What distinguishes CNAPP offers? What is the value of these solutions to security and development teams? How does the CNAPP scene develop, and what are the aspects that cloud security leaders should focus on?
We believe that these questions are the primary focus of the latest Gartner Market Directory for original cloud applications protection platforms, which help security leaders and risk management responsible for cloud safety strategies to analyze and evaluate emerging CNAPP offers. In this blog post, we will discuss some prominent points of the market guide. In our opinion, it is an incredibly insightful reading and we are very recommended to download the full report here.
CNAPP owes its height to multiple factors. The most important of which is the rapid adoption of Amnesty International and the cloud, as well as a constant threat scene in which attack techniques are constantly evolving.
Gartner writes in the report:
By 2029, 60 % of institutions that do not spread a uniform CNAPP solution within their cloud structure will lack a wide -ranging vision on the surface of the cloud attack and thus fail to achieve its required zero goals.
Lack of vision is a major engine for the adoption of CNAPP and security responsibility that has expanded beyond Infosec teams to include additional people. Gartner shares the following insight:
With the transformation of operational responsibilities towards developers and cloud architects, the need for advanced tools to treat weaknesses, spread infrastructure as a code and management of production applications has grown to accommodate this expanded range. Determining the risks and determining their priorities in a proactive way during development, while providing developers in sufficient context, is necessary because developers realize security as an obstacle.
Meanwhile, when cloud security becomes internally democratic, attackers also develop their methods and goals:
The surface of the attack is expanded for cloud applications and infrastructure, as attackers focus on the operating time environment, including network, account, storage, identities, permissions, and poor composition of cloud management features and control features. In addition, application programming facades and the software supply chain themselves have become targets for potential attacks.
The facts of the cloud operating model today, along with the changing threat scene, are the reason that CNAPP solutions are very prevalent. But with many competing offers in the market – and even competing definitions of CNAPP – how can security leaders reduce noise? Here are some strategies, based on the main fast food of the Wiz from the Gartner report.
Wide accreditation of central platforms
By 2029, Gartner expects that more than 80 % of institutions will adopt an engineering approach and central platforms to facilitate and expand self -service, with a significant increase of less than 30 % in 2023. In our opinion, this transformation is not only emphasized the need for simplified Devops practices but it It also highlights the necessity of a coherent security strategy that includes the entire life cycle. With a central approach, organizations can enhance self -service and size while maintaining strong security during the development process.
Facilitate the shift towards containers
In the report, Gartner records that by 2029, 35 % of all institutions applications will be operated in containers, up from less than 15 % in 2023.
Increasing containers emphasizes the increase in dependence on the original cloud structure and indicates the corresponding need for safety solutions that can manage the complications associated with container environments.
Since developers are increasingly using container technology, CNAPS will need to provide an improved vision and control these dynamic work burdens.
Cooperation through the team
CNAPPS breaks the dye between the development of applications, cloud architecture, and security operations teams. The presence of a central platform that enhances communication and risk identification throughout the life cycle. By vision in the actual time in work burdens and effective weakness, “CNAPPS aims to provide a comprehensive analysis of the different elements and features of the application and the cloud environment with a strong focus on enabling developers to take responsibility for the application.”
A unified approach to risk management
One of the most important advantages of CNAPPS is its ability to provide a unified vision of risks across cloud environments. By connecting points through different layers of cloud infrastructure, CNAPPS helps institutions to give priority to risks effectively while standardizing clear point products, which reduces the burden on developers and security teams.
Moreover, by achieving a balance between the need for light movement of the product with safety requirements, CNAPS supports innovation instead of installing it.
When institutions evaluate a CNAPP solution, Gartner suggests creating a joint evaluation team to determine and classify the requirements of the Foundation's jobs to a wanted, preferred and optional before sending requests to obtain information/purchase, where there is no single seller is the best in everything CNAPP capabilities. In our opinion, this approach helps in identifying the basic requirements of each group, such as the experience of developers, identifying risks, reducing wrong positives, and speeding up the improved cooperation between stakeholders. Moreover, the joint evaluation team is better equipped to determine opportunities to simplify operations, enhance the application of security and set priorities.
When it comes to evaluating CNAPP products, Gartner suggests that all basic services must be completely integrated, and not loosely associated units (usually resulting from the inner silos of the seller, or OEM components badly or that add -on from the acquisition). Integration should include the front end control unit, the unified policy through multiple checkpoints and a uniform back data form.
For example, a strong data model depends on the graph that can actively analyze and visualize the complex layers of the cloud to determine the risk paths and potential attack. Gartner encourages the evaluation of the “Devsecops tools for the Foundation's current security from development to the SECOPS to the time of operation and building a matrix for what is necessary for all teams of your team Main operational or safety holes. Your work.
With the continued expansion of the CNAPS market, institutions can use these strong solutions to achieve a comprehensive vision of risks, simplify their safety processes, and secure their original applications more effectively in the end. The presence of CNAPP is a pivotal order to move in the complexities of a rapidly developed threat scene.
In Wiz, we feel that we are compatible with this main learning from the Gartner report, as the real value of CNAPP lies in its ability to transform operations and empower people through work. In the end, CNAPP is a way to give a democratic character to security through security, cloud and engineering teams – so that all parties can be successful, innovate quickly while reducing risks.
Download the market guide
source:
Gartner, Market Directory for Cloud Application Protection Platforms, Dale KoepePEN, Charlie Winkless, Neil McDonald, Esraa Eltahawy, July 22, 2024
Gartner is a registered brand and Gartner service, Inc. And/or its subsidiaries in the United States and internationally and are used here with permission. All rights reserved.
This drawing was published by Gartner, Inc. As part of a larger research document and must be evaluated in the context of the entire document. Gartner document is available upon request from Wiz.
Gartner does not support any seller, producer or video service in its research publications, and technology users are not recommended to choose only these sellers who have the highest assessments or other appointments. Gartner Research is made up of Gartner Research and should not be interpreted as facts of the truth. Gartner waives all guarantees, expressed or implicit, with regard to this research, including any marketing or fitness guarantees for a specific purpose.
