Positioning Cloud-Native Application Protection to Clients

Coletta Vigh

Gartner popularized the cloud-native application protection platform (CNAPP) with the release of its Innovation Insight for Cloud-Native Application Protection Platforms report. But CNAPP isn’t just the next shiny new security object; it’s a platform intended to replace multiple tools with a single holistic security solution for enterprises with cloud-native workloads.

Gartner saw a need for enterprises to consolidate security and tooling platforms. In this light, CNAPP is a straightforward evolution not only for DevSecOps but also “shift left” security — and it represents an opportunity for channel partners like you to help improve your clients’ approach to security and compliance.

Why Implement CNAPP?

Disjointed solutions inherently have complex integration requirements and gaps in visibility. This often means more work for your clients’ DevSecOps teams, lower observability across enterprise workloads and inconsistent application of security parameters. By advising your clients to use CNAPP, they will gain the following security benefits:

• “Cloud-native” security: Traditional solutions designed for “castle-and-moat” networks aren’t ideal for enterprises with cloud-native workloads. By integrating with continuous integration/continuous delivery (CI/CD) pipelines and providing protection across public and private clouds and on-premises data centers, CNAPP is built with “cloud-native” infrastructure – including containers and serverless security – in mind.
• Improved visibility: Many security scanning, monitoring and observability tools are available for cloud-native workloads, but CNAPP has the unique ability to contextualize information, providing end-to-end visibility across an enterprise’s application infrastructure. Delivering granular detail on configurations, technology stacks and identities, CNAPP can prioritize alerts that pose the most risk.
• Tighter controls: Misconfigurations of secrets, cloud workloads, containers or Kubernetes (K8s) clusters are common risks facing enterprise applications. CNAPP enables enterprises to proactively scan, detect and quickly remediate these security and compliance risks.

The Key Components of Cloud-Native Application Protection

At a high level, there are three key components of CNAPP:

• Cloud Security Posture Management (CSPM)
• Cloud Service Network Security (CSNS)
• Cloud Workload Protection Platform (CWPP)

CSPM: Visualizations and Security Assessment

Cloud Security Posture Management (CSPM) enables enterprises to automate the detection and remediation of security risks using security assessments and automated compliance monitoring. CSPMs can also detect misconfigurations that can lead to data breaches. Further, CSPMs provide deep cloud visibility by helping enterprises classify and inventory assets across as-a-service platforms.

CSNS: Security for Cloud-Native Networks

Cloud Service Network Security (CSNS) is a vital aspect of overall cloud-native security and true CNAPP solutions. CSNS provides cloud network security functions designed for the dynamic network perimeters common with cloud-native workloads. CSNS provides granular segmentation and protects both …