CNAPP For Dummies
Published on 24 Mar 2023
Before delving into the specifics of a cloud-native application protection platform (CNAPP), it's useful to put cloud computing into perspective. This covers the growth of cloud computing, how the same factors that drive its popularity create a cloud security nightmare, and how CNAPP has stepped in to help.
The Cloud's Impact on Everything
Philosopher Thomas Kuhn defines a paradigm as a typical example of a pattern for something essential and significant in his book The Structure of Scientific Revolutions. A paradigm shift happens, according to Kuhn, when the prevailing paradigm under which science functions becomes incompatible with new facts, allowing for the adoption of a new paradigm.
The cloud represents a paradigm change in IT since it provides an option to manage privately held IT infrastructures in-house. The cloud changed the IT landscape. Consumption caused costs to rise and fall. Buyers were no longer required to purchase for peak demand, meaning unused capacity and supplies sat idle during non-peak hours.
Buyers can exchange capital expenditures for operating costs. Operational expenses are often funded via cash flow since they do not need prior permission or budgeting. They enable firms to increase consumption at peak periods and decrease consumption when the peaks recede. Because of the enhanced flexibility of these traits, cloud computing has become very popular and in high demand.
Cloud Difficulties: Complexity, Speed, and Scalability
Things move swiftly in the cloud. It just takes a few minutes to launch whole new infrastructures or apps. Applications can take many forms in the cloud, including containers (such as Docker), explicit virtual machines (such as Amazon EC2), and serverless implementations (in which the cloud provider allocates computing resources on demand and handles server setup, provisioning and management on the customer's behalf). It is common for web-scale infrastructures to host thousands of server instances capable of serving millions of concurrent users (think Facebook).
Handling security in such a volatile environment is difficult. Clouds are continually contracting and expanding. Cloud resources are ephemeral, meaning they may be spun up and decommissioned on the same day. What occurs on one side of the cloud may have far-reaching consequences.
A CNAPP and its advantages
This new category combines several existing ones, including cloud security posture management (CSPM), cloud workload protection platforms (CWPP), cloud infrastructure entitlement management (CIEM), and "shift left" security capabilities such as Infrastructure as Code (IaC) security and code vulnerability scanning.
This book delves further into each of these areas. A robust CNAPP safeguards cloud application development across the lifecycle, from build time through runtime. A CNAPP provides IaC scanning and vulnerability scanning throughout the build process by integrating continuous integration (CI) and continuous deployment (CD) pipelines. A CNAPP offers runtime protection to a program after deployment, including continuous threat monitoring and runtime vulnerability screening. A CNAPP may also scan cloud systems for misconfigurations, manage identities and permissions, automate compliance, and do various other things.
Portfolios of products: A Cautionary story
Gartner published research titled Predicts 2022: Integrated Security Platforms Are the Future in late 2021, addressing the trend of tool consolidation throughout the cybersecurity ecosystem. Gartner identifies a "portfolio strategy that should be carefully assessed" in the study. "Vendors are increasingly split into 'platform' and 'portfolio' camps, with the former combining tools to build a whole bigger than the sum of its parts, and the latter packaging items with minimal integration," according to Gartner. According to Gartner, "differentiating between these techniques is critical to the suite's efficiency, and vendor marketing will always claim to be a platform."
When it comes to CNAPP, then thoroughly analyze providers. Check to see whether they're keeping their promise of tool consolidation!
Download Lacework's whitepaper to learn more about CNAPP cloud visibility security only on Whitepapers Online.