Stakeholders across the cloud security ecosystem often complain that there are way too many overlapping acronyms in our field. It’s confusing for buyers and counterproductive for the industry. Even worse, companies have deployed an alphabet soup of products, yet they are still exposed.
Something’s got to give.
It’s all happening in great part because cloud security has innovated in ad hoc patches that don’t really relate to one another and address specific problems. Cloud Workload Protection Platforms (CWPPs) were inconsistently embedded into Cloud Native Application Protection Platforms (CNAPPs). CWPPs and Endpoint Detection and Response (EDR) products are now both targeting cloud detection and response use cases despite starting from very different territories, creating too many alerts and requiring too many configurations. Now add Cloud Security Posture Management (CSPM), a pivotal building block that keeps reinventing itself, to the mix along with Application Security (ASPM), Data Security in the cloud (DSPM), and Cloud Infrastructure Entitlement Management (CIEM), and it’s all become too much.
Confused? So am I.
While pundits believe that CNAPP will eventually become the “tool to rule them all,” what are security leaders supposed to do until then? Here are some strategies that can guide the decision-making process:
- Take a holistic approach: Don’t just think of cloud security in terms of shifting left – if anything, shift up to gain a top-down view of the entire cloud lifecycle – from left to right. First, look at cloud security from a routine, everyday perspective: How to prevent critically relevant vulnerabilities from being missed? How to identify all risky connections and compromised postures? Can we harden the environment to protect against these? Next, identify sensitive assets exposed during an incident. And, find out how soon can the team spot the root cause and other critical occurrences?
- Leverage technology innovation: The cloud has introduced a host of emerging technologies that are propelling cloud security forward, but few are as impactful as Extended Berkeley Packet Filter (eBPF). The eBPF can run sandboxed programs in a privileged context without requiring changes to kernel source code or load kernel modules. It offers the attack monitoring capabilities of a robust agent, but with the footprint of a lightweight sensor, overcoming the technological barriers that have hindered effective attack detection.
- Look for ways to simplify the stack: In my experience, building a security architecture is part art, part science, and this conundrum requires both. When faced with intense pressure to act quickly, it’s beneficial to step back, slow down, and work with the team to get clear answers to questions such as: How will this purchase simplify my management burden today? Six months from now? Can I stop using something else in the future? Can I work with an existing vendor to include this functionality into a tool I already have deployed? How well can I convey the value of this purchase to the board? Will this product help align security and DevOps teams? And, how?
Building a cloud security stack takes implementing measures and processes across development and runtime that map to the realities of the environment. Cloud security is complex, so the more teams can simplify, the better. And rest assured, that starts with fewer acronyms, except for the old reliable KISS: Keep It Simple, Stupid!
Dror Kashti, co-founder and CEO, Sweet Security
