Cloud security stakeholders often complain that there are too many overlapping acronyms in our space. This is confusing to buyers and counterproductive to the industry. What’s worse is that companies have deployed a wide range of products, yet they are still vulnerable.
Something has to give.
This is largely because cloud security has come up with custom patches that don’t really tie together and address specific issues. Cloud Workload Protection Platforms (CWPPs) have been inconsistently included in Cloud Native Application Protection Platforms (CNAPPs). Cloud Workload Protection Platforms and Endpoint Detection and Response (EDR) products now target cloud detection and response use cases despite starting from very different areas, generating a lot of alerts and requiring a lot of configuration. Now add Cloud Security Posture Management (CSPM), a building block that continues to reinvent itself, into the mix alongside Application Security (ASPM), Cloud Data Security (DSPM), and Cloud Infrastructure Rights Management (CIEM), and it’s all becoming too much.
Are you confused? I am too.
While experts believe that CNAPP will eventually become “the tool to rule them all,” what are security leaders supposed to do until then? Here are some strategies that can guide your decision-making:
Take a holistic approach: Don’t just think of cloud security in terms of shifting to the left — if anything, go to the top to get a top-down view of the entire cloud lifecycle — from left to right. First, look at cloud security from a daily routine perspective: How do we prevent missing critical vulnerabilities? How do we identify all the compromised connections and situations? Can we harden the environment to protect against these? Next, identify the sensitive assets exposed during an incident. And figure out when the team can detect the root cause and other critical events? Leverage technology innovation: The cloud has introduced a range of emerging technologies that are driving cloud security forward, but few are as impactful as Extended Berkeley Packet Filter (eBPF). eBPF can run protected software in a privileged context without requiring changes to kernel source code or loading kernel modules. It provides the attack monitoring capabilities of a powerful agent, but with the footprint of a lightweight sensor, overcoming the technological barriers that have hindered effective attack detection. Find ways to simplify the stack: In my experience, building a security architecture is part art and part science, and this dilemma requires both. When faced with intense pressure to act quickly, it’s helpful to step back, slow down, and work with the team to get clear answers to questions like: How will this purchase simplify my management burden today? Six months from now? Can I stop using something else in the future? Can I work with an existing vendor to embed this functionality into a tool I’ve already deployed? How much value can I convey to my board? Will this product help align my security and DevOps teams? And how?
Building a cloud security toolkit requires implementing measures and processes across development and runtime that are aligned with the realities of the environment. Cloud security is complex, so the more teams can simplify it, the better. Rest assured, it starts with fewer acronyms, except for the trusty old KISS: Keep It Simple, Stupid!
Dror Kashti, Co-Founder and CEO of Sweet Security
