Lately we have been seeing more and more talk about CNAP. It is a relatively new term coined by Gartner that stands for cloud-native application protection platform. Gartner has added CNAPP to their hype cycle, especially as they predict that public cloud usage will outpace private data center usage. That’s a pretty big claim for a pretty big acronym. Let’s dig a little deeper into it.
As cloud-first becomes the norm, many companies are moving away from older tools and older ways of working to models and platforms that can handle the hybrid and multi-cloud way of working. There is simply no time for security teams to check multiple security tools for each cloud framework and another different platform for perimeter protection. What the world of cloud protection is moving toward is holistic protection integrated from single platforms; hence CNAPP.
CNPP and Shift to the Left
CNAP, in this sense, is more than just a combination of older terms and technologies. While it may seem like a combination of Cloud Workload Protection Platform (CWPP) and Cloud Security Posture Management (CSPM), it is more than that. CNAPP covers more of the cloud-native application development lifecycle, an area not necessarily covered by the other two acronyms. We call that shift left.
If you think of the development life cycle as a linear process, moving from left to right, many traditional protection platforms only protect the end of the process; the finished product. CNAPP shifts the protection to the left to cover more of the application creation process. This is crucial for catching issues and bugs earlier in the development lifecycle, which means more effort and cost are saved. It also means that security, development, and operations teams use the same tool to monitor environments. There is no longer a need for a handover between the development environment and the security platform to the live environment and the security platform.
CNAPP, CWPP and CSPM: OMG!
A combination of CWPP, CSPM, and CNAPP can provide comprehensive protection of your infrastructure, cloud environments, workloads, and your cloud-native applications.
Cloud workload protection platforms are the so-called single pane of glass for monitoring and protecting cloud-based workloads. According Gartner, “Organizations continue to embrace public cloud, private cloud, containers, and no server computing at higher rates as a result of COVID-19 and digital transformation. technology service providers (TSPs) must meet this demand by offering broad CWPP capabilities that align with all forms of cloud workloads.”
Having just one dashboard to verify, regardless of the number of cloud workloads or cloud infrastructure providers, reduces time and effort for security teams in their monitoring and prevention efforts. A good CWPP security solution should cover all the ingredients of modern multi-cloud and hybrid environments, including containers and on-premises physical and virtual machines, as well as anything else that can reasonably be called a cloud.
Cloud security posture management is a different approach that is primarily based on protecting cloud workloads from threats due to misconfiguration. More and more organizations rely on public cloud infrastructure, but may not be aware of best practices or configurations for that infrastructure. CSPM is the art and practice of monitoring infrastructure, detecting misconfigurations using best practices and documented fixes to resolve issues. These best practices and fixes should be drawn from a multitude of sources, including vendor-based knowledge bases and vendor-neutral industry-standard sources that cover the most effective principles of cloud security. Integrating all of this information can give your security teams the power to detect and remediate issues and vulnerabilities as quickly as possible.
A holistic approach
CNAPP is intended to be a holistic approach, encompassing many cloud environments and cloud-native applications. Provides both proactive management and monitoring of a CSPM solution while adding the protection element of a CWPP.