By shifting security left to development, businesses that embrace CNAPP will be able to reduce the risk of breaches and regulatory penalties, lower the total cost of fixing vulnerable applications, and help engineering teams deliver secure cloud native applications faster. This is accomplished by providing developers with a consolidated view of cloud native application security risks and the information they need to fix known vulnerabilities, misconfigurations, behavior violations, and compliance issues in their own tools and CI/CD pipeline. CNAPPs consolidate a large number of previously siloed capabilities, including container scanning, cloud security posture management, infrastructure as code scanning, cloud infrastructure entitlements management and runtime cloud workload protection platforms.” 1īuilding on the concepts and principles of DevSecOps, the vision of CNAPP is to address cloud native application security risks as much as possible in the development and testing phases of the SDLC before applications go into production. “Cloud-native application protection platforms (CNAPPs) are an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production. The CNAPP category first emerged as a category in the 2021 Gartner® Hype Cycle™ for Cloud Security, where CNAPP was defined as follows: Source: Innovation Insight for Cloud-Native Application Protect Platforms, Neil MacDonald, Charlie Winckless, 25 August 2021. In this blog, I’ll share my research on the category, trends that are shaping the market, and thoughts on how the category will evolve over time. However, the vendors and tools in the AST category were designed before cloud native apps or Kubernetes existed and are still primarily used for traditional monolithic applications.Īfter some research, discussions with industry analysts, and conversations with Deepfactor customers, it was clear that Deepfactor was more aligned with the principles and philosophy embodied by the emerging category called Cloud Native Application Protection Platform (CNAPP). One of the first questions I asked myself was “What category does Deepfactor fit into and what are the trends that are shaping that category?”Īs an innovative new company that was built to help developers create secure cloud native applications, the first thought that came to mind was applications security testing (AST). When I first joined Deepfactor, I set out to learn as much as I could about the relevant markets and technology categories to inform our go-to-market strategy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |