The COVID-19 pandemic accelerated digital transformation initiatives for a lot of companies. For many, this entailed embracing cloud-native software improvement to make potential fast deployment of software program. The draw back? Increased safety dangers throughout giant and ephemeral cloud environments.
As cloud safety solely continues to change into extra advanced and tough to handle, organizations are more and more cloud-native software safety platforms (CNAPP) to guard their cloud infrastructure and functions operating within the cloud. The concept behind CNAPP is to consolidate level options to allow extra automation and cut back safety gaps between instruments.
Bundling CSPM, CWPP, CIEM
“You can consider CNAPP because the king of acronyms in cloud safety,” says Kate MacLean, senior director of product advertising and marketing at Lacework. “It encompasses all the pieces from CSPM [Cloud Security Posture Management], CWPP [Cloud Workload Protection Platform], CIEM [Cloud Infrastructure Entitlements Management], and extra, bringing these options collectively right into a single platform.”
Lacework not too long ago up to date its CNAPP providing, Polygraph Data Platform, with agentless workload scanning for secrets and techniques and vulnerabilities plus assault path evaluation.
These new capabilities are designed to assist IT safety groups obtain higher visibility into their group’s advanced, dynamic, and distinctive atmosphere, to allow them to higher establish, perceive, and reply to the safety alerts that matter, in keeping with the corporate.
MacLean explains that agentless workload scanning helps construct layered safety into the cloud atmosphere, giving IT safety groups the flexibility to scan extra sources for vulnerabilities in a quicker and extra complete method.
“With broader protection within the runtime atmosphere and steady monitoring, groups have a greater understanding of potential dangers within the cloud to allow them to proactively safe for them,” she says.
Addressing Workload, Configuration Security
Ami Luttwak, co-founder and CTO of Wiz, says CNAPP goals to handle workload and configuration safety by scanning the areas throughout improvement and defending them at runtime.
The firm supplies an agentless, API-centered method providing organizations instantaneous protection of their multicloud atmosphere. Wiz’s platform scans public buckets, knowledge volumes, and databases in Amazon Web Services, Google Cloud Platform, and Microsoft Azure and classifies knowledge in order that organizations can discover out what knowledge is positioned the place.
“CNAPP is turning into the primary platform for safety and dev groups for all the pieces they want from cloud safety, from code time to manufacturing,” he says. “It solves for the core challenges of defending cloud infrastructure from a safety perspective.”
The platform makes use of schema matching throughout the whole atmosphere to know knowledge circulation and lineage, together with when knowledge is moved between environments or areas and improper storage of manufacturing knowledge, and repeatedly assesses for compliance to make sure safety requirements are constantly enforced throughout enterprise models, areas, functions, and customers, in keeping with Wiz.
Holistic Cloud Security
A correct CNAPP protects cloud software improvement all through the whole thing of the applying improvement lifecycle — from construct time via runtime. This simplified method covers all clouds, and a single instrument handles vulnerabilities, remediation, compliance, and reporting, giving it crucial context and visibility. With a number of instruments and safety capabilities consolidated into one platform, a CNAPP can change a number of level options — to not point out numerous hours of operational utilization.