As more and more organizations use cloud services cyber security and compliance has taken center stage because the benefits of using the cloud for business-critical applications can be undermined if this leads to cyber-attacks, data breaches and compliance failure.

Cloud Security, essential for cloud adoption, was a key focus on Day Three of KuppingerCole’s 2021 European Identity and Cloud (EIC) conference, starting with the opening keynote of the day on the Journey of Digital Vaults to Cloud, exploring how the nature of vaults has transformed in the rapidly digitizing world.

“Data vaults which are expected to be located on premises, are now digital, making ownership of these vaults and access to these vaults critical functions for an organization. The Cloud hosts a lot of secrets, and this journey of vaults becoming digital and part of Cloud Environments, is nothing but fascinating,” said Anil Bhandari of ARCON TechSolutions, regarding his keynote entitled Secrets in the Clouds: The Journey of Digital Vaults to Cloud.

The theme of security in the cloud context was also reflected in the morning keynotes on Security & Identity: How Hindsight Helps Us Plan for the Future by Max Faun of Okta, and on Digital Keys and Secrets: When to Manage Them, When to Get Rid of Them by Miikka Sainio of SSH

The focus on cloud security continued throughout the day in presentations, including those on Managing Permissions Across Platforms: Cloud Infrastructure Entitlement Management (CIEM) by Matthias Reinwarth, of KuppingerCole; on Why must CISOs and security leaders let IAM drive their cloud security adoption? by Anmol Singh of Microsoft; and on Cloudification of Access Management – Lessons Learned from the Migration of a Large-scale Production System by Heiko Klarl of iC Consult Group and Stephanus Rieger of BMW.

The key to strong security in the hybrid cloud IT environment is understanding how responsibilities for security are shared between you and the CSP

— Mike Small, Senior Analyst at KuppingerCole

Because we understand how important cloud security is and because we are committed to helping your business succeed, KuppingerCole has a great deal of content in a variety of formats available.


A step-by-step guide to mitigating risks and achieving strong cloud security can be found in KuppingerCole’s Stairway to Cloud Security insight. This provides an overview of the objectives of cloud security, cloud service and deployment models, the shared responsibility model, the benefits of using cloud services, the risks, best practices, and how to find the right cloud security solution.

For an overview of the market for Cloud Access Security Brokers and guidance on finding the most appropriate product, see KuppingerCole’s Leadership Compass on Cloud Access Security Brokers or recent Market Compass on Cloud Access Security Brokers for guidance on finding the right solution so secure your organization’s use of cloud services.

Monitoring of all cloud-based software and services is one of the most effective ways of tackling cloud security. For this reason, a growing number of organizations are turning to SOC-as-a-Service providers. For an overview of this emerging market segment, see KuppingerCole’s Market Compass on SOC as a Service (SOCaaS).

In addition to cloud services that need to be secured, there is a growing market for security solutions delivered from the cloud. For an overview of cybersecurity solutions delivered from the cloud, focusing primarily on Zero Trust and Secure Access Service Edge (SASE) capabilities, see the Market Compass on Cloud-delivered Security.


We have issued several Advisory Notes on cloud security-related topics. Review the list below and choose those that meet your needs or interests:


If you would prefer to listen to our analysts speak about access management, hear what Lead Analyst Alexei Balaganski believes are the top Questions to Ask Your Cloud Provider About Security and what he has to say about Zero Trust from the Cloud.

Identity and Access Management (IAM) is an important component of IT security, and the cloud environment is no different. If your IAM doesn’t fit for hybrid multi-clouds and digital transformation needs, it is Time to Rethink, according to Principal Analyst Martin Kuppinger, while Matt Berzinki of ForgeRock offers guidance on Choosing the Right IAM solution to secure your Hybrid Cloud Environment.

Privileged Access Management is another key component of IT security. In this video presentation, Privileged Access Cloud Security: Insider Tips and Best Practices, Joseph Carson of Thycotic explains a practical approach to defining and implementing privileged cloud security best practices.


Cloud security is touched on in several blog posts by our analysts. Principal Analyst Martin Kuppinger looks at the 10 Rules for Securing the Cloud, Senior Analyst Mike Small blogs on Managing the Hybrid Multi Cloud, and in a look at future cybersecurity, Lead Analyst Alexei Balaganski look at the prospect of cybersecurity Delivered Entirely From the Cloud.

If you are interested in perspectives on offering from various vendors related to cloud security, have a look at blogs on IBM Cloud for Financial Services, on how Microsoft Azure Confidential Computing is a step forward for cloud security, and how Oracle Delivers on Earlier Cloud Promises.


Learn more about the security benefits as well as the challenges of moving IAM to the cloud in this KuppingerCole webinar on The IAM Cloud Journey or find out how to accelerate your digital transformation with this webinar on Secure and Successful Cloud Migrations.

For general cloud security information, have a look at these webinars on Security in the cloud: The 5 most important rules for a functioning security strategy in the cloud , Security in the Age of the Hybrid Multi Cloud Environment, and Making the Cloud a Secure and Easy to Use Environment

But if you are particularly interested in securing your data in the cloud, check out these webinars on Data Security in the Cloud, The Role of Data-Centric Security in the Cloud, Information Protection in Cloud Services, and Assuring and Implementing Cybersecurity and Data Protection for Public Clouds.


KuppingerCole has several whitepapers relating to the topic of cloud security:

Tech Investment

Organizations investing in technologies to promote and support cloud security, can have a look at some of the related technology solutions that we have evaluated: