Multicloud security is an extremely complex undertaking, requiring security teams to correlate thousands of daily security alerts across multiple platforms to efficiently and accurately respond to emerging threats. Instead of relying on a number of third-party point solutions, which often struggle to integrate and communicate with each other, to protect your multicloud environment, we recommend that you prioritize native security solutions that can integrate seamlessly into your environment.
A cloud-native application protection platform (CNAPP) is a unified platform that simplifies protecting cloud applications throughout their lifecycle. Originally coined by Gartner, this all-in-one platform connects traditionally isolated security and compliance capabilities into a single user interface. Fundamentally, CNAPPs enable security teams to embed security earlier in the application development process and implement stronger protections for cloud workloads and data.
There are many use cases where a cloud native solution will have a natural edge compared to third-party solutions. We have selected some common scenarios to demonstrate features that are difficult to replicate with a custom or third-party solution. This list is intended to be representative and not exhaustive.
1. Cloud management level monitoring
The cloud management layer is a crucial service connected to all your cloud resources. This also makes it a potential target for attackers. As a result, we recommend that security operations teams carefully monitor their level of asset management.
Since cloud service providers (CSPs) do not allow integration with this layer, the functionality provided by third-party solutions is severely limited and relies solely on the availability of logs/events, such as Azure Diagnostics and AWS CloudTrail.
2. Near real-time threat detection with zero or minimal impact on workloads
As you leverage more native architecture patterns, your use of native storage, such as object storage and native SQL, will increase. As a result, these services are often a target of attack.
Because CSPs do not allow native integration with these services, organizations often struggle to detect malware as soon as an object is uploaded to a storage account without introducing latency or additional risk to workloads. We also note that the same issue is present when trying to discover sensitive data across databases and object stores without allowing access to a third-party solution. Cloud native security offerings do not have these limitations.
3. Intrinsic coverage of workloads as they scale or modernize
Native solutions are deployed at the account or subscription level, integrate natively with other cloud services, and cover a wide variety of usage models. Often these solutions do not require any agents and can be activated via a button. When cloud architecture teams decide to migrate from a virtual machine-based deployment to a container-based one, organizations can rest assured that the workload is protected from the start.
4. Integration with your native pipelines
When organizations deploy cloud workloads, they can integrate the native solution at the code repository level. This ensures that the appropriate risks are checked at each level, such as scanning code as part of code merges or scanning images during push. Native solutions also allow organizations to validate manifests before container deployment.
5. Maintaining access-related blast radius
When organizations deploy a third-party solution, that solution requires its own set of roles that must be monitored. Users will most likely also need to be managed within the same third-party solution. This adds additional monitoring requirements for security teams that are not necessary when deploying native solutions. Because native solutions already integrate with other cloud services and leverage predefined roles, security teams don’t have to worry about any additional risks introduced into their environments.
As we’ve seen, CNAPPs have a unique value proposition to integrate into your cloud security portfolio, either as a primary solution or as a complement to your existing cloud security posture management (CSPM).
– To know more Partner perspectives from Microsoft Security