Cloud computing has changed the way cybersecurity works. Y Combinator Principal Arnav Sahu calls it “the new rainmaker for cybersecurity.” It has spurred innovations in digital security solutions and the way organizations undertake security posture management.
One of these innovations is the Cloud-Native Application Protection Platform (CNAPP). This cloud-focused security model combines different solutions to ensure cloud-native security and address the weaknesses of the conventional way of using a collection of various tools. Using CNAPP, however, does not always translate to benefits. It is important to use it properly and optimize its advantages.
Even if you picked an excellent CNAPP platform, you might not harness its full potential if you fail to see the pitfalls and observe the best implementation approaches. Discussed below are five best practices to achieve the best outcomes in using this cybersecurity solution.
Thoroughly evaluate the CNAPP solution you want to use in relation to the needs of your organization.
As Gartner describes it, CNAPP is a platform designed to supplant multiple disjointed tools to provide a unified and holistic cybersecurity solution for organizations that rely on the cloud or have cloud-native workloads. The CNAPP solution you choose should match or be better than the tried-and-tested tools and services you already have in place. This means you have to do your research and inquire about the track record of the CNAPP platforms you are considering.
It does not make sense to get a CNAPP platform that claims to provide integrated end-to-end cloud-native security but ends up with something less capable. The visibility gaps may have been addressed, but this benefit may be in exchange for reduced effectiveness. What your organization needs in its current setup may be next-gen SIEM, which is comparable to CNAPP but allows the use of existing security controls.
Some organizations may not need the comprehensive capabilities of CNAPP with their current architecture or system. However, it is advisable to properly understand the entirety of CNAPP as growing organizations may eventually need to achieve seamless cloud defense under a cloud-native paradigm.
Avoid consolidating too rapidly.
While CNAPP is designed to enable seamless integration as much as possible, it does not guarantee the best results for all kinds of security tools and solutions. As such, it is important to avoid undertaking too rapid consolidation. Gradually bring together disjointed tools and observe how they interact.
Some security products or suites do not work well together. They may initially match expectations but eventually create problems over time. For example, firewall and DDoS prevention tools may have siloing issues that result in flooding of security alerts that are not contextualized and prioritized based on urgency and threat level. This contributes to alert fatigue, which is one of the major issues CNAPP supposedly addresses.
Address the misconfiguration problem.
Gartner says that 99 percent of cloud security failures are likely to be the fault of cloud solution customers. Misconfigurations, in particular, will become the biggest risk for cloud systems. Configuration mistakes can result in the exposure of sensitive data, workloads, or secrets. These can create opportunities for threat actors to exploit weaknesses and successfully breach security controls.
CNAPP simplifies the process of addressing misconfiguration. It helps security teams tightly integrate security practices in their cloud services. CNAPP facilitates the identification of configuration issues through the continuous monitoring of cloud environments and the enforcement of best practices. Leading CNAPP solutions also come with the ability to provide recommendations on how to remediate and automate the process of remediation.
Adopt a zero-trust policy and enforce the principle of least privilege.
Zero trust is one of the most popular buzzwords in the cybersecurity community—and deservedly so. It is a policy everyone needs to observe in view of the sophistication of new cyber attacks and the still unaddressed effectiveness of social engineering. People, after all, remain to be the weakest link in the cybersecurity chain. Automation and systematization have significantly improved cyber defenses, but the human tendency to fall prey to phishing and other social engineering methods remains difficult to resolve.
Zero trust calls for strict authentication, authorization, and validation of access requests regardless of whoever makes the request. This eliminates any presumption of regularity among privileged accounts, which are reportedly responsible for most breaches. Forrester says that at least 80 percent of data breaches are due to compromised privileged accounts.
Together with zero trust, it is also advisable to adopt the principle of least privilege. This means that access requests are granted with only the privileges needed to complete a specific task. Each request is meticulously scrutinized to avoid granting more than what is necessary. To this end, CNAPP provides cybersecurity teams with comprehensive awareness of the granting of permissions or privileges. It supports the implementation of least-privileged access and the enforcement of strict access policies. Organizations should be taking advantage of this CNAPP function.
Shift left with CNAPP
CNAPP can be useful in automating Infrastructure-as-a-Code (IaC) to spot possible security vulnerabilities in infrastructure code. It supports the prompt resolution of these security defects to allow developers to rectify mistakes before the code goes into full production. This is important to reduce risks and ensure compliance with cloud regulations.
It would be a waste to ignore the ability of CNAPP to help shift security to the left. The growth of IaC usage is advantageous, as it makes security an important priority in the development process. However, it can become confusing, and some may reject the idea of doing it because of the added burden. Developers whose expertise is in app building may not be adept with the provisioning, security, and testing aspects of IaC usage. CNAPP provides the tools needed to automate IaC security and find potential security vulnerabilities before going through production.
Maximizing cloud security posture
With more than 90 percent of organizations already using cloud solutions, it is clear that there is a need to learn how to improve cybersecurity with an emphasis on the role of cloud environments. CNAPP is one of the front-running security models that can address this need. However, it does not deliver the expected benefits without the proper understanding of its purpose, how it works, and what can be done to optimize it.
CNAPP may be relatively new, but it is likely to become one of the standards for cloud security in the future. It is advisable for organizations to be familiar with CNAPP to have an easier and more fruitful journey with it as the technology matures and demonstrates improved effectiveness.