Introduction
The growth of multi-cloud adoption, in conjunction with the need to secure different workloads and deployment from code to cloud, led companies to start looking for a unified solution that could consolidate many siloed capabilities that were offered by cloud security posture management (CSPM) platforms, cloud workload protection (CWP) platforms, and other DevSecOps solutions. Gartner defines Cloud Native Application Protection Platform (CNAPP) as a “unified and tightly integrated set of security and compliance capabilities designed to secure and protect cloud-native applications across development and production.”
According to a survey published by the Cloud Security Alliance (CSA) in August 2023, 75% of the organizations surveyed have either implemented or plan to implement CNAPPs in their cloud environments. While CNAPP growth is on the horizon, there are still many questions regarding what key capabilities should be available for this platform to fulfill the organization’s needs.
This article covers the key capabilities that you should consider when planning a CNAPP adoption.
Beyond Multi-Cloud
While multi-cloud capabilities are important for a CNAPP solution, it is important to look beyond cloud environments and ensure that on-premise resources are covered. There are still many organizations operating in hybrid mode and maintaining critical workloads on the premises.
Make sure the CNAPP solution you adopt is not only capable of monitoring on-premise resources but also leverages insights from these resources to help prioritize risk mitigation.
Contextual Prioritization
Insights from multiple sources, such as code, computing resources, identity, data, and network need to be collected, correlated, and contextualized to help cloud security administrators better understand the current risk for their cloud environments. In addition, a CNAPP solution should be able to identify the potential damage in other workloads in case a vulnerable workload is exploited, and based on that, classify the risk level of the potential attack scenario.
Code to Cloud
Using the shift-left approach, it becomes imperative not only to alert developers about lack of security in the code but also to prevent misconfigurations to be embedded in the code and pushed live to the cloud. A CNAPP solution should have artifact scanning and infrastructure-as-code scanning capabilities.
Identity
In multi-cloud and hybrid environments it becomes even more critical to correctly enforce the principle of least privilege. This enforcement should be done by leveraging a native integration between CNAPP and cloud infrastructure entitlement management (CIEM). These two platforms not only need to intrinsically communicate and exchange insights but also enable cloud security administrators to easily see results in a consolidated dashboard.
Tailored Detections for Different Workloads
There are different types of workloads in a cloud environment, and each workload has its own threat landscape, which means that cloud workload protection strategies need to take into consideration the attack vector for each type of workload. The CNAPP solution must be able to leverage cloud native threat detection that was tailored for the specific workload that you want to protect. It should also be easy to stream alerts generated by this platform to different security information and event management (SIEM) solutions.
Network Security
Network visibility and control should be an integral part of a CNAPP solution. In addition, it is critical to ensure that network insights are also used to help prioritize risk remediation and enable security administrators to take intelligent decisions to protect their environments.
Proactive Hunting
While threat hunting is a task usually performed by the security operations team (SOC) using their SIEM solution, proactive hunting can be used to elevate cloud security posture in general. Ideally, the CNAPP solution should enable cloud security teams to query the insights that were collected across multiple workloads with the intent of performing data correlation via query to better understand potential areas of risk. This is a more advanced capability that usually is leveraged by companies with a more mature cloud adoption.
Conclusion
CNAPP is here to stay and will continue to evolve into different areas, including future integration with artificial intelligence (AI). When planning your CNAPP adoption, look not only into the current feature set provided by the vendor, but also to the roadmap of the future and how the vendor is planning to continue to invest in their product growth. Make sure also to understand your company’s needs for the short term (things you need to resolve now) and long term (things you know will come up in the future). The reflection of those needs will help to dictate which solution is better for you to adopt.
About the Author
Yuri Diogenes, Principal PM Manager, Author, and Professor at EC-Council University
Bio: Yuri Diogenes has been working at Microsoft for the past 17 years and currently is a Principal PM Manager for the CxE Defender for Cloud Team. Yuri is also a Professor at EC-Council University and has a Master of Science in Cybersecurity Intelligence and Forensics Investigation from Utica College. He is currently working on his PhD in Cybersecurity Leadership from Capitol Technology University. Yuri has published a total of 31 books, mostly covering information security and Microsoft technologies. Yuri also holds many industry certifications, such as CISSP, E|CND, E|CEH, E|CSA, E|CHFI, CompTIA Security+, CySA+, Network+, CASP, CyberSec First Responder and MITRE ATT&CK Cyber Threat Intelligence.
