* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Cloud Computing](https://www2.paloaltonetworks.com/blog/category/cloud-computing-2/)
* Expanding the Conversatio...

# Expanding the Conversation on Cloud Security

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2013%2F05%2Fexpanding-the-conversation-on-cloud-security%2F)  
[](https://twitter.com/share?text=Expanding+the+Conversation+on+Cloud+Security&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2013%2F05%2Fexpanding-the-conversation-on-cloud-security%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2013%2F05%2Fexpanding-the-conversation-on-cloud-security%2F&title=Expanding+the+Conversation+on+Cloud+Security&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2013/05/expanding-the-conversation-on-cloud-security/&ts=markdown)  
\[\](mailto:?subject=Expanding the Conversation on Cloud Security)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
May 16, 2013  
4 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown)  
[#AskPANW](https://www.paloaltonetworks.com/blog/tag/askpanw/?ts=markdown)  
[cloud](https://www.paloaltonetworks.com/blog/tag/cloud/?ts=markdown)  
[firewalls](https://www.paloaltonetworks.com/blog/tag/firewalls/?ts=markdown)  
[globalprotect](https://www.paloaltonetworks.com/blog/tag/globalprotect/?ts=markdown)  
[SaaS](https://www.paloaltonetworks.com/blog/tag/saas/?ts=markdown)

A few weeks ago, we walked around the show floor at InfoSec Europe and asked the crowd if they had any questions for Palo Alto Networks. One person asked "Can the Cloud be Secure?" [Alex Raistrick from Palo Alto Networks delivered a viewpoint](http://www.youtube.com/watch?v=ql8_htADg7g) about leveraging the next-generation firewall with GlobalProtect as part of a cloud security strategy. The video touched off some healthy discussion about what role the firewall plays in the cloud, so I thought I'd take this opportunity to expand on the concepts that Alex described.

Cloud security has a lot of angles, and the Cloud Security Alliance has done a good job mapping many of the different aspects back to related standards and controls. If you're interested in learning more about how deep cloud security goes, I recommend diving into the [CSA Cloud Controls Matrix.](https://cloudsecurityalliance.org/research/ccm/) Getting back to the video, the question that Alex answers has to do with how to leverage an existing next-generation firewall to provide protection for access to cloud services.

Let's take an example of internal-facing applications. In the traditional IT model, users need both network access and credentials to access an application hosted in the internal data center. In the cloud model, many internal-only applications are still Internet accessible, and that includes IaaS/PaaS, but it's especially prevalent with SaaS. Such practices increase the attack surface, since all people on the Internet, including those with hostile intentions, have network access to the application.

Why let unauthorized users attempt to authenticate at all? What we're seeing from many customers is that they are taking a different attitude towards cloud applications, and making a shift to treat cloud applications more like the internal data center. In other words, the safer practice is to restrict access to the cloud application to users on the local network, either from the LAN or coming through a VPN connection.

SaaS providers are now offering more options to restrict access to a connection coming from predefined address ranges or domains. I've also seen content providers with subscription-based websites take similar measures in order to cut down on unauthorized credential sharing. Yet another approach is to use an internally hosted authentication provider to grant access to the external application, using federation protocols such as SAML. In the PaaS model, the cloud provider offers a VPN tunnel to reach the cloud service, and disallows connections from any outside means. In IaaS, you'd be setting up your own tunnels to reach your virtual machine instances.

By treating the cloud as an extended part of your network, you can reduce the attack surface by first requiring network access to your local environment before getting access to the cloud application. With the next-generation firewall, you can further refine who can access the application using App-ID, User-ID and Content-ID. GlobalProtect fits into the picture by always keeping your users connected to the next-generation firewall, regardless of whether they are internal or external to the organization. There's no thinking about what to do, the user simply accesses the application just as they always had before.

Just like we stated at the start, the topic of cloud security covers a lot of ground. In this video, Alex discussed one approach towards making access more secure. There are many other applications of the next-generation firewall in cloud environments, including the firewalls deployed within the IaaS cloud environment itself. My colleagues will be talking about these other areas in the months to come. In the meantime, I recommend taking a look at these two links for more details about making your cloud secure with the next-generation firewall:

* [http://www.securityweek.com/your-head-cloud-compliance](http://www.securityweek.com/your-head-cloud-compliance)
* [http://media.paloaltonetworks.com/documents/embracing-fed-cloud.pdf](http://media.paloaltonetworks.com/documents/embracing-fed-cloud.pdf)

Do you have a question about network security that you'd like to ask? Tweet us at #AskPANW to join the discussion.

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Are You Google Cloud Ready?](https://www2.paloaltonetworks.com/blog/2018/08/google-cloud-ready/)

### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### New Year, New Opportunities: 2019 Channel Partner Trends](https://www2.paloaltonetworks.com/blog/2019/01/new-year-new-opportunities-2019-channel-partner-trends/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### It's Time to Bring Together Cloud Compliance and Security Analytics](https://www2.paloaltonetworks.com/blog/2018/10/time-bring-together-cloud-compliance-security-analytics/)

### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### What Partners Learned at Our First "Born in the Cloud" Boot Camp](https://www2.paloaltonetworks.com/blog/2018/08/partner-partners-learned-first-born-cloud-boot-camp/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown)

[#### Tech Docs: Improve Your Remote Work Experience with GlobalProtect App 4.1!](https://www2.paloaltonetworks.com/blog/2018/03/tech-docs-improve-remote-work-experience-globalprotect-app-4-1/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Terraform Provider for PAN-OS Now Available](https://www2.paloaltonetworks.com/blog/2018/02/terraform-provider-pan-os-now-available/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language