Fidelis Cybersecurity
Fidelis Blog


Cloud Workload Security – Part 1: Introducing the Forrester Wave Report

An independent evaluation published by leading global research and advisory firm Forrester provides an excellent overview of the security challenges posed by the transition to cloud-based environments—and discusses the cloud workload security solutions best poised to address them.

Why is this important?

As the shift to cloud-based technology progresses, a growing number of organizations are exposed to the widening gap between traditional security coverage, and the unique needs of the cloud environment.

The enterprise of today faces a dual challenge: it must not only monitor and control the proliferation of cloud workloads, it must do so comprehensively across multiple environments, layers, and tiers.


In this blog series, we’ll offer a detailed exploration of four criteria, as defined by the report entitled The Forrester Wave™: Cloud Workload Security Q4 2019 that we think are key areas of critical importance. The Forrester report outlines the need for comprehensive solutions, designed to address the quickly shifting needs of the cloud-based environment—and presents a clear picture of the most significant providers in the space.

Using a 30-criterion evaluation, Forrester analyzed, assessed, and scored thirteen cloud workload security (CWS) providers—all focused on the protection of cloud-based data, infrastructure, and applications (including cloud-hosted servers, containers, IaaS services, and serverless compute models).

The four criteria we’ll cover in our series are:

  1. API level connectivity and API control for IaaS and PaaS. AWS, Azure, and Google Cloud Platform enable high rates of change and scalability—but you can’t secure them with traditional tools. Secure API level connectivity and control requires built-in configurations for security assurance, best practice, evaluation, monitoring, and compliance.
  2. Containerization and container orchestration platform protection. Use of containerized infrastructure requires more than just hardening of the containers themselves. Hardening of the hosting and orchestration layer is critical—as is increased visibility into containerized stacks and lifecycles.
  3. Scalability of protected cloud instances and protected containers. As instantly deployable and highly scalable infrastructure as code environments become the standard, scalability becomes a key requirement for security tooling. Rapid and dramatic increases in load often occur as customer environments burst or scale and security platforms need to adjust instantaneously to secure new assets—with zero operational overhead for the customer. Transparent and effortless security deployment and scalability are critical for a robust cloud workload security solution.
  4. Centralized Agent framework plans. Cloud environments are full of diverse assets that require appropriate agents and sensors to properly secure. A robust, unified framework is required to deploy, track, and coordinate these various agents and sensors. It must be able to rapidly deploy at arbitrary scale on a variety of systems with scattered locations—all while maintaining secure, consistent, and reliable communication. Excellent security architecture for this framework as well as the ability to self-verify, heal, and automatically update is required to provide comprehensive, adaptable, and scalable security coverage.

CloudPassage Halo was ranked by Forrester as a Strong Performer in Cloud Workload Security, receiving a score of five (5) out of five (5) in seven different criteria. In fact, we were the only offering to receive the highest scores possible in all of the four criteria outlined above.

CloudPassage Halo: a Strong Performer in Cloud Workload Security

Designed from the ground up to address the unique challenges of the cloud computing environment, Halo provides a unified, battle-tested platform.

When we launched in 2010, our ground-breaking innovations received the first-ever patents granted in the cloud security domain. Today, we safeguard cloud infrastructure for some of the world’s most-recognized brands. We’ve achieved this success by focusing on the areas of control we identified as critical to every complete cloud security solution.

In its report, Forrester advises customers to seek out cloud security solution providers which “Offer solutions for guest operating system native protection”, “Provide templatized API-level configuration management to IaaS and PaaS platforms”, and “Secure container runtimes and orchestration platforms natively”.

We believe these key factors align with the strategic components of CloudPassage Halo—and we believe that the report validates our efforts to provide a comprehensive, unified cloud security solution.

In regards to CloudPassage Halo, the Forrester report states, “We recommend the solution to those clients that need a single vendor for agent-based and agentless protections for guest OSes, AWS and Azure compute, and containers.”


We’re pleased to have been included in The Forrester Wave for Cloud Workload Security report—and believe it is an important reference for enterprises seeking to adopt a cloud workload security platform. We encourage you to leverage its insights to explore your options.

How to use the Cloud Workload Security Report
You’ll gain the most from Forrester’s efforts by reviewing the scoring models closely, to ensure they align with your own priorities and needs. Nobody knows your environment like you do.

In addition, please follow along with us as we explore in-depth each of the criteria we feel are most relevant to those seeking a comprehensive, unified cloud security solution to handle the growing needs of today’s distributed environment.

Ready to explore your options? Use the links below to learn how CloudPassage Halo delivers the best in cloud workload security.

Schedule a call with one of our cloud security experts.
Request a live demonstration of the Halo platform.
• Sign up for a free Halo trial and assess your own cloud environment.

Stay up to date on all things security

Subscribe to the Threat Geek Blog