We consider the four main cloud security archetypes available today and highlight why a practical approach to multi-cloud security needs to unify the strategies of these archetypes while addressing the security pain points.
In July, a blog by Ian Tinney explored where the responsibility for cloud security rests and highlighted some of the most common cloud security fails. In the second of this two-part blog series, Ian takes a closer look at the four main cloud security archetypes available today and explains why a practical approach to multi-cloud security needs to unify the strategy outlined by these four archetypes while addressing the security pain points.
The need to improve cloud confidence and create a cohesive approach to cloud security has seen several new archetypes emerge. Four cloud security pillars – CSPM, CIEM, CWPP, and CNAPP – identified by Gartner and are now used as the basis to classify third-party security solutions.
Let’s look briefly at these in turn.
- CSPM (Cloud Security Posture Management) provides cross-platform control of the cloud infrastructure. CSPM security management automation tools address misconfiguration issues by analysing configurations and comparing these with other inputs to identify risks. Today, a good CSPM tool should facilitate security enforcement and operations, compliance assurance, investigation and incident response. According to Gartner, through 2024, organisations implementing a CSPM offering and extending this into development will reduce cloud-related security incidents due to misconfiguration by 80%.
- CIEM (Cloud Infrastructure Entitlements Management) Understanding the importance of access and entitlements, analyst firms Gartner and Forrester have highlighted the need to focus on Identity Governance in the cloud by reiterating the importance of Cloud Identity Governance (CIG) and Cloud Infrastructure Entitlements Management (CIEM). CIEM is newer than CSPM and fills the Identity and Access Management (IAM) gap. CIEM solutions leverage analytics and machine learning to detect anomalies around identities and entitlements. CIEM technologies discover all identities, users and their entitlements, and enforce identity and access governance controls to reduce excessive entitlements and right-size privilege access across the multi-cloud.
- CNAPP (Cloud-Native Application Protection Platform) is the latest addition to the Gartner cloud security fold and is a convergence of multiple disciplines such as CWPP, CSPM and some CIEM functionality that delivers a full stack multi-cloud overview. CNAPP has come about in response to the demand for ‘cloud native’ security that seeks to protect the apps rather than just the infrastructure. The reliance on Infrastructure as Code (IaC) meant that CNAPP became necessary in order to protect the code used to build this infrastructure from malicious intent. CNAPP sees security workload and configuration scanning performed during development so that technologies are then protected during run time. Misconfigurations are not just identified but are used to identify security risks in associated or connected cloud resources.
- CWPP (Cloud Workload Protection Platforms) is focused on the protection of workloads – irrespective of type or location – and scans for vulnerabilities and configuration issues, among other things, within the workload. CWPPs are designed to detect and prevent app attacks without needing to know the input source. They profile the application function and its behaviour and look for deviations from these and enforce a zero-trust policy. A comprehensive CWPP should give you the ability to discover and manage any unmanaged workloads you discover. CWPP capabilities typically include system hardening, vulnerability management, host-based segmentation and system integrity monitoring. CNAPPs use CWPP to give them more visibility.
Although the four cloud security archetypes provide a much-needed cloud-centric approach to security, each focuses on one particular area: no one strategy provides a complete security solution. Over time, some of the archetypes have attempted to fill the gaps in security provisioning, which is why we see CIEM provide the IAM that CSPM lacks and CNAPP borrow from CWPP to gain more depth into application workloads. But they still largely operate independently. To draw upon the security benefits of all four strategies, we need to simplify them and focus on what security teams need in order to quickly detect, investigate, triage and resolve high-risk, high-impact vulnerabilities.
A practical approach to multi-cloud security needs to unify the strategy outlined by the four archetypes while addressing the following security pain points:
- A multi-cloud security baseline
- Context-driven security
- Risk scoring based upon a standardised threat matrix
- Real-time cross-platform threat detection
- Enforcement of least privilege and use of JIT privileges
- Infrastructure as Code (IaC) security to shift left
This can be achieved by using cloud-native technology such as Ermetic’s identity-first CNAPP solution. The platform provides comprehensive cloud security that dramatically reduces your cloud attack surface. By automating complex cloud infrastructure security operations, it unifies full asset discovery, deep risk analysis, runtime threat detection and compliance reporting, combined with granular visualisation and step-by-step guidance.
CNAPP (CSPM + CWPP) leaves a vast gap around identities and privileges that Gartner has identified as a leading cause of cloud security issues. However, through our partnership with Ermetic, we are able to deliver identity-first CNAPP by combining the very best of the different cloud security archetypes into a unified, multi-cloud security product which gives you better visibility, awareness and control over your data, across platforms. This enables you to monitor the security and assess and respond to alerts based on the risk level. It also allows you to set policies and assess compliance with industry standards and regulations in real time. And it can be used to automate incident response and remediation.
Talk to us today about securing your cloud – identity first. Call us on +44 330 128 9180 or email firstname.lastname@example.org.
You can also find out more in our ‘Cloud in Crisis: solving the multi-cloud security problem’ white paper here. Developed in partnership with our vendor, Ermetic, the white paper takes a closer look at:
- The state of the cloud
- Top cloud threats
- The data security disconnect
- Cloud security fails
- An overview of today’s security solutions
- Unified multi-cloud, identity-first security management