

Major Digital Entertainment Business Protects Hundreds of Artist Websites with CloudPassage Halo

Ensuring Multi-Cloud Security Is Sweet Music to this Well-Known Recording Label

Read More

Obtain defense-in-depth protection with better visibility, control, and assurance

Recently Acquired SaaS Provider Secures Its IT Infrastructure with CloudPassage Halo

Parent Company Requires Start-Up to Increase Visibility, Authentication, and Compliance to Meet Higher Corporate Security Standards

Read More

White Papers

SANS Survey: State of Cybersecurity in Health Care Organizations 2014

This report covers the results of SANS 2nd Survey on the State of Information Security in Health Care Institutions. Learn what health care organizations are doing to mitigate risk as more sensitive and regulated health information is moving to the cloud.


Cloud Infrastructure Security: It’s Time to Rethink Your Strategy

It takes a new mindset to manage cloud infrastructure. And to truly reap the benefits from the cloud means that leaders must rethink their approach to infrastructure security.


Implementing Software-Defined Security with CloudPassage Halo

This paper summarizes the five architectural principles of SDSec and the ways in which CloudPassage has implemented them by building the Halo SDSec platform for cloud infrastructure. For a more detailed discussion of SDSec architectural principals, please review “What CSOs Need To Know About Software-Defined Security”.


What CSOs Need To Know About Software-Defined Security

As traditional infrastructure delivery shifts to virtualized, abstracted, software-defined models, the concept of software-defined security becomes increasingly important for security managers and technologists.


Achieving PCI DSS Peace of Mind in the Cloud

The white paper details the evolution of industry regulations for PCI compliance and how the maintain compliance while benefiting from the scale and cost-effective benefits of the cloud.


Securosis Whitepaper: What CISOs Need to Know About Cloud Computing

This is one of the best high-level white papers out there on how to build a cloud security strategy. Securosis lead analyst Rich Mogull explains how the cloud doesn’t increase or decrease risks, it shifts them, and that abstraction and automation are the most important aspects of cloud that impact security. He highlights issues such as auto-scaling, server snapshots and admin credentials that create significant differences for security teams from the traditional datacenter and outlines key security strategies on how to address these shifting risks.


Automating Security for Greater SaaS Success

Software-as-a-Service (SaaS) providers are enjoying considerable sales opportunity, but customer security and compliance concerns can make or break a SaaS provider’s success. To win customer trust and confidence, SaaS providers must effectively integrate security into their products. This white paper discusses the security controls needed to enable faster, better, and more reliable security and compliance for SaaS hosting infrastructure, as well as opportunities to automate those controls for efficiency and consistency.


PCI Across Clouds

This white paper provides cloud teams with real-world advice on addressing PCI DSS in dynamic cloud environments. It includes guidelines on how the PCI DSS applies to cloud infrastructure, information on the shared security responsibility across cloud providers and clients, and strategies to maximize automation of security and compliance operations using a single approach across physical, virtual, and cloud servers.


Cloud Servers: New Risk Considerations

This white paper from CloudPassage presents specific details on the most pertinent new risks associated with adoption of cloud IaaS. It is based on real world learning, shared by companies we have worked with, to achieve security and compliance in the cloud.



Cloud Security Survey Report 2015

This report is the result of comprehensive research in cooperation with the 250,000+ member Information Security Community on LinkedIn to explore the specific drivers and risk factors of cloud infrastructure, how organizations are using the cloud, whether the promise of the cloud is living up to the hype, and how organizations are responding to the security threats in these environments.


Carving a path through IaaS security with CloudPassage

Security for IaaS is about more than preventing unauthorized access to instances; it is about doing an effective job at providing security and compliance services in a repeatable, manageable and scalable manner.


Forrester Predictions For 2014: Cloud Computing

Cloud computing is no longer a "future" but a "now." Enterprise use is widespread, and the hybrid cloud model has arrived. Coud leverage will be both traditional and disruptive as the business and IT put cloud to work.


Forrester: AWS Cloud Security

In The AWS world, security is a shared responsibility. The move to cloud will force security and risk pros to consider the options they have for securing cloud workloads.


Gauntlet - A CloudPassage Report

CloudPassage report detailing the outcome of The Gauntlet, a recent capture-the-flag-style live server exploitation exercise aimed at understanding how vulnerable cloud environments are to motivated hackers.


451 Research Impact Report: FIM in the Cloud

With its enhanced FIM in the cloud, CloudPassage provides users with the knowledge and assurance that data has not been altered while stored in a cloud environment. Read this report by 451 Research to learn more about CloudPassage Halo and its FIM capabilities.


Understanding the Payment Card Industry Cloud SIG Guidance

Released by the PCI Council in February 2013, the PCI DSS Cloud Computing Guidelines Information Supplement finally sheds some light on how to address PCI DSS compliance concerns within cloud environments. CloudPassage not only contributed to the supplement, but has written its own report to supplement the PCI DSS guidance in an effort to assist businesses in better understanding the new PCI guidelines.


Security and the Cloud 2012

This report reflects the detailed analysis of CloudPassage's 2012 Security and the Cloud survey. Survey respondents were asked a series of questions about their current cloud usage, future deployment plans, and security and compliance related concerns.


Technical Guides

Halo API Developer's Guide

This document is a programmer's guide that describes all server-security operations available to you in the CloudPassage API. In addition, it serves as a detailed reference that includes sample requests, responses, and errors for all supported calls.



Monitoring and Enforcing Security Policy In Cloud Environments

Enterprises are deploying cloud services and applications across the enterprise, but using cloud technology can make it difficult to monitor and ensure that data security policies are enforced. In this webcast, cloud security experts will discuss methods and practices for monitoring and securing data in environments that involve multiple cloud providers or applications.

View Recording

Avoiding the Headlines: 5 Critical Security Practices to Implement Now

2014 could have easily been called, “The year of the biggest security breaches since the beginning of forever.” But given current security practices and technologies, many of the breaches could have been prevented. So why weren’t they? Tune in to find out why.

View Recording

The State of Cloud Security: 2015 Survey Results

In early 2015, members of the Information Security Group on LinkedIn launched a comprehensive survey of information security professionals on the state of cloud security.

View Recording

Cloud Security: A Path Forward

As more data and applications move into cloud infrastructure, enterprises are facing an entirely new set of security and compliance challenges. Traditional security approaches simply don’t have the automation, abstraction or scale necessary to keep up in this dynamic environment. So how do you balance the clear benefits of moving to cloud infrastructure with the perceived challenges?

View Recording

Applying the Top 20 Critical Security Controls to the Cloud

The 20 Critical Security Controls for Effective Cyber Defense (the Controls) is a list of best practices guidelines for IT security, developed and maintained by hundreds of security experts from across the public and private sectors. The list gives practical, actionable recommendations for cyber security, but do you best apply these guides to the new reality of cloud-based or virtualized infrastructures? View this webcast to learn:

  • Which Controls are particularly vital to cloud security
  • Real-life examples of how the Controls can be implemented
  • Tips for measuring your organization’s security practice against the Controls

View Recording

Coping With Cloud Migration Challenges: Best Practices & Security Considerations

Rishi Vaish, VP of Product at RightScale and Amrit Williams, CTO at CloudPassage discuss benefits and security challenges of migrating to cloud infrastructures.

View Recording

Make it Work: PCI in the Cloud

Caught in the crossroads of ensuring PCI DSS compliance and leveraging cloud services to transform your transactional business? Learn from Branden Williams, co-author of ‘PCI Compliance: Understand and Implement PCI Data Security Standards’ on how to make it work! Just as seasoned security professionals struggle to keep up with the changes in technology, QSAs and ISAs are often presented with nuances in cloud environments that don’t fit into their conventional experience. Learn how to provide rich security assurance and accountability reporting for cloud environments integrating PCI DSS into cloud business as usual.

View Recording

Security Visibility in the Cloud - Logging and Monitoring in AWS

Come join the conversation on the pros and cons of commercial and open source options available in AWS, best practices for managing logs and monitoring incidents in the Cloud, and guidance on what to log from two security leaders in the field. Learn about:

  • Making security visibility easier based on best practices
  • Yes, host-based firewall policies can improve security
  • See how a reference implementation can be done without tears

View Recording

5 Vital Signs for Healthy Cloud Security

As business continues to leverage cloud infrastructure services learn what key vital signs security professionals should use to determine the overall security wellness of cloud workloads. Hear about the trends that may change the mindset of what is good security hygiene when forced to support multi-cloud environments.

View Recording

SecDevOps: The New Black of IT

Join Andrew Storms, Senior Director of DevOps at CloudPassage and Alan Shimmel, CEO & Co-founder of discuss the emerging hybrid role of DevOps and Security.

View Recording

Cloud Security - Make Your CISO Successful

Join Rich Mogull, Lead Analyst at Securosis, and Nick Piagentini, Sr. Solutions Architect at CloudPassage and learn how to build a cloud security strategy that makes your CISO successful as they discuss why the cloud is different, adapting security for cloud computing principles, and a CISO cloud security checklist.

View Recording

Security and Compliance Best Practices for SaaS Providers

Join Gigaom Research, Citrix Systems, and CloudPassage in this analyst roundtable webinar discussing security best practices for SaaS providers. Key topics include: the driving need for better security in SaaS apps, scaling security with your SaaS services without taxing limited IT resources, the trends shaping the SaaS infrastructure security market today, and more.

View Recording

Comprehensive Cloud Security Requires an Automated Approach

Modern enterprise infrastructure has become a complex mix of hardware, virtualization, private cloud and public cloud. These agile environments are driving a speed and scale of change that are orders of magnitude higher than before, which the previous generation of security products were never designed to handle. A new security and compliance architecture is needed that can automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments.

View Recording

Zero to Cloud Security in 15 Minutes

Join Rich Gardner, Enterprise Solution Architect at CloudPassage as he covers the following topics:

  • New parameters for security delivery.
  • Halo platform architecture overview.
  • Demo of Halo: Zero to cloud security in 15 minutes!

View Recording

Peer Stories: How RightScale Achieved PCI Compliance on Cloud Infrastructure

In this webinar, Phil Cox, Director of Security and Compliance at RightScale, and a certified Qualified Security Assessor (QSA) from an earlier role, will explain how his organization went about the task of meeting PCI compliance in their cloud deployment. Phil will share his best practice recommendations for PCI, identify potential pitfalls to watch out for and discuss what benefits RightScale has experienced with CloudPassage Halo. Rand Wacker, VP of Products at CloudPassage will join him.

View Recording

How to build security into your SaaS infrastructure

Join Dave Shackleford, Lead Faculty at IANS and Rand Wacker, VP of Products for CloudPassage, for a free webinar on ‘Security Architectures that work for, not against, your SaaS business’. They will be covering:

  • Why static security architectures break Software-as-a-Service business models
  • What a SaaS business needs to secure its infrastructure
  • Security-as-a-Service: A new security architecture for SaaS
  • How CloudPassage Halo has helped secure SaaS business

View Recording

Addressing PCI Compliance in Hybrid Clouds

Keren Elazari, Cyber Security Industry Analyst at GigaOm Research, Rand Wacker, VP of Product at CloudPassage, and Jarret Raim, Cloud Security Product Manager at Rackspace covered the PCI Council’s “PCI DSS Cloud Computing Guidelines” information supplement and how it applies to companies working to achieve compliance with an emphasis on achieving compliance for cloud-aware environments. They also discussed the new prescriptive guidelines and how they clarify the lines of shared responsibility between the Cloud Service Provider (CSP) and their customers.

View Recording

Integrating Security into DevOps

Rand Wacker, VP of Products and Tatiana Slater, Community Manager at CloudPassage discuss how security teams can automate and integrate security into their operations across private datacenter and cloud environments using CloudPassage Halo.

View Recording

What You Need To Know About The New PCI Cloud Guidelines

Chris Brenton, Director of Security at CloudPassage and member of the PCI Council's Cloud Special Interest Group (SIG) and Dave Shackleford, VP of Research and CTO at IANS dive into the changes and implications of the new PCI cloud guidance.

View Recording

Meeting PCI DSS Requirements with AWS and CloudPassage

Carson Sweet, co-founder & CEO at CloudPassage, Ryan Holland, Ecosystem Solutions Architect at AWS, and Philip Stehlik, CTO at Taulia talk about the current security capabilities of AWS and explain how to supplement them with best practices for server deployment and cloud-capable security tools.

View Recording

PCI and the Cloud

Dave Shackleford (IANS) and Andrew Hay (CloudPassage) discuss how to be PCI compliant in the cloud, why compliance in the cloud is so hard, what the QSA really looks for, and more.

View Recording

How to Develop Software in the Cloud - Securely

Companies look to develop their software and services in a Cloud-based environment for its convenient and flexible access. However, this convenience and flexibility comes with its own risk. Listen to this pre-recorded webinar as Grant Thornton and CloudPassage discuss how to develop software in the Cloud – securely.

View Recording

Securing Servers in Public and Hybrid Clouds

Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure.

View Recording