While cloud adoption has been on the rise for at least a decade, the past two years have pushed that growth into overdrive. Unit 42 Cloud Threat Researchers found that organizations across the globe increased their cloud workloads by more than 20% between December 2019 and June 2020. Moreover, between April and June 2020, cloud security incidents increased by an astounding 188%—and some industries saw increases of more than 400%. The seeming disproportionate rise in security incidents isn't necessarily due to lack of attention. The team also found that cloud spending rose by nearly 30% around the same time frame.
A significant part of the problem is a proliferation of "blind spots" that are, ironically, caused by the point solutions that organizations adopt to secure their clouds. That's why we have been strong proponents of an integrated platform approach to security since our inception. And recently, Gartner released research a new market category that we believe aligns with that same vision, which they are calling Cloud Native Application Protection Platforms (CNAPP).
Here we'll explore why the industry is coalescing around the idea of cloud native security platforms and look at the benefits they offer for organizations of any size.
Why Current Approaches Are Lacking
The approach that many organizations have taken to cloud security involves individual solutions and tools for each issue or functional area the security team is responsible for protecting. While this may solve one problem at a time, other issues consistently emerge as a result.
- Point solutions add overhead: As enterprises accumulate point solutions to address security requirements individually, they end up with added overhead when managing the tools. And because these solutions won't communicate with each other (without yet more overhead work) these teams lack comprehensive visibility and protection.
- There's no simple way to track and prevent risks across the application lifecycle: There are dozens of security tools that perform checks at just one point in the application lifecycle. But without a consistent chain of communication across development, deployment, and runtime phases, security and risk teams don't have an easy way to gain a comprehensive view of risks across the lifecycle. Instead, they are left with the time-consuming task of comparing disparate vulnerability and misconfiguration findings.
- Disparate capabilities introduce blind spots: In most cloud security scenarios, security teams need to be able to see risk and analyze threats across cloud services, workloads and applications, networks, data, and permissions. Without a single tool, blind spots emerge in the gaps between solutions. Teams are left guessing or racing to piece together data to analyze risk or protect their applications.
These are just a few of the examples of challenges organizations face without a comprehensive platform approach to security.
What is a Cloud Native Application Protection Platform?
Cloud Native Application Protection Platforms, which we call Cloud Native Security Platforms (CNSPs), integrate and centralize otherwise disparate security functions into a single UI. This approach provides visibility across silos, and ensures security, cloud infrastructure, and DevOps teams can deliver full-stack security. A single platform can protect applications at runtime while also integrating security into development workflows to identify and fix flaws early in the application lifecycle.
As Gartner states, “Cloud-native application protection platforms (CNAPPs) are an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production. CNAPPs consolidate many previously siloed capabilities, including:
- Development artifact scanning, including containers
- Cloud security posture management
- IaC scanning
- Cloud infrastructure entitlements management
- Runtime cloud workload protection platform.”
Recommendations for Leaders Adopting CNAPPs
In the Innovation Insight for Cloud-Native Application Protection Platforms, Gartner shares several recommendations for security and risk management leaders. Here are a few we have chosen to highlight:
- “Implement an integrated security approach that covers the entire life cycle of cloud native applications, starting in development and extending into production.
- Integrate security into the developer’s toolchain so that security testing is automated as code is created and moves through the development pipeline, reducing the friction of adoption.
- Scan development artifacts and cloud configuration comprehensively and combine this with runtime visibility and configuration awareness in order to prioritize risk remediation.”
At Palo Alto Networks, we believe these recommendations are vital for organizations securing cloud native applications.
Prisma Cloud as an Example of the Platform Approach
With Prisma Cloud, Palo Alto Networks delivers a comprehensive, fully integrated, and best-in-class platform for securing cloud native applications. Our CNSP offers a single user experience and a single set of unified capabilities for securing public clouds, private clouds, and multi-cloud environments.
At runtime, Prisma Cloud offers a defense-in-depth approach by covering the cloud environment, applications within it, and related cloud services and entitlements. To improve overall security outcomes, Prisma Cloud also integrates security into development and DevOps workflows to identify and prevent vulnerabilities and misconfigurations for applications and Infrastructure-as-Code.
We strongly believe that Prisma Cloud maps to Gartner’s Cloud-Native Application Protection Platform category. You can download the complimentary report, and review the full set of recommendations for yourself.
Gartner, Innovation Insight for Cloud-Native Application Protection Platforms, Neil MacDonald, Tom Croll, 25 AUGUST 2021
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Palo Alto Networks.