Shaping the future of cloud security with CNAPP [Q&A]
As cloud environments become complex, security teams face increasing challenges in detecting, prioritizing, and addressing risks.
While cloud security posture management (CSPM) tools were created to provide visibility into cloud configurations and cloud workload protection platforms (CWPP) to manage threats to cloud workloads, they created gaps in providing holistic context that enables efficient risk management and didn't extend across the full software development life cycle (SDLC).
A cloud-native application protection platform (CNAPP) fills this gap by offering an integrated solution that secures cloud applications from development to runtime, handling both infrastructure and workload risks. To understand how CNAPP is reshaping cloud security, we spoke with Rani Osnat, senior vice president of strategy at Aqua Security.
BN: How is CNAPP transforming cloud security?
RO: CNAPP is important for today's complex cloud environments because it combines CSPM, CWPP, 'shift left' scanning, and other capabilities into a unified platform. This integration enables security teams to address vulnerabilities and misconfiguration early in the application life cycle, offering continuous visibility and real-time risk assessments while also protecting applications at runtime in real time. By securing the entire life cycle, CNAPP ensures risks are prioritized, remediated, or mitigated before applications are pushed to production, as well as enabling quick response when threats are detected after deployment. This helps organizations maintain strong security as their cloud infrastructure evolves.
BN: Why is improving remediation speed and risk prioritization critical for cloud security teams?
RO: Remediation speed is crucial because vulnerabilities can be exploited quickly in cloud environments. The longer a vulnerability exists, the greater the risk. CNAPP improves remediation speed by integrating tools that prioritize and contextualize alerts, allowing security teams to focus on the most critical vulnerabilities in their own environment first, not just based on their generic severity or score. By correlating risk with specific workloads and cloud configurations, a CNAPP ensures that teams can quickly identify and address the most pressing issues, reducing alert fatigue and minimizing the attack window before and after an application is deployed.
BN: What is the importance of mean time to remediate (MTTR) in cloud security?
RO: MTTR is a critical metric, measuring how quickly security teams can fix vulnerabilities once detected and assigned for remediation. In cloud environments, where new vulnerabilities appear frequently and attackers are constantly probing for weak spots, rapid remediation is necessary to minimize the window during which an attacker can exploit a vulnerability. Using a CNAPP, security teams can lower MTRR with automated vulnerability detection, prioritized risk insights, and actionable guidance for remediation. By integrating security into the CI/CD pipelines, CNAPP ensures vulnerabilities are addressed early, speeding up the remediation process and enhancing security operations.
BN: How can GenAI help streamline the remediation process for cloud security?
RO: GenAI transforms the remediation process by automating the generation of detailed, contextual remediation steps. With the integration of GenAI, which learns the taxonomy and context of vulnerabilities, security teams can automatically generate detailed step-by-step fixes for vulnerabilities and misconfigurations across multiple cloud environments and code. This eliminates manual research and troubleshooting, allowing teams to implement solutions directly through code, infrastructure-as-code templates, or cloud APIs.
GenAI's biggest advantage is its ability to provide immediate, actionable remediation guidance. Once a vulnerability is detected, teams can simply click a button for a step-by-step solution, including relevant code snippets. Remediation becomes as simple as copying and pasting the fix into the appropriate platform, reducing MTTR and accelerating the overall security process. As GenAI advances, its understanding of complex cloud configurations will improve, enabling even faster and more accurate remediation.
BN: How does code-to-cloud tracing help with managing cloud security risks?
RO: Code-to-cloud tracing is invaluable for cloud security because it directly links vulnerabilities in production to the specific code snippets and commits that introduced them. This approach allows security teams to pinpoint the source of a vulnerability in the code repository and identify the individual developer or team that owns it, reducing the need for extensive searching across multiple code repositories and helping figure out the development team accountable for the fix.
This traceability promotes accountability, enabling developers to own and resolve security issues directly at the code level, which is critical for faster remediation. Additionally, integrating this traceability from code commit to runtime provides a continuous security posture across the application life cycle, empowering security and development teams to maintain control over both processes in large, complex cloud environments.
BN: Why is compliance a never-ending task in cloud environments?
RO: Compliance is a constant challenge, as organizations need to comply with various and complex requirements like NIST, PCI, HIPAA, and GDPR. CNAPP helps by automating policy enforcement and continuous monitoring, ensuring cloud environments align with current compliance standards. By integrating compliance checks into development pipelines, CNAPP ensures security and compliance are addressed early, reducing the risk of noncompliance during audits. Automating reporting, real-time assessments, and audit-ready documentation help organizations stay on top of regulatory requirements.
BN: What's next for CNAPP as cloud security continues to evolve?
RO: As cloud environments become more complex, CNAPP will remain essential in shaping security strategies. Gartner predicts that by 2025, 60 percent of enterprises will consolidate CSPM and cloud workload protection into CNAPP, highlighting its importance. But there’s a shift happening. Companies are beginning to understand that visibility and prioritization alone aren’t enough. The future of CNAPP is about moving beyond identifying risks to a more advanced approach that focuses on understanding the attackers.
This shift toward a deeper understanding of adversaries signifies a more mature cloud security mindset. In the future, CNAPP will need to incorporate even richer insights into attacker behavior, allowing security teams to be more proactive rather than reactive. By doing so, CNAPP will cover the entire life cycle of cloud applications and enable organizations to build resilience against an increasingly sophisticated threat landscape, scaling securely and confidently in the cloud.
Image credit: achirathep.gmail.com/depositphotos.com