Zscaler has launched its new cloud native application protection platform (CNAPP) solution, called Posture Control.
CNAPP makes life easy in public cloud risk mitigation by pulling in signals from different sources to help identify and prioritize vulnerabilities.
Zscaler’s differentiator is that it built Posture Control from the ground up, with a single data store and risk driven prioritization to help the InfoSec team be more efficient. The data is generated from the company’s Zero Trust Exchange that processes billions of transactions a day.
Cloud is the primary way forward as the flexibility and agility it offers can be incredibly powerful from an innovation standpoint. However, if not properly managed, vulnerabilities can spread across the enterprise quickly.
InfoSec teams are in a difficult spot, where they’ve lost control that they once had as gatekeepers for apps and services. Today, software development and IT operations (DevOps) can easily launch new apps and services to the cloud with no such gate in place.
Below are some of Insights with CNAPP
CNAPP allows InfoSec teams to collaborate with DevOps teams by integrating into development lifecycle. Organizations can start to identify risks from the time a developer writes code all the way through to the app’s deployment and run phase. It doesn’t just scan what’s in the cloud, rather provides remediation.
Cloud transformation is a major development today, due to which more of security responsibility is shifting to developers. Developers have the power to provision apps and services to the cloud with a few clicks. While this can be seen as a major challenge for InfoSec teams, it’s also an opportunity for a more strategic approach to security where both teams work together to mitigate risks.
CNAPP not only helps secure apps, but also the development process. The policies that CNAPP provides are oriented around things like misconfigurations and other types of issues. That’s the foundation layer. Above that is the app and data-centric layer, such as scanning for vulnerabilities. So, issues can be identified even before apps and services get deployed.
CNAPP can be integrated into the native workflows that DevOps already use. Through tight integration, vulnerabilities can be identified without deploying additional tools. InfoSec teams can see exactly what the issue is and how to fix it, while developers can continue to launch services without interruption.
CNAPP isn’t a panacea for all security issues. It specifically targets workloads that are running in public cloud environments. All CNAPP vendors support the three major cloud providers:AWS, Azure, and GCP.
CNAPP scans data that has been deployed across public clouds and then identifies the data source code, since it’s an important part of the risk equation. CNAPP also scans core vulnerabilities in containers, virtual machines (VM), serverless functions, and assets. It looks at the underlying infrastructure and what’s running inside that infrastructure.
There are a number of cloud security tools on the market today, such as cloud security posture management (CSPM) and cloud workload protection platform (CWPP). Yet, organizations don’t want to run a dozen different security tools to protect their public cloud infrastructure. That’s why CNAPP is used to eliminate some of the other tools.