Reconsider Your CNAPP Strategy Using These 5 Scenarios

Multicloud security is an enormously complex undertaking, requiring security teams to correlate thousands of daily security alerts across disparate platforms to efficiently and accurately respond to emergent threats. Rather than relying on a series of third-party point solutions — which often struggle to integrate and communicate with one another — to protect your multicloud environment, we recommend prioritizing native security solutions that can embed seamlessly within your environment.

A cloud-native application protection platform (CNAPP) is a unified platform that simplifies securing cloud applications throughout their life cycles. Originally coined by Gartner, this all-in-one platform connects traditionally siloed security and compliance capabilities into a single user interface. At their core, CNAPPs allow security teams to embed security into the earliest stages of the application development process and deploy more robust protections for cloud workloads and data.

There are many use cases where a cloud-native solution will have a natural edge over third-party solutions. We have picked a few common scenarios to showcase capabilities that are hard to replicate with a customized or third-party solution. This list is meant to be representative, not exhaustive.

1. Monitoring Your Cloud Management Layer

The cloud management layer is a crucial service connected to all of your cloud resources. That also makes it a potential target for attackers. Consequently, we recommend security operations teams monitor the resource management layer closely.

Since cloud service providers (CSPs) do not allow integration with this layer, the capabilities provided by third-party solutions are severely limited and rely solely on the availability of logs/events, like Azure Diagnostics and AWS CloudTrail.

2. Detecting Near Real-Time Threats With Zero or Minimal Impact on Workloads

As you leverage more native architecture patterns, your usage of native storage, like object storage and native SQL, will grow. As a result, these services often represent an attack target.

Because CSPs do not allow native integration with these services, organizations often struggle to detect malware as soon as an object is uploaded to a storage account without introducing latency or further risks to their workloads. We also see this same issue present when trying to detect sensitive data across databases and object stores without allowing access to a third-party solution. Native cloud security offerings do not have these limitations.

3. Inherent Coverage of Workloads as You Scale or Modernize

Native solutions are deployed at the account or subscription level, integrate natively with other cloud services, and cover a vast variety of usage patterns. Often, these solutions do not require any agent and are push-button. When cloud architecture teams decide to migrate from a virtual machine-based deployment to one that's container-based, organizations can rest assured that the workload is protected from the start.

4. Integrating with Your Native Pipelines

When organizations deploy cloud workloads, they can integrate the native solution at the code repository level. This ensures they are checking appropriate risks at each level — for example, code scanning as part of code merges or image scanning on push. Native solutions also allow organizations to manifest validation before container deployment.

5. Maintaining Your Access-Related Blast Radius

When organizations deploy a third-party solution, that solution requires its own set of roles that need to be monitored. Users will also most likely need to be managed within the third-party solution itself. This adds additional monitoring requirements for security teams that are not needed when deploying native solutions. Because native solutions already integrate with other cloud services and leverage predefined roles, security teams don't need to worry about any additional risks being introduced into their environments.

As we have seen, CNAPPs have a unique value proposition for integrating in your cloud security portfolio, either as the primary solution or as a complement to your existing cloud security posture management (CSPM).

— Read more Partner Perspectives from Microsoft Security