Resources > Security Terms Glossary > What is Cloud Protection

What is Cloud Protection?

What is cloud protection?

Cloud protection is a crucial component of cloud security that consists of tools designed to reduce risks associated with cloud misconfigurations, minimize the attack surface, eliminate the threat of lateral movement, and secure data and user access to cloud apps and app-to-app communications. Built around zero trust, microsegmentation, and cloud security posture management (CSPM), cloud protection is a broad concept that aims to simplify cloud workload security and reduce risk.

In 2019, IBM reported that the cost of a data breach averaged $3.9 million globally and $8.2 million in the U.S., and the IBM X-Force Threat Intelligence Index 2020 report showed a nearly tenfold year-over-year increase in records exposed due to cloud misconfigurations. These reports indicate that cyberattacks and data breaches are not only becoming more frequent, but also more costly.

As organizations race to migrate to the cloud for its scalability, agility, and to accommodate an increasingly remote workforce, it’s essential to properly secure the migration. Rushing your cloud transformation with a “lift-and-shift” security transition from legacy data centers creates a wider attack surface, leaving your business vulnerable to attack.

A cloud protection solution helps to ensure that your data and applications are secure and properly configured to prevent application compromise and data loss, all while reducing complexity.

It isn’t so much about whether the cloud is secure… It’s mostly about how securely you are using it.


Cloud protection with a zero trust approach

Reducing complexity and ensuring seamless communication between teams is crucial to avoid application misconfiguration that could lead to a security breach. Comprehensive cloud protection requires a zero trust approach that grants access based on verified identity of users, applications and hosts, permissions, and context such as device, location, and time, ensuring the security of your network, data, and applications.

With zero trust, users are only granted access to specific applications, not the network, limiting potential threats from the outside without any of the management headaches, poor user experiences, or exposed attack surfaces that occur with traditional VPNs and flat networks inside clouds and data centers.

Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.


Enhanced app-to-app and app-to-internet connectivity and security

Site-to-site VPN requires your organization to extend your trusted network to distributed public clouds, increasing complexity, cost, and risk of lateral threat movement. Zscaler Cloud Connector provides zero trust security for workload communications--cloud-to-internet, cloud-to-cloud, and cloud-to-data center connections across hybrid and multicloud environments.

This simplified and automated connectivity to the Zscaler Zero Trust Exchange eliminates the issues that come with transit hubs and gateways, virtual firewalls, VPNs, routers, and static, network-based policies. It provides secure “any-to-any” connectivity to ensure connections between any user (employee, contractor, B2B customer, supplier, or partner), any application (SaaS, public cloud, data center), and any device (end-user system, server, IoT device, OT system) are secure and policies are enforced.

99% of cloud security incidents are the customer’s own fault. Implementing a CSPM offering will reduce cloud-related security incidents due to misconfiguration.

Gartner, 2019

The importance of cloud security posture management

Transitioning to the cloud can bring about a number of challenges, including the potential misconfiguration of cloud or SaaS apps that can leave the organization vulnerable to data exposure and compliance violations.

Zscaler CSPM continuously monitors, identifies, and automatically remediates application misconfigurations in SaaS, IaaS, and PaaS to reduce risk and ensure compliance. It also provides deep policy coverage across AWS, Azure, GCP, and SaaS with more than 3,000 pre-built policy templates and mapping to 17 major regulatory frameworks. Zscaler CSPM is part of the comprehensive, 100% cloud-delivered data protection capabilities in the unified Zscaler cloud platform.


Cloud workload protection and identity-based segmentation

IP-based network segmentation is not ideal for cloud workloads because most segments are configured to be unnecessarily open, which allows over-permissive access and allows threats to move laterally and malware to propagate. Protecting cloud workloads with identity-based microsegmentation eliminate the attack surface and stops lateral movement--delivering stronger security while simplifying operations.

Zscaler Workload Segmentation helps to segment workloads by verifying the identity of the communicating workloads and automating policy management using  machine learning. By eliminating attack surface and protecting app-to-app communication, you can dramatically simplify microsegmentation.

Learn how the comprehensive and integrated Zscaler Cloud Protection platform can secure your digital transformation.

Secure Your Cloud Workloads

Zscaler Cloud Protection
Zscaler Cloud Protection

The Four Components of Zscaler Cloud Protection

Read the data sheet
The Four Components of Zscaler Cloud Protection

Automatically Prevent Cloud Misconfigurations

Learn more about CSPM
Automatically Prevent Cloud Misconfigurations

The 2020 State of Cloud (In)Security

Read the blog
The 2020 State of Cloud (In)Security