Cloud Native Application Security


Episode Artwork
1.0x
0% played 00:00 00:00
Oct 04 2024 25 mins   2

As cloud-based infrastructure becomes a larger part of enterprise portfolios, there’s greater focus on securing it effectively. Analyst Mark Ehr joins host Eric Hanselman to wade into the acronym-rich world of cloud native application security. Like other aspects of cloud and cloud native, security is a matter of dealing with speed and scale. There’s more telemetry that’s available, but workloads are more ephemeral and extending the same methods used in on-premises security risks overwhelming security teams and ballooning costs. Decomposing CNAPP into infrastructure and application development patterns creates an explosion of subsegments – Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Cloud Infrastructure Entitlement Management (CIEM) and many more. Security vendors are bundling the various pieces together into platforms, but buyers aren’t fully buying in. Efforts to move security earlier into the application development process, the “shift left” movement, has added the need to secure the infrastructure provisioning process that’s taking place in cloudy environments.

Cloud security has become the leading pain point for security teams, according to 451 Research’s Voice of the Enterprise study data, and cloud native skills are one of their leading skills gaps. At the same time, most organizations use multiple cloud providers, increasing complexity. Operational scale is necessitating a move beyond the siloed approaches that have been the norm for security. To provide effective security, data has to be shared across infrastructure. It also happens to be an area where cloud-based security tooling is taking a greater role.

More S&P Global Content:

Credits:

  • Host/Author: Eric Hanselman
  • Guests: Mark Ehr
  • Producer/Editor: Donovan Menard
  • Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith