Cloud native security requires one integrated approach, and this means protecting the entire lifecycle – from code to cloud. This lifecycle consists of two main stages: building the applications, and then running them. This means securing the dev environments (dev security) that are used to build applications, as well as the workloads and infrastructure that runs them during the production process (cloud security).
In order to do this effectively we must track exactly what’s going on across both dev and cloud. For example, how many containers are running at any given point in time, and where are they located? What plugins are supporting the company’s Jenkins build process? Is the company’s cloud account configured properly? How exposed is the business to potential Log4j vulnerabilities? These questions and many more can all be answered with proper end-to-end visibility.
However, effective security isn’t just about what businesses can see in dev and cloud. It’s also having the ability to act quickly when detecting issues, and suspicious or downright malicious incidents. Simply put, businesses need to be able to detect and stop – in real-time – security incidents in their cloud applications.
The growing importance of cloud native application protection platforms (CNAPPs)
CNAPP is projected to be one of the biggest security categories ever – a $25 to $30B market. This is because enterprises are continuing to move applications to the cloud while adopting cloud native practices, requiring new security measures. Traditional security tools were not designed for cloud native architectures and can only supply limited visibility and control. CNAPP is the opportunity for enterprises to connect the dots across the cloud application lifecycle and create more efficient and effective security.
CNAPP offers a way to reduce complexity while improving security and the developer experience. Gartner recently defined them as a unified and tightly integrated set of security and compliance capabilities designed to secure and protect cloud-native applications across development and production. It further explained that CNAPPs consolidate many previously siloed capabilities, including container security, cloud security posture management (CSPM), Kubernetes security posture management (KSPM), infrastructure-as-code scanning, and workload protection into a single platform. The benefits don’t end there either.
Horizontal integration: Bringing dev and cloud together in one place
It’s not good enough for modern businesses to only concern themselves with what’s happening in their cloud environment. In recent years, organisations have increasingly adopted tools and solutions that are designed to offer more cloud visibility. As part of this, the market is embracing CSPM, which is great. However, this doesn’t solve the issue of software supply chain security. What about code and open source components? Organisations need the ability to scan their code and software supply chain all the way from one end to the other.
It’s critical to see the implications of dev decisions on the cloud. Connected to this, when a problem is identified there, businesses need the ability to connect it in real-time to a dev that can resolve the issue quickly. This is known as security from dev to cloud and back.
Vertical integration: Stopping attacks in real-time
As mentioned earlier, visibility across dev and cloud is good but it’s only the first step in the process. As cloud attacks continue to grow in terms of both volume and sophistication, security practitioners are starting to ask more of the right questions, such as ‘am I protected from bad things happening to my cloud applications’, and ‘can I detect and stop an attack in real-time if I need to.’
Cloud security must be unified, and organisations need to be able to see and stop attacks in real-time if they are to prevent serious damage being inflicted.
Cloud Security is becoming increasingly consolidated
Given present market conditions and the growing realisation that cloud native security requires a much more integrated approach, it is widely expected that security tools used to protect cloud applications will quickly start to become more consolidated. In fact, Gartner expects customers to consolidate the number of tools they use to secure cloud applications from 10 to 3 in the space of just a few short years.
For this reason, customers are increasingly looking for fully end-to-end CNAPPs that can address all aspects of cloud native application security, across all stages of the application delivery lifecycle, in one platform.
Here’s a simple example of how Aqua’s end-to-end CNAPP operates: If a vulnerability is detected in runtime, the CNAPP will display the exact line of code where it originated, pinpoint the developer who owns it, and make a suggested pull request to fix the problem. No time is wasted waiting for a snapshot to identify it tomorrow, instead the CNAPP identifies it immediately, connects the dots and suggests a remediation. It is amazing what you can do with a state-of-the-art sensor supporting agentless scanning. After all, remediation is better with the full application context.
Not all CNAPPs are created equal
While other vendors may claim to offer end-to-end CNAPP solutions, very few currently exist on the market. For example, traditional EDR vendors lack the software supply chain context, understanding of cloud infrastructure settings, and granularity for real-time response to attacks. Furthermore, while other cloud native security vendors may be able to see everything happening in a customer’s cloud, they can’t connect it to the code in their repo, making them powerless to address issues quickly. Others still are able to provide broad visibility of issues, but don’t provide the ability to respond and stop attacks.
As more and more organisations migrate their environments to the cloud, the need for cloud native applications security has never been higher. One of the most effective ways to do this is through implementation of cloud native application protection platforms (CNAPPs), which are purpose built to secure and protect cloud-native applications across both development and production. However, as the need for a more integrated CNAPP approach grows, customers must take the time to identify solutions that offer them the best possible protection in a single, comprehensive package. Otherwise, they may well find themselves back in the market very soon.
Dror is the Co-Founder and CEO at Aqua. Dror has more than 20 years of experience in sales management, marketing, and business development in the enterprise software space. He has held executive positions at several emerging IT security and analytics companies. Before co-founding Aqua in 2015, he headed up global sales of Database Security Products at McAfee (Intel Security). Dror holds an MBA in Finance from City University of New York and a BA in Economics. He likes to start his day with an early morning swim in the Mediterranean.