[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security?ts=markdown) 4. [What Is Cloud Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security?ts=markdown) Table of Contents * What Is Cloud Security? * [Why Is Cloud Security Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#why?ts=markdown) * [Essential Elements of a Cloud Security Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#essential?ts=markdown) * [The Three Pillars of Cloud Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#pillars?ts=markdown) * [How Does Cloud Security Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#how?ts=markdown) * [Three Categories of Cloud Service Models](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#categories?ts=markdown) * [The Shared Responsibility Model](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#model?ts=markdown) * [Top Cloud Security Risks and Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#challenges?ts=markdown) * [Cloud Security Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#tools?ts=markdown) * [Cloud Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#practices?ts=markdown) * [Cloud Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#faqs?ts=markdown) * [What Is a Cloud Service Provider?](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider?ts=markdown) * [Cloud Service Providers Explained](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider#cloud?ts=markdown) * [Types of Cloud Providers](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider#types?ts=markdown) * [Benefits of Cloud Service Providers](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider#benefits?ts=markdown) * [Challenges of Cloud Service Providers](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider#challenges?ts=markdown) * [Cloud Service Provider Platform FAQs‍](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider#faqs?ts=markdown) * [Defining Organizational Cloud Security Responsibilities](https://www.paloaltonetworks.com/cyberpedia/defining-organizational-cloud-security-responsibilities?ts=markdown) * [What Is Infrastructure as a Service?](https://www.paloaltonetworks.com/cyberpedia/what-is-infrastructure-as-a-service?ts=markdown) * [Benefits of IaaS and Security Implications](https://www.paloaltonetworks.com/cyberpedia/what-is-infrastructure-as-a-service#benefits?ts=markdown) * [Securing IaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-infrastructure-as-a-service#securing?ts=markdown) * [Infrastructure as a Service FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-infrastructure-as-a-service#faqs?ts=markdown) * [Top 3 Cloud Security Considerations](https://www.paloaltonetworks.com/cyberpedia/top-3-cloud-security-considerations?ts=markdown) * [Cloud Computing Does Not Lessen Existing Network Security Risks](https://www.paloaltonetworks.com/cyberpedia/top-3-cloud-security-considerations#https://www.paloaltonetworks.com/cyberpedia/what-is-a-data-center?ts=markdown) * [Why You Need Cloud Security](https://www.paloaltonetworks.com/cyberpedia/why-you-need-cloud-security?ts=markdown) * [17 Tips to Securely Deploy Cloud Environments](https://www.paloaltonetworks.com/cyberpedia/17-ways-to-secure-when-deploying-cloud-environments?ts=markdown) * [Four Ways to Improve Cloud Security and Compliance](https://www.paloaltonetworks.com/cyberpedia/four-ways-to-improve-cloud-security-and-compliance?ts=markdown) * [Cloud Security Glossary \& FAQs](https://www.paloaltonetworks.com/cyberpedia/cloud-security-glossary-faqs?ts=markdown) * [Cloud Deployment and Computing Models](https://www.paloaltonetworks.com/cyberpedia/cloud-security-glossary-faqs#deployment?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security-glossary-faqs#security?ts=markdown) * [Compliance in the Cloud](https://www.paloaltonetworks.com/cyberpedia/cloud-security-glossary-faqs#compliance?ts=markdown) * [Cloud Migration](https://www.paloaltonetworks.com/cyberpedia/cloud-security-glossary-faqs#migration?ts=markdown) * [Cloud-Native Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security-glossary-faqs#native?ts=markdown) * [Careers in Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security-glossary-faqs#careers?ts=markdown) * [The Changing Cloud Landscape](https://www.paloaltonetworks.com/cyberpedia/cloud-security-glossary-faqs#landscape?ts=markdown) * [How to Assess Risk in the Cloud](https://www.paloaltonetworks.com/cyberpedia/how-to-assess-risk-in-the-cloud?ts=markdown) * [Assessing Risk in the Cloud Explained](https://www.paloaltonetworks.com/cyberpedia/how-to-assess-risk-in-the-cloud#assessing?ts=markdown) * [Technical Approaches to Risk Assessment](https://www.paloaltonetworks.com/cyberpedia/how-to-assess-risk-in-the-cloud#technical?ts=markdown) * [Identifying Cloud Risks](https://www.paloaltonetworks.com/cyberpedia/how-to-assess-risk-in-the-cloud#identifying?ts=markdown) * [Assess Potential Risks](https://www.paloaltonetworks.com/cyberpedia/how-to-assess-risk-in-the-cloud#assess?ts=markdown) * [Data Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/how-to-assess-risk-in-the-cloud#faqs?ts=markdown) * [Cloud Security Is a Shared Responsibility](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility?ts=markdown) * [What Is the Shared Responsibility Model?](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility#what?ts=markdown) * [The Shared Responsibility Model Explained](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility#the?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility#cloud?ts=markdown) * [Shared Responsibility FAQs](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility#faqs?ts=markdown) * [ASPM Best Practices for Enhancing Your Security Posture](https://www.paloaltonetworks.com/cyberpedia/aspm-best-practices?ts=markdown) * [ASPM Foundations and Strategic Benefits in Cloud Environments](https://www.paloaltonetworks.com/cyberpedia/aspm-best-practices#aspm?ts=markdown) * [Establishing Centralized Visibility and Data Organization for Continuous Monitoring](https://www.paloaltonetworks.com/cyberpedia/aspm-best-practices#monitoring?ts=markdown) * [DevSecOps Culture Integration and Shift-Left Security Practices](https://www.paloaltonetworks.com/cyberpedia/aspm-best-practices#practices?ts=markdown) * [KPI Alignment and Remediation Workflows for Vulnerability Management](https://www.paloaltonetworks.com/cyberpedia/aspm-best-practices#kpi?ts=markdown) * [Advanced ASPM Optimization and Proactive Risk Management](https://www.paloaltonetworks.com/cyberpedia/aspm-best-practices#advanced?ts=markdown) * [ASPM FAQs](https://www.paloaltonetworks.com/cyberpedia/aspm-best-practices#faqs?ts=markdown) # What Is Cloud Security? 5 min. read [Download The CNAPP Buyer's Guide](https://start.paloaltonetworks.com/cnapp-buyers-guide.html) Table of Contents * * [Why Is Cloud Security Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#why?ts=markdown) * [Essential Elements of a Cloud Security Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#essential?ts=markdown) * [The Three Pillars of Cloud Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#pillars?ts=markdown) * [How Does Cloud Security Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#how?ts=markdown) * [Three Categories of Cloud Service Models](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#categories?ts=markdown) * [The Shared Responsibility Model](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#model?ts=markdown) * [Top Cloud Security Risks and Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#challenges?ts=markdown) * [Cloud Security Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#tools?ts=markdown) * [Cloud Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#practices?ts=markdown) * [Cloud Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#faqs?ts=markdown) 1. Why Is Cloud Security Important? * * [Why Is Cloud Security Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#why?ts=markdown) * [Essential Elements of a Cloud Security Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#essential?ts=markdown) * [The Three Pillars of Cloud Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#pillars?ts=markdown) * [How Does Cloud Security Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#how?ts=markdown) * [Three Categories of Cloud Service Models](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#categories?ts=markdown) * [The Shared Responsibility Model](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#model?ts=markdown) * [Top Cloud Security Risks and Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#challenges?ts=markdown) * [Cloud Security Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#tools?ts=markdown) * [Cloud Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#practices?ts=markdown) * [Cloud Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security#faqs?ts=markdown) Cloud security, or cloud computing security, is all about safeguarding the measures, technologies, processes, and policies designed to protect cloud computing systems, data, and infrastructure from cyberthreats. It ensures your data stored and processed in the cloud remains confidential, integral, and available, keeping users and organizations safe from unauthorized access, breaches, and data loss. While [cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security?ts=markdown) encompasses a broad range of protective measures for information systems, cloud security zeroes in on defending assets hosted on third-party service providers' infrastructure. ## Why Is Cloud Security Important? Cloud security protects [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown), applications, and infrastructure hosted in the cloud. As organizations increasingly use cloud computing and third-party [cloud service providers (CSPs)](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider?ts=markdown), they face unique security challenges, including [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown), unauthorized access, and regulatory compliance. * **Data Protection:** Cloud environments often store sensitive personal, financial, and intellectual property data. Cloud security measures safeguard this data from theft, loss, and unauthorized access. * **Regulatory Compliance:** Compliance standards like [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown), [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), and [PCI DSS](https://www.paloaltonetworks.com/cyberpedia/pci-dss?ts=markdown) govern many industries. Cloud security helps organizations meet these requirements, avoiding legal consequences and financial penalties. * **Mitigation of Cyberthreats:** Cloud environments are frequent targets of [cyberattacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown), including [phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown), [ransomware](https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware?ts=markdown), and DDoS attacks. Effective cloud security solutions protect against these threats, ensuring business continuity. * **Shared Responsibility Model:** In cloud computing, security is a [shared responsibility](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility?ts=markdown) between the service provider and the customer. Cloud security tools and practices enable organizations to participate in this partnership. * **Secure Remote Access:** With the rise of remote work, employees often access cloud-based systems from various locations and devices. VPNs (virtual private networks), Zero Trust network access (ZTNA), and secure gateways ensure access remains safe without compromising the organization's data. * **Maintaining Customer Trust:** Data breaches or security failures can damage a company's reputation and erode customer trust. Strong cloud security measures help maintain customer confidence and loyalty. * **Cost Efficiency:** Proactive cloud security prevents expensive data breaches and downtime, reducing long-term costs associated with incident recovery and compliance violations. Determine the best option for your organization: [CSP-Built Security Vs. Third-Party Cloud-Native Security](https://www.paloaltonetworks.com/cyberpedia/cloud-native-security-vs-3rd-party-security?ts=markdown). ## Essential Elements of a Cloud Security Strategy To grasp cloud security, you must focus on the [core tenets](https://www.paloaltonetworks.com/cyberpedia/core-tenets-of-a-cloud-native-security-platform?ts=markdown) of a strategic cloud security plan, one that involves strategies and technology to protect data, applications, and infrastructure. Key areas include: * **Data Protection:** Safeguarding data at rest, in transit, and during processing through encryption and [access controls](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown). * **[Identity and Access Management (IAM)](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown):** Ensuring only authorized users and devices can access cloud resources. * **Compliance and Governance:** Adhering to legal and regulatory requirements, such as GDPR, HIPAA, or [CCPA](https://www.paloaltonetworks.com/cyberpedia/ccpa?ts=markdown). * **Visibility:** Monitoring cloud activity to identify potential security threats through logging, auditing, and analytics tools. * **Network Security:** Protecting communication and connectivity within and between cloud environments using firewalls, intrusion detection systems (IDS), and other tools. * **Threat Detection and Prevention:** Identifying and mitigating vulnerabilities and risks through automated tools, machine learning, and threat intelligence. * **Incident Response:** Establishing procedures to address security breaches or cyberattacks effectively. * **Application Security:** Securing applications hosted in the cloud from vulnerabilities or misconfigurations. ## The Three Pillars of Cloud Security The three pillars of cloud security --- confidentiality, integrity, and availability --- provide a foundational framework for securing cloud environments. These principles, often called the CIA triad, form the backbone of cloud security and overall cybersecurity principles. ### Confidentiality Confidentiality ensures that only authorized individuals and systems can access sensitive data. This is achieved through encrypting data, using strong access controls like multifactor authentication ([MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown)) and role-based access control ([RBAC](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac?ts=markdown)), and securing APIs while applying the principle of [least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown). By safeguarding confidentiality, organizations can protect their operations and user trust. ### Integrity Integrity ensures data and systems remain accurate, reliable, and tampering-free. Organizations verify data with techniques like hashing and checksums, implement version control and backups to protect against changes, and adopt secure [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) ([DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown)) practices to ensure [application security](https://www.paloaltonetworks.com/cyberpedia/application-security?ts=markdown). ### Availability Availability ensures that cloud services, applications, and data are accessible when needed. Organizations achieve this through redundancy and failover mechanisms, implementing [distributed denial-of-service (DDoS)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) protection, and performing regular system updates and patches to mitigate vulnerabilities that could cause downtime. ## How Does Cloud Security Work? Cloud security functions across three primary environments: public, private, and hybrid. ### Public Cloud The public cloud delivers IT services over the internet. A third-party provider owns and operates the underlying infrastructure. Organizations use [public cloud services](https://www.paloaltonetworks.com/cyberpedia/cloud-security-service-cloud-storage-and-cloud-technology?ts=markdown) for various applications, including web-based solutions and data storage. These services are billed annually or based on actual usage, with costs tied to resource consumption and data traffic. In a public cloud environment, organizations share the infrastructure with other users but manage their resources through individual accounts. The public cloud offers rapid deployment of scalable applications accessible globally, eliminating the need for substantial upfront investments. ### Private Cloud A private cloud is used exclusively by a single business or organization. It can be owned, managed, and operated by the company, a third-party service provider, or both, and can be located on-premises or off-site. Private clouds offer the same benefits as public clouds, like elastic scalability and cost savings, resource availability, total control, privacy, and regulatory compliance. They're ideal for organizations with strict compliance requirements or those that demand absolute data control, such as government agencies and financial institutions. ### Hybrid Cloud A [hybrid cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-hybrid-cloud-security?ts=markdown)combines on-premises, private, and public environments while keeping them orchestrated and distinct. Data and applications can move between these environments, offering greater flexibility. Hybrid clouds are suitable for organizations extending their on-premises infrastructure with specific cloud use cases. For instance, public clouds can handle high-volume, lower-security needs like web-based applications, while private clouds manage sensitive, business-critical operations like financial reporting. Their adaptability makes hybrid clouds an attractive option for many enterprises. ## Three Categories of Cloud Service Models Cloud security requires taking a strategic approach across your organization. Adding multiple security products to solve separate problems will cause issues in the long run. As you look for cloud solutions, consider these options: * [Software as a service (SaaS)](https://www.paloaltonetworks.com/cyberpedia/what-is-saas?ts=markdown): Applications like Microsoft Office 365^®^, Box or Salesforce^®^ allow users from anywhere to access and share data easily. SaaS applications save organizations operational time and costs. * [Platform as a service (PaaS)](https://www.paloaltonetworks.com/cyberpedia/what-is-pass?ts=markdown): A service provider, such as AWS^®^ or [Azure^®^](https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series-for-azure?ts=markdown), provides the organization with the necessary infrastructure and applications. PaaS allows organizations to reduce hardware and mitigate connectivity issues they may have previously experienced. * [Infrastructure as a service (IaaS)](https://www.paloaltonetworks.com/cyberpedia/what-is-infrastructure-as-a-service?ts=markdown): Flexible cloud services allow organizations to pay a single fee based on the amount of data they need to have hosted. This is the most cost-effective way for organizations to get up and running in the cloud. Organizations may use one or all three of these types of cloud services. You should look for offerings that have a similar security strategy to that of your organization, and that provide multiple security solutions in a single platform. ## The Shared Responsibility Model The [shared responsibility model](https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility?ts=markdown) divides security responsibilities between a CSP and its customers. Organizations must align their security strategy with this model to protect their data, applications, and compliance status while leveraging cloud computing benefits. [Understanding each party's role](https://www.paloaltonetworks.com/cyberpedia/defining-organizational-cloud-security-responsibilities?ts=markdown) reduces vulnerability risks. ### CSP's Responsibilities * **Infrastructure Security:** Securing the physical infrastructure, including servers, storage, and networking. * **Software Security:** Ensuring the security of foundational services, including hypervisors and operating systems. * **Compliance:** Maintaining certifications and compliance for their infrastructure to meet standards like [SOC 2](https://www.paloaltonetworks.com/cyberpedia/soc-2?ts=markdown), ISO, GDPR, or HIPAA. ### Customer's Responsibilities * **Data Security:** Securing data stored in the cloud, including encryption and access controls. * **IAM:** Managing user identities, roles, and permissions to ensure that only authorized individuals access resources. * **Application Security:** Protecting applications, configurations, or [workloads](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown) deployed in the cloud. * **Compliance:** Ensuring usage aligns with organization-specific regulatory requirements. ![Customer's Resposibilities](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-cloud-security/customers-responsibilities.png "Customer's Resposibilities") ***Figure 1**: The cloud pyramid represents the increasing level of abstraction and decreasing control over the service, with IaaS forming the base and giving users the most control over the infrastructure.* ### Workload Responsibilities Workload responsibilities vary based on the cloud service type: * **IaaS:** CSP handles physical infrastructure and virtualization. The customer manages operating systems, applications, and data. * **PaaS:** CSP manages the platform, including infrastructure and runtime. The customer focuses on application development, configurations, and data. * **SaaS:** CSP handles infrastructure, platforms, and software. The customer is responsible for user access and data security within the software. ![Key challenges CloudSec teams face](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-cloud-security/key-challenges-cloudsec-teams-face.png "Key challenges CloudSec teams face") ***Figure 2**: Key challenges CloudSec teams face* ## Top Cloud Security Risks and Challenges Organizations face several cloud security challenges requiring strategic planning, proactive security measures, and diligent monitoring. Key challenges include: * **Sprawl:** Cloud services are easy to launch but harder to manage and consolidate in a logical way. Fast-moving teams may find themselves spinning up VMs, databases, and the like haphazardly, with no centralized management strategy in place. By extension, systematically discovering and securing all of those workloads becomes challenging. * **Shadow IT:** Along similar lines, teams or individuals may launch shadow IT, or [workloads](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown) only they know about and are not integrated with central IT management systems. These workloads are also difficult to detect and secure in a centralized fashion. * **Technical security debt:** To innovate quickly, teams may overlook weak spots in their security postures in ways that increase the time and effort they need to spend finding and fixing vulnerabilities. * **Inadequate Incident Response:** Cloud environments require specialized incident response strategies, and many organizations may lack the necessary expertise and tools to respond effectively to security incidents in the cloud. * **Third-Party Risks:** Reliance on third-party vendors and services can introduce additional vulnerabilities and complicate the security landscape. * **Resource Limitations:** Organizations may lack the budget, personnel, or expertise to effectively manage and secure their cloud environments, leading to gaps in their security posture. * **Securing Hybrid and Multicloud Environments:** Consistent security across diverse environments can prove challenging and resource-intensive. * **Rapid Evolution of Cloud Technologies:** It's vital to keep pace with innovation in cloud services and security, as outdated practices increase vulnerability to threats. *** ** * ** *** *Learn how to evaluate potential vulnerabilities and threats to your cloud infrastructure: [How to Assess Risk in the Cloud](https://www.paloaltonetworks.com/cyberpedia/how-to-assess-risk-in-the-cloud?ts=markdown).* *** ** * ** *** ## Cloud Security Tools A strong cloud security strategy involves adopting tools designed to secure cloud environments. Essential tools should provide: * Visibility into cloud application activity. * Detailed usage analytics to prevent data risk and compliance violations. * Context-aware policy controls to enforce and remediate violations. * Real-time threat intelligence to detect and prevent new malware. ### Types of Cloud Security Tools Cloud security tools protect cloud environments, applications, and data from threats, unauthorized access, and vulnerabilities. Key tools include: * **Cloud Access Security Brokers ([CASBs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-difference-between-a-traditional-casb-and-an-next-generation-casb?ts=markdown)):** Monitor and manage access to cloud applications, enforce security policies, and provide visibility into cloud usage and compliance. * **Cloud Workload Protection Platforms ([CWPPs](https://www.paloaltonetworks.com/cyberpedia/what-is-cwpp-cloud-workload-protection-platform?ts=markdown)):** Secure workloads across multicloud environments, providing runtime protection and vulnerability management. * **IAM Tools:** Ensure only authorized access to cloud resources, supporting SSO, MFA, and RBAC. * **Cloud Encryption Tools:** Encrypt data at rest, in transit, or during processing with key management services. * **Cloud Security Posture Management ([CSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown)) Tools:** Continuously monitor cloud environments for misconfigurations and compliance risks, offering automated remediation. * **Web Application Firewalls ([WAFs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-web-application-firewall?ts=markdown)):** Protect cloud-hosted web applications from threats like SQL injection and DDoS attacks. * **[Endpoint Protection](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-protection?ts=markdown) Tools:** Secure [endpoints](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown) accessing cloud resources, detecting and responding to malware and other threats. * **[Data Loss Prevention](https://www.paloaltonetworks.com/cyberpedia/what-is-data-loss-prevention-dlp?ts=markdown) (DLP) Tools:** Prevent unauthorized sharing or transferring of sensitive data. * **Intrusion Detection and Prevention Systems ([IDPS](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips?ts=markdown)):** Detect and respond to suspicious activities within cloud environments. * **Cloud Monitoring and Analytics Tools:** Provide visibility into cloud performance, usage, and security threats, enabling logging and incident analysis. ## Cloud Security Best Practices Protecting data, applications, and systems in the cloud involves following [practical security practices](https://www.paloaltonetworks.com/cyberpedia/17-ways-to-secure-when-deploying-cloud-environments?ts=markdown). Checking off the following steps helps organizations stay ahead of cyberthreats and ensures smooth, compliant business operations: * Understand shared responsibility. * Secure the perimeter. * Monitor for misconfigurations. * Use IAM practices to enforce password, device, and access management. * Enable security posture visibility. * Implement policies to prevent unauthorized application access and secure data. * Limit data access to necessary personnel to prevent leaks. * Secure your containers. * Conduct regular security audits, vulnerability scans, and timely security patches. * Adopt a Zero Trust approach for updated security policies and remote access needs. * Educate and train staff on current cloud security trends to identify suspicious behavior. * Use log management and continuous monitoring. * Conduct penetration testing. * Encrypt data to keep it secure and accessible only to authorized users. * Meet compliance requirements. * Implement an incident response plan for handling security incidents. * Secure all applications. * Maintain a resilient data security posture. * Consolidate cybersecurity solutions. * Leverage a [cloud detection and response (CDR)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-detection-and-response-cdr?ts=markdown). With these human-centric guidelines and strategic focus points, organizations can efficiently manage and secure their cloud environments, ensuring protection against evolving cyberthreats and regulatory compliance. ## Cloud Security FAQs ### What is multicloud security? Multicloud security encompasses strategies and technologies to protect data, applications, and services across multiple cloud platforms, such as AWS, Azure, and Google Cloud. It ensures consistent security policy enforcement and threat protection, despite the varying native controls of each provider. Key challenges include managing complex configurations, preventing data breaches, and maintaining visibility and compliance across diverse cloud environments. ### What is hybrid cloud security? Hybrid cloud security addresses the protection of integrated on-premises infrastructure, private clouds, and public clouds. It involves securing data transfers, managing access controls, and enforcing consistent security policies. The complexity arises from the need to protect data as it moves between different environments while also capitalizing on the scalability and flexibility of cloud resources. ### What is Zero Trust security? Zero Trust security is a strategic approach that assumes all users and devices, both inside and outside the organization's network, are potential threats. It requires strict identity verification, least privilege access, and continuous monitoring of all network traffic. Implementing Zero Trust involves segmenting the network, applying multifactor authentication, and employing real-time security analytics to detect and respond to threats. ### What is cloud security governance? Cloud security governance involves the development of policies, procedures, and controls to manage risk and ensure compliance in the cloud. It requires a framework that aligns with an organization's objectives, regulatory requirements, and security best practices. Governance strategies encompass risk assessment, incident management, and regular audits to maintain the integrity and security of cloud-based resources. ### What is cloud incident response? Cloud incident response refers to the methodologies and processes that organizations use to detect, respond to, and recover from security incidents within cloud environments. It includes preparation of response plans, swift detection of security events, containment of threats, eradication of the root cause, and recovery of services. Post-incident analysis is crucial for refining the incident response strategy and bolstering cloud defenses. ### What is cloud security architecture? Cloud security architecture is a blueprint that outlines how security controls are integrated into cloud infrastructure. It involves designing the architecture to include firewalls, intrusion detection systems, encryption, and data loss prevention mechanisms. Properly designed, it supports regulatory compliance, protects against threats, and accommodates the dynamic nature of cloud computing without sacrificing performance. ### What are cloud security frameworks? Cloud security frameworks provide standardized guidelines and best practices for securing cloud computing environments. They offer structured approaches for managing risks, implementing security controls, and maintaining compliance. Examples include the NIST Cybersecurity Framework, ISO 27017, and the Cloud Security Alliance's Cloud Controls Matrix, each tailored to address the unique challenges of cloud security management. ### What is DevSecOps in the cloud? DevSecOps in the cloud integrates security practices within the DevOps process, automating and embedding security at every phase of cloud software development and deployment. It mandates security checks during code commits, container orchestration, and infrastructure provisioning. Teams leverage automated tools for vulnerability scanning, compliance monitoring, and threat detection to reduce risk without compromising the speed of cloud service delivery. ### What is cloud security posture management (CSPM)? [Cloud security posture management (CSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) automates the identification and remediation of risks across cloud infrastructures. CSPM tools continuously scan for misconfigurations, enforce security policies, and ensure compliance with industry standards. They provide visibility into cloud assets and their configurations, enabling teams to maintain a strong security posture in dynamic cloud environments. ### What is a cloud-native application protection platform (CNAPP)? A cloud-native application protection platform (CNAPP) is an integrated suite providing comprehensive security for cloud-native applications. CNAPP combines capabilities such as CSPM, CWPP, and application security to protect cloud environments throughout the software lifecycle. It addresses risks from code to runtime, offering threat detection, vulnerability management, and compliance monitoring. ### What is a cloud access security broker (CASB)? A cloud access security broker (CASB) acts as an intermediary between users and cloud service providers to enforce security policies. CASBs offer visibility into cloud application usage, data protection, threat prevention, and compliance across multiple cloud services. They enable organizations to extend their security controls from their on-premises infrastructure to the cloud. ### What is a cloud workload protection platform (CWPP)? A cloud workload protection platform (CWPP) secures workloads across virtual machines, containers, and serverless functions in public, private, and hybrid cloud environments. CWPP solutions offer runtime protection, system integrity monitoring, network controls, and vulnerability management to safeguard workloads from threats and ensure compliance. ### What is cloud infrastructure security? Cloud infrastructure security encompasses the practices and technologies used to protect the essential components of cloud computing, including hardware, software, networking, and facilities. It involves securing virtualized environments, managing access controls, encrypting data at rest and in transit, and deploying intrusion detection systems to safeguard infrastructure against threats. ### What is cloud data protection? Cloud data protection entails safeguarding data within cloud services against corruption, compromise, and loss. It includes encryption, tokenization, access controls, and backup solutions. Security teams implement these measures to ensure data confidentiality, integrity, and availability, even as data moves between local and cloud environments. ### What is cloud compliance management? Cloud compliance management ensures that cloud services and operations adhere to regulatory standards and industry best practices. It involves regular assessments, audits, and automated controls to meet requirements of frameworks like [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown), [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), and [PCI DSS](https://www.paloaltonetworks.com/cyberpedia/pci-dss?ts=markdown). Organizations use compliance management to protect sensitive data, avoid penalties, and maintain customer trust. Related Content [Comprehensive Guide to CNAPPs Start reading the O'Reilly Cloud Native Application Protection Platforms: A Guide to CNAPPs and the Foundations of Comprehensive Cloud Security.](https://www.paloaltonetworks.com/resources/ebooks/oreilly-cnapp-cloud-security-foundations?ts=markdown) [The State of Cloud-Native Security Report Gain multi-industry intelligence to inform your cloud security strategies in our annual security report, which explores top security wins, wants, gaps and challenges.](https://www.paloaltonetworks.com/state-of-cloud-native-security?ts=markdown) [The Definitive Guide to Container Security Securing your containerized applications is a critical component of maintaining the integrity, confidentiality and availability of your cloud services.](https://www.paloaltonetworks.com/resources/ebooks/container-security-definitive-guide?ts=markdown) [The Buyer's Guide to DSPM and DDR Learn what to look for in a cloud data security provider and how DSPM and DDR can significantly enhance your organization's security posture.](https://www.paloaltonetworks.com/resources/guides/data-centric-dspm-ddr-buyers-guide?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Cloud%20Security%3F&body=Explore%20cloud%20security%20and%20understand%20its%20role%20in%20safeguarding%20data%2C%20applications%2C%20and%20networks%20across%20public%2C%20private%2C%20and%20hybrid%20cloud%20environments.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security) Back to Top [Next](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) Cloud Security {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language