CISOs and CIOs are dealing with a plethora of cloud security challenges across the development and operations lifecycles. According to our survey, 98% of companies experienced some kind of cloud-related security breach in the past 18 months. Today, enterprises attempt to close these gaps by implementing a variety of tools, each answering a specific risk. Some tools take a “shift left” security approach by focusing on developers and DevSecOps, while others address runtime aspects like infrastructure and configurations. Yet a third group deals with access management, and there are more.
This dispersed tool approach is time consuming, creates friction between Security and Development, as well as overhead, and forces teams to work in silos. In addition, misconfigurations between tools that are stitched together could increase the attack surface by creating vulnerabilities. With the limitations of the current tools, enterprises cannot successfully implement cloud-native security.
Vendors have identified this gap. They are now attempting to address the market’s needs by offering hybrid solutions that answer both control and data plane risks. By using a single converged tool with multiple security capabilities for applications and services, enterprises can reduce risk, overhead and operational costs.
Gartner has identified this lifecycle approach trend and need, and created a new category to define it: CNAPP.
Cloud Native Application Protection Platforms (CNAPP) are cloud security platforms that consolidate and integrate multiple security and compliance capabilities into one. A term coined by Gartner, CNAPP is a new type of cloud security platform that secures cloud-native applications from development to production, while reducing friction and mitigating risks that result from tool silos.
CNAPP is an integration of tools and capabilities designed to secure cloud-native applications from development to production. Let’s break down CNAPP into its components.
It’s important to note that CNAPP is more than a stitching together of all these capabilities. By combining user behavior data from the cloud and from workloads, CNAPP provides advanced insights that could improve detection rates and reduce false positives. These insights can be generated, for example, by correlating posture misconfigurations with workload alerts or with over entitlement.
CNAPP is designed to ensure:
Despite the hype and the promise, CNAPP is still more of a hypothetical category than an actual tool vendors are offering. The category is still emerging, and tools do not yet provide all the converged capabilities, despite what some vendors may promise.
However, since the risks of cloud security are not hypothetical, it is recommended to take action and build your organization and its tooling to be ready for CNAPP. This includes creating a cloud security plan and researching vendors with capabilities that offer a strong basis for CNAPP while evaluating their offerings. In addition, keep on continuously scanning artifacts, containers and Kubernetes to identify vulnerabilities and malware. This is an emerging market, so we expect to see more vendors offering these capabilities soon. As Gartner notes, focus on solutions that are well integrated, prioritize risk to avoid wasting time and include cloud configuration awareness.
The post Cloud Native Application Protection Platform (CNAPP): An Evolving Approach to Cloud Security appeared first on Ermetic.
*** This is a Security Bloggers Network syndicated blog from Ermetic authored by Ermetic Team. Read the original post at: https://ermetic.com/blog/cloud/cloud-native-application-protection-platform-cnapp-an-evolving-approach-to-cloud-security/
Understanding ITDR and ISPM In the cybersecurity world, two emerging identity-centric categories promise to provide... The post ITDR vs ISPM:…
Remember the old saying: “You can’t protect what you can’t see”? When I started preaching about it as part of…
Penetration testing, or pen testing for short, is a critical way to protect IT systems and sensitive data from malicious…
Virtual private networks (VPNs) form a staple of the modern work environment. VPNs provide an essential layer of protection for…
Cradlepoint, a unit of Ericsson, today launched a secure access service edge (SASE) platform for branch offices using 5G wireless…
Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results…