Cyber security and acronyms seemingly go hand in hand and every year there are new ones to learn and remember. From APTs and ZTNA to CASB and SIEM, the world of cyber security is full of them. Markus Strauss looks at CNAPP, one of the newest additions to the acronym list.
What is CNAPP?
CNAPP - which stands for cloud native application protection platforms - is still a relatively new concept, so to define and understand what CNAPP provides, briefly reviewing its predecessors cloud workload protection platforms (CWPP) and cloud security posture management (CSPM) is necessary.
CWPPs are software solutions designed to protect all cloud-based workloads across all cloud environments under one platform. By providing a ‘single pane of glass’ view of all cloud environments, security professionals don’t waste time having to scroll through different dashboards which could potentially result in missing a dangerous vulnerability. Other CWPP capabilities include malware scanning and intrusion prevention which are dedicated to securing the cloud.
To protect cloud-based workloads against security issues raised from misconfigurations, CSPMs are used. Public cloud infrastructures are in high demand and are being heavily used by organizations. However, many organizations are moving to cloud environments without knowing the best security practices to follow or how to configure these environments securely.
For instance, new updates and features are continuously being added to cloud infrastructures but these are not always understood by organizations. Some don’t know how to adapt to these changes, while others don’t know how these changes impact already existing configurations. Painting a clearer picture are CPSM solutions that monitor, detect, and remediate misconfigurations found on these environments which ensures that organizations are meeting industry best practices.
So, now those introductions were made, let’s get to grips with what CNAPP provides.
If you were to consolidate the capabilities of CWPPs and CSPM, you would get CNAPPs. This holistic view to cloud security brings together the proactive monitoring features of CSPM, with the protection components of CWPP, and expands security coverage across all cloud environments and cloud native apps.
The term CNAPP was first coined in 2021 by Gartner and was described as:
“An integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production. CNAPPs consolidate a large number of previously siloed capabilities, including container scanning, cloud security posture management, infrastructure as code scanning, cloud infrastructure entitlements management and runtime cloud workload protection platforms.”
Why is CNAPP important?
It goes without saying that cloud technology has transformed business and IT forever bringing many benefits along with it. However, it also brought a large amount of complexity and security questions that organizations are still trying to find the answers to. For instance, tool spawl is rife, with businesses found on average to use 45 security solutions to try secure networks. Naturally, with more technologies to manage, the more problems one is likely to face, and this is stretching security professionals, and their resources, to the end of their tether. It is not sustainable as constantly reviewing dashboards, alerts and data will only lead to their burnout and your organization at risk. Ultimately, tool sprawl results in unnoticed and unpatched vulnerabilities that hackers will exploit.
Having CNAPPs in place, which leverage both CWPPs and CSPMs, will bring about consolidation, efficiency and, most importantly, security. With that said, here are some other issues that CNAPP addresses:
Compatibility
CNAPPs have the capacity to be applied to any cloud environment or cloud workload. This is typically a big flaw within traditional security methods. If you are in the market for a CNAPP, then ensure you select one that covers all your virtual needs and infrastructures including AWS, Azure, GCP, Kubernetes, and VMware; and not forgetting Windows and Linux OS systems. Because of this, vulnerabilities that surface from incompatibilities between services and applications will no longer be a concern. By having cloud systems work as normal the stresses for security professionals are severely reduced.
Configuration drift and misconfiguration
Another pain point for security pros is configuration drift, the term given when app creators make changes to their applications, and to the infrastructure where the app resides, with the aim of improving it. While improvements are always welcomed, some changes can go too far and drift to vulnerabilities forming thus putting organizations that use these applications at risk.
CNAPPs can protect against configuration drift and misconfiguration happening across hybrid cloud, containers, VMs, and multi cloud environments. They also have a full range of cover from inception to delivery, shifting left to safeguard the entire development cycle and ensuring compliance and security is always kept.
Threat detection
Identifying threats as early as possible is key for any security team and CNAPPs can scan and remediate threats quicker than most other legacy security solutions. As previously mentioned, CNAPP combines the best of CWPPs and CSPMs and this is true with threat detection and remediation. Threat response times are increased with the ability to identify a misconfiguration or compliance issue across the attack surface before a new application is created, allowing IT teams ample time to rectify the issue. Moreover, greater visibility and transparency means security teams can respond quicker after deployment. The time saved can make all the difference when preventing a cyber attack.
Automation
Automation and cyber security are technologies that are entwinned today and CNAPP solutions are no different. By harnessing automation extensively, CNAPPs can alleviate the workloads of security teams. The automation element is used with threat detection, regulatory compliance, reviewing protocols such as identity access management (IAM) as well as helping prioritise which issues to rectify.
The introduction of automation has been more than welcomed, proving to be a crucial component within modern cyber security. At a time when the cyber skills shortage is increasing, CNAPP solutions will be doing their part to help organizations and security teams efficiently manage their cloud deployments security within budget.
To conclude, the future of cloud security involves CNAPP particularly as cloud environments grow and become more complex. Going forward, if your organization has cloud infrastructure and you’re concerned about its security then deploying CNAPP should be high on your list of security priorities.
The author
Markus Strauss is head of product management at Runecast.