When an organization’s assets span multiple public – and private – clouds, it can be exceedingly difficult to achieve consistency with how workloads are deployed and managed and how policies are enforced in different clouds. For example, each cloud may have different concepts and configurations governing its separate identity and access management (IAM) frameworks. There may also be nuanced differences in the ways that different service providers define and manage the shared security model.
“Security silos arise when organizations use point products to secure their cloud environments as there’s no connective tissue providing a holistic picture of where risk lies,” says Amol Mathur, SVP/GM, Prisma Cloud, Palo Alto Networks. “Seventy-six percent of organizations report that the number of point tools they use creates blind spots and confusion. Now coupled with the fact most organizations are operating in multiple cloud environments, the blind spots and confusion becomes infinite.”
Such difficulties provide a rationale for adopting a cloud-native application protection platform (CNAPP) that is designed to consistently secure applications across multi–cloud environments.
Consolidating capabilities
CNAPPs, according to Gartner, Inc., “consolidate a large number of previously siloed capabilities, including container scanning, cloud security posture management, infrastructure as code scanning, cloud infrastructure entitlement management, runtime cloud workload protection and runtime vulnerability/configuration scanning.”
One leading CNAPP provider, Palo Alto Networks Prisma Cloud, identifies six categories that complicate the lives of cloud admin and DevSecOps teams in achieving consistent hybrid, multicloud security:
Visibility and security posture management. By maintaining visibility into all cloud services and workloads, enterprises can define and enforce policies that establish a strong security posture and readiness to prevent, identify, and react to threats. The problem is that each cloud service provider offers its own security and visibility tools that only work on its platform.
Compliance and governance. Ensuring that cloud configurations comply with regulatory compliance rules, as well as internal governance requirements. As above, vendors offer compliance auditing tools exclusive to their own platforms.
Threat detection. Monitoring cloud security threats against large sets of services and across many configurations. There is no simple or singular means of detecting the diverse threats to cloud environments.
Data visibility and security. Knowing where sensitive data is stored, who owns the data, and who has access to the data.
Multicloud IAM. Consistently managing and reviewing IAM rules and permissions across different clouds takes enormous time and effort without a unified set of cloud security tools continuously monitoring IAM configurations.
Application development. Developers using open-source software, generative AI, and infrastructure-as-code templates can inadvertently introduce cloud security flaws. Extending security monitoring and controls into your software development pipeline – shift-left security – can detect risk and vulnerabilities while software is still under development and address risks with less time and effort.
“A multicloud environment represents a large and complex attack surface,” Network World cautions. “Any cloud rollout creates risks of opening up vulnerabilities to attackers: You’ve got data going back and forth between cloud and on-prem systems across the Internet, and you’re storing and working on that data on a platform you don’t fully control.”
“The only way for enterprises to ensure their cloud applications and multicloud environments are secure is to adopt an AI-powered CNAPP that is designed to secure from code to cloud and enforces consistent policies across each cloud,” says Mathur. For information on best practices to address the main issues of multicloud security, download the Prisma Cloud e-book, The 6 Key Requirements for Multicloud Security.
Security
Leave a Reply