A survey conducted by IDC in 2021 revealed an alarming detail: 98 percent or almost all the companies surveyed say that they have encountered a minimum of one cloud data breach over the past 18 months (from the time the survey was made). The cloud has provided crucial improvements in the way organizations operate, but it also exposed them to cyberattacks.
New adopters of cloud technology are particularly vulnerable. It takes them time to acclimate to their new IT infrastructure and the new range of IT assets connected to their networks. More importantly, it takes time for them to establish suitable cyber defenses unless they have a full team of top-notch cybersecurity experts, who happen to be a scarcity at present.
Cloud protection usually involves the use of multiple security tools. For some time, there was no single solution to address all enterprise security needs including the new ones that emerged with the adoption of cloud technologies. The welcome change: the development of the Cloud-Native Application Protection Platform (CNAPP) Model.
CNAPP: an overview
Introduced by Gartner, CNAPP serves as a holistic and unified cybersecurity platform capable of replacing various independent tools to address the needs of modern enterprises with cloud-native workloads.
Gartner saw how disjointed enterprise security tools and platforms have become and found it necessary to consolidate them and treat security and compliance as a continuum across operations and IT teams. CNAPP is presented as the next step towards a “shift left” security strategy, wherein security is not a new and separate phase but a necessary element across different aspects of operations.
CNAPP addresses the security visibility gaps that inevitably appear when using multiple and disjointed security tools and platforms. Integrating them is more complex than it sounds and puts more burden on DevSecOps teams. CNAPP brings together different solutions to comprehensively address issues and boost an organization’s security posture.
CNAPP has three key components, namely cloud security posture management (CSPM), cloud service network security (CSNS), and cloud workload protection platform (CWPP).
- CSPM deals with security visibility and assessment. It allows organizations to automate threat detection and remediation through comprehensive automated security evaluations and the monitoring of compliance with security policies. Also, CSPM aids the classification of enterprise assets into different categories (such as SaaS, IaaS, and Paas) to enable clearer and more systematized visibility.
- CSNS is aimed at securing the dynamic network perimeters of cloud-native workloads. Consisting of a next-generation firewall, load balancing, DDoS defense, SSL/TLS inspection, and web application and API protection tools, CSNS allows organizations to grain granular segmentation capabilities on their networks to achieve more effective and efficient network traffic protection.
- Lastly, CWPP focuses on establishing security for modern workloads, which are usually deployed across complex networks involving private, public, and hybrid clouds. This CNAPP component integrates security throughout the app development lifecycle and scans workloads across an organization’s entire IT infrastructure to promptly find and address security issues. It employs functions such as workload malware detection and runtime protection.
How CNAPP helps
In Gartner’s “Innovation Insight for Cloud-Native Application Protection Platforms” research paper, the consultancy firm suggests the importance of bringing security and the development process together. “Rather than treat development and runtime as separate problems — secured and scanned with a collection of separate tools — enterprises should treat security and compliance as a continuum across development and operations, and seek to consolidate tools where possible,” Gartner writes.
This focus on fusing security and development efforts entails the following capabilities, which are readily available in CNAPP.
- Production environments protection – CNAPP helps in the “shift left” movement as it empowers DevOps teams to address vulnerabilities and threats while they are still working on their code, not in a separate phase when the code has already been completed.
- Multi-cloud infrastructure security – CNAPP facilitates the comprehensive discovery of all assets that can potentially be affected by vulnerabilities and threats. These assets include APIs, apps, accounts, sensitive information, and cloud resources.
- Workload protection – Through CNAPP, organizations can easily detect and promptly address vulnerabilities such as misconfigurations, the failure to enforce or comply with security policies, and suspicious network behaviors. It also enables the identity-based segmentation of workloads in the cloud to efficiently deal with risks.
- Security-driven team collaboration – CNAPP can serve as a platform for team collaboration as it supports the integration of workflows, the correlation of various data, and a unified way to remediate threats to ensure seamless collaboration among DevOps, DevSecOps, and cloud SecOps teams.
- Uninterrupted compliance and governance through automation – Continuous security monitoring has been one of the hallmarks of effective modern cybersecurity solutions, and CNAPP also covers this through automated security controls. It helps ensure continuous security for configurations, permission management, and data governance.
Ultimately, the capabilities listed above result in two major benefits: cloud-native security, significantly improved security visibility and more effective controls. Modern enterprises are deeply enmeshed with cloud technology that it makes little sense to use legacy or non-cloud security systems. The integration of CI/CD pipelines and securing of public/private cloud and on-prem assets are optimally undertaken with cloud-native capabilities.
Not new but more comprehensive
CNAPP is not the first and only cloud-native security solution. However, what makes it noteworthy is its ability to link together end-to-end cloud-native security solutions throughout all enterprise workloads.
With its CSPM, CSNS, and CWPP components, CNAPP has functions that cover the coding to deployment stages. In coding, there’s IaaC scanning and third-party library scanning to ensure the security of code components used. When it comes to building, developers can use container image assurance, which is a CWPP function. Meanwhile, CSNS functions such as automated micro-segmentation API protection address risks that may be encountered during app deployment.
On the other hand, Gartner projects that by 2025, 95 percent of new digital workloads will be deployed on cloud-native platforms. However legitimate organizations are not the only ones taking advantage of cloud technologies. Threat actors are also learning and formulating ways to use the cloud and its vulnerabilities for their attacks. They have developed and continue to evolve attacks that introduce malware to cloud environments, execute commands on cloud-based apps, and spread malicious documents, payloads, and code on GitHub, MediaFire, and other cloud platforms used by developers.
As organizations adopt cloud solutions to improve their operations, it is inevitable for them to encounter new cybersecurity issues. CNAPP may not be able to cover all issues, but as described above, it is broad and comprehensive enough to address a wide range of challenges that threaten cloud use.