Table of Contents
Share this entry
Cloud-native applications and cloud native application protection platforms (CNAPP) offer the potential for stronger security than traditional, monolithic architectures. However, making the leap to cloud-native also requires a fundamental shift in security strategy.
First off, what is a CNAPP? Gartner defines it as an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production. Furthermore, Gartner explains in its recent “Innovation Insight for Cloud-Native Application Protection Platforms” report, that optimal cloud-native security requires an integrated approach that begins in development and extends to workload management.
The thought process around CNAPP is relatively simple – use tools and security practices that were made for native cloud use. Read on to learn some of the key insights from Gartner’s report, including important security recommendations for security and risk management (SRM) leaders.
The shift to cloud-native
COVID-19 is accelerating digital business initiatives and pushing companies to cloud-native application development. More and more companies are combining microservices-based architectures with DevOps-style pipelines, multi cloud infrastructure, and ephemeral cloud resources.
But this shift, Gartner says, is creating significant security challenges as traditional security practices cannot keep up with the speed and scale of the cloud.
It’s therefore important to “shift left” and embrace DevSecOps and seamlessly integrate security when developing and deploying cloud-native applications. In fact, Gartner says that 44% of organizations are now using a DevSecOps pipeline to secure cloud-native apps, with most occurring in limited deployment.
Gartner Backed CNAPP Solutions
According to Gartner, understanding the real risk of cloud-native applications requires advanced analytics with visibility into different areas — including open source components, applications, cloud infrastructure, and workloads.
The report also mentions that businesses need to secure cloud-native applications using a complex set of interconnected tools spanning production and development. Here are some solutions included in a CNAPP Gartner recommends.
Cloud Infrastructure Entitlement Management (CIEM)
CIEM manages cloud identities and their extensive entitlements, or, effective permissions. The main purpose of a CIEM platform is to manage identities and their effective permissions. CIEM solutions will reveal the entitlements these identities, person and non-person, hold. This allows your business to strip excessive permissions and reach least privilege. CIEM solutions will keep you at least privilege with continuous monitoring to notify you of any out of policy changes.
Cloud Security Posture Management (CSPM)
CSPM helps companies discover misconfigurations, potential risks, cloud drift or lack of compliance. CSPM will ensure your cloud has all the necessary basic controls in place to secure its foundation. This could mean ensuring databases are not publicly accessible or that you have logging enabled. Once you have a secure environment, a baseline is locked in which allows a CSPM tool to monitor against and detect deviations.
Cloud Workload Protection Platforms (CWPPs)
CWPPs monitor workloads in the cloud, scan for vulnerabilities and provide information regarding those vulnerabilities. CWPP, Gartner says, can help gain control and visibility into virtual and physical infrastructure, serverless workloads, and containers.
Security recommendations for SRM leaders
Gartner recommends taking specific actions to safeguard your cloud-native applications.
1. Integrate security into the developer’s toolchain
Security teams should strive to automate security testing as code. This can reduce the friction of adoption and make it easier to secure your applications.
2. Scan cloud configurations and artifacts
Gartner recommends combining scanning with runtime visibility and configuration awareness. This can help to prioritize risk remediation.
3. Don’t strive for perfection
When designing applications, it’s best to avoid striving for perfection. Instead, security teams should focus on the highest severity, confidence, and risk vulnerabilities to avoid wasting time.
Why CNAPPs are key for cloud-native security
Gartner’s report encourages businesses to take an integrated platform approach when implementing cloud-native application security by using either a CNAPP or a cloud-native security platform.
Per Gartner, CNAPP integrates security and compliance capabilities to enhance cloud-native application security during development and production. CNAPPs combine a variety of capabilities including top solutions like CIEM, CSPM and CWPP.
With the help of a CNAPP, you can cover multiple security needs in one central platform. As a result, you can tighten control and gain deeper visibility for comprehensive threat detection and management.
Sonrai: a Gartner CNAPP
Selecting a CNAPP, or cloud-native application protection platform, can be an overwhelming challenge. To help narrow down picking a CNAPP, Gartner provides a list of example vendors that offer a combination of workload security, CIEM, CSPM, data protection and overall visibility.
Sonrai is one of the key representative providers in Gartner’s report. Sonrai Dig, the leading cloud security platform that provides true end-to-end visibility and control over your environment. Dig combines cross-platform security with exceptional CIEM capabilities for inventorying identities, tracking and managing permissions, and enforcing a state of least privilege, with intelligent CSPM and workload security. Additionally, Dig offers intelligent workflows and automation enabling accountability across your teams and providing them with mechanisms to reduce their risks at the speed and scale of the cloud.
If your business is experimenting with cloud-native development, Sonrai Dig can help you iterate safely and efficiently. Dig lets you go beyond standard IAM and achieve complete real-time visibility into all of your data and identities.
The end result? A much more secure cloud environment — and much greater peace of mind.
To try Sonrai Dig, request a free demo today.
THE ARCHITECT
The Newsletter for Cloud Security Leaders. 1x a month.
Get a Comprehensive Cloud Identity Audit
Request Your AuditSonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.