Reading time: 5 minutes
The market for cloud security solutions is growing rapidly, and there are many types of solutions to meet your specific security needs. Finding the right solution, let alone the right tool, can be difficult. Adding to this complication. Cloud-native applications present new security challenges at different layers of the application stack. Development, runtime, compliance, security, and other issues are often handled in silos, forcing organizations to piece together point solutions in an effort to address each separate problem. Indeed, organizations report having an average of six different tools in their environment depending on the Opportunity Overview study by Forrester Research. Yet they all reported major security incidents in the last 12 months.
The desire for more integrated, efficient and condensed tools has grown and as a result cloud native application protection platforms (CNAPPs) have emerged like the catch-all of cloud security tools. Their integrated and cloud-native nature makes the solution efficient, cost-effective, consistent and uniform. Gartner defines cloud-native application protection platforms as an integrated set of security and compliance features designed to help secure and protect cloud-native applications throughout development and production. As risks knock at your door and point solutions multiply, as the Gartner Hype Cycle Workload and Network Security, 2022 shows below, cloud security leaders must take a unified security approach and use the right technologies. to protect their assets.
Source: Hype Cycle for Workload and Network Security, 2022, published July 18, 2022
In the “Innovation Insight for Cloud Native Application Protection Platforms” report, Gartner notes that optimal cloud-native security requires an integrated approach that begins in development and extends to workload management. The thought process around CNAPP is relatively simple: use security tools and practices designed for cloud-native use throughout the application lifecycle.
According to Gartner, understanding the true risk of cloud-native applications requires advanced analytics with visibility into different areas, including open source components, applications, cloud infrastructure, and workloads. The report mentions that enterprises must secure cloud-native applications and monitor compliance using a complex set of interconnected tools spanning production and development.
The motivation for using and the benefits of cloud-native application protection platforms are clear, so what can you expect in terms of capabilities?
The CNAPPs are based on four pillars:
- Cloud Infrastructure Entitlement Management (CIEM)
- Cloud Security Posture Management (CSPM)
- Cloud Workload Protection Platform (CWPP)
- CI/CD Security
- Infrastructure as code scanning
- Container scanning
Below, we’ll detail what you can expect from each of these point solutions.
Cloud-Native Application Protection Platform Capabilities
Cloud Infrastructure Entitlement Management (CIEM)
The main objective of a CIEM solution is to manage identities and their rights from end to end. CIEM solutions will inventory all identities, personal and non-personal, and reveal all effective permissions, highlighting potential avenues of attack. This allows your company to remove excessive permissions and work towards policies such as least privilege. CIEM solutions will keep you at least privileged with continuous monitoring to notify you of any non-policy changes.
Cloud Security Posture Management (CSPM)
CSPM helps companies uncover misconfigurations, network risks, cloud drift, or lack of compliance. CSPM will ensure that your cloud has all the basic controls needed to secure its amorphous “foundation”. It works by establishing a secure baseline, using out-of-the-box policies and frameworks from your vendor, or custom frameworks, and monitoring the environment for deviations. This may mean ensuring that databases are not publicly accessible or that logging is enabled.
Cloud Workload Protection Platforms (CWPP)
CWPPs monitor workloads in the cloud, scan for vulnerabilities, and provide context about those vulnerabilities. CWPP, according to Gartner, can help gain control and visibility over virtual and physical infrastructure, serverless workloads, and containers. While vulnerability management is part of the CWPP, workload security, a more cloud-native goal, is at the heart of the solution. CWPPs detect vulnerabilities through, ideally, continuous scanning and help organizations prioritize based on business impact and severity.
According to Gartner, “There is a synergy in the combination of CWPP and CSPM capabilities, and several vendors are pursuing this strategy. The combination will create a new class of cloud-native application protection platforms (CNAPPs) that scan workloads and configurations in development and protect workloads and configurations at runtime.
With more and more organizations taking advantage of microservices and containers, applications are being developed faster than ever. Integrating security into the CI/CD pipeline from the outset facilitates the early and effective detection and resolution of security issues, long before they go into production. As a result, more and more organizations are embracing the DevSecOps concept, which embeds security processes into the pipeline and encourages collaborative efforts to expand beyond IT and development and include security professionals. security.
CI/CD security involves ongoing analysis of source code, including source composition analysis (SCA) techniques to help identify potential issues with libraries or third-party code. Additionally, it involves security testing as well as performance testing, before deployment, to help detect vulnerabilities. Finally, ideally, ongoing runtime security monitoring for production threats.
CNAPP and DevOps
The CNAPP comes to the great benefit of DevOps teams. DevOps is about building apps that are more secure, with more efficiency and speed, and with less overhead. The sooner security issues are reported, the sooner developers can fix the issues. However, there is often a lack of knowledge and skill among developers regarding security best practices, so implementing them manually is a challenge.
Additionally, security teams using different tools for different concerns result in more effort on the development side as they piece together different solutions. Relying on a central, uniform and automated solution relieves developers and already overburdened security teams. End-to-end lifecycle visibility and protection results in a smoother process and time savings.
Cloud-Native Application Protection Platforms with Context
The real defining feature of the CNAPP is its ability to put into cloud-native context. If it can scan containers for vulnerabilities, but runs completely unaware of how that relates to identity or posture management, it’s not a true CNAPP.
Gartner encourages organizations to take an integrated platform approach when implementing cloud-native application security using either a CNAPP or a cloud-native security platform. With the help of a CNAPP, you can cover multiple security needs in one central platform. As a result, you can increase control and gain deeper visibility for comprehensive threat detection and management. Sonrai Security was actually named ‘Seller Representative’ by Gartner for CNAPP. If you want to learn more about our total cloud security solution, consider a demo.
*** This is a syndicated blog from the Security Bloggers Network of sonri | Enterprise Cloud Security Platform written by James Casagrande. Read the original post at: https://sonraisecurity.com/blog/cloud-native-application-protection-platforms/