CNAPP Must Evolve to Bring SecOps Into the Fold
With more business-critical applications in the cloud, CNAPP must converge cloud security and security operations to effectively manage cloud risk.
March 12, 2024
By Greg Smith, Product Marketing, Google Cloud Security
Cloud-native application protection platforms (CNAPPs) have emerged as a popular option for protecting multicloud environments. They integrate a multitude of security capabilities, including cloud security posture management (CSPM), cloud workload protection platform (CWPP), and cloud identity and entitlement management (CIEM). They strive to bring consistency to multicloud security and protection.
In principle, adopting CNAPP is a big step forward for security teams. Yet, there's a glaring missed opportunity: More clouds — and more cloud workloads — means more risk. Mitigating these risks demands that cloud security and enterprise security operations work together — with a unified view of data and common workflows — to identify and remediate high-risk issues.
Where Most CNAPP Products Fall Short
As cloud environments continue to expand and to grow in complexity, we've seen a familiar cycle play out: When security teams identify new and distinct facets of cloud security risks, third-party or homegrown solutions (or both) soon follow. The never-ending effort to integrate discrete cloud security capabilities into one product, however, misses the bigger picture: Are we integrating the right capabilities to drive down cloud risks?
When Gartner introduced CNAPP in 2021, the need was clear. CNAPP brought hope to solving the operational complexities presented by single-purpose point solutions.
Foundationally, it converged on three key advantages:
A unified user interface (UI) that brings together posture management, threat detection, compliance, shift-left security, and more. Security teams have spoken loudly and forcefully: no more patchwork of point products.
As organizations move their data and applications into multiple public cloud environments, they struggle to deliver consistent security across clouds. A single tool can abstract away the different management constructs and unique operating differences between cloud service providers and help drive consistent security policies.
With CNAPP, cloud security begins at application development and infrastructure design and extends through runtime operations.
But in many ways, today's CNAPP products don't go far enough. Their benefits stop short at the critical intersection between cloud security and security operations (SecOps). More specifically, because they have different tooling and different sources of truth in their security landscape, the teams can't identify high-risk issues and work together to resolve them.
Bridging the Cloud Security and SecOps Gap
As organizations lean into complex multicloud estates, vulnerabilities, risks, and threats will continue to grow and evolve. With security experts siloed by the tools they use, the risk exposure in the cloud will only increase.
What does this problem look like in practice? When a CNAPP solution does not share a common platform with SecOps, cloud security teams have a difficult time sharing what they've learned about the risk of a particular security issue with the security analysts responsible for fixing it. This means SecOps can be left starting from scratch in terms of prioritizing and investigating the risk when hours — or even minutes — matter.
This is not just inefficient, it's problematic as it creates noise that could drown out any signal that identifies risk in the system. Further, whatever speed advantage CNAPP brings to identify a high-risk issue is thrown out the window because the SecOps team or individual analysts do not have the information they need to resolve it within reasonable service-level agreements (SLAs).
We're (Still) in the Era of Convergence
Cloud security is one vital part of the entire enterprise security engine. But building a consolidated cloud security platform that operates independently from SecOps misses the real opportunity to transform how risk is identified, prioritized, and remediated in today's cloud-enabled enterprise.
Enterprise business and security leaders will increasingly see this fundamental cloud risk gap. And the future of enterprise security will see cloud security solutions come together with SecOps solutions, so the entire enterprise security machine is operating on a unified platform.
Solutions that can provide this next-level consolidation will fully deliver on the benefits promised by CNAPP: Truly comprehensive risk visibility. Immediate and seamless access to deep context around those risks. And the ability to use that context to drive automatic, artificial intelligence (AI)-powered risk prioritization to ultimately enable a more confident and coordinated response to the risks that matter most to the business.
About the author
Greg Smith leads marketing for Google Cloud's Security Command Center solution. He has 20+ years of experience in high-growth cloud and datacenter markets, having held key leadership positions at Nutanix, Check Point Software, and Citrix. His cybersecurity expertise includes network and application firewalls, data protection and ransomware recovery, and cloud security. He holds a degree in computer engineering from Cal Poly Pomona, and an MBA from the University of Michigan, Ann Arbor.
Read more about:
Sponsor Resource CenterYou May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024