skip to main content


We look at the technology, much of it still at an early stage of evolution, for securing applications and workloads in infrastructure- and platform-as-a-service (IaaS and PaaS) environments.


  • Where once the norm was virtual machines (VMs), the popularity of Docker and, more recently, the rise of Kubernetes, has brought containers to the fore as a more efficient and economical alternative.

Features and Benefits

  • Describes how workload formats are evolving beyond VMs, to containers and on into serverless.
  • Explains the security challenges of future workload formats.

Key questions answered

  • Which are the big security vendors already offering container security?
  • What is microsegmentatoin and how does it work?

Table of contents


  • Catalyst
  • Ovum view
  • Key messages


  • Recommendations for enterprises or service/content providers

SaaS adoption took off before IaaS and PaaS

  • Responsibility for security is shared in all cloud service types
  • SaaS was the easiest form of cloud service to adopt
  • CASB emerged to address SaaS security
  • CASB enjoys an afterlife in IaaS and PaaS with CSPM

IaaS and PaaS are growing faster than SaaS

  • PaaS is the fastest growing segment through 2021

IaaS and PaaS are the new focus for security development

  • Putting workloads into the cloud expands the attack surface
  • Microservices security requires a shift left

Vendor landscape

  • Cloud service providers are not covered here

Security industry majors

  • Check Point
  • McAfee
  • Palo Alto Networks
  • Symantec
  • Trend Micro

Microsegmentation vendors

  • Cisco (the Cisco Tetration product)
  • CloudPassage
  • Edgewise
  • Guardicore
  • Illumio

Container security vendors

  • Aqua Security
  • Sysdig

Serverless security vendors

  • Protego

Others worth watching in IaaS and PaaS security

  • Lacework
  • Qualys
  • VMware/Carbon Black


  • Methodology
  • Further reading
  • Author