Cloud usage has become the norm for enterprise IT. According to the 2020 IDG cloud computing survey1 which polled over 550 IT decision-makers, 81% of respondents reported using computing infrastructure or having applications in the cloud.
Many also said they expect to see an acceleration in the migration of software application development and deployment to the cloud, with 48% saying that they will shift to cloud-hosted infrastructure as a service (IaaS), and 50% to cloud-hosted platform-as-a-service (PaaS).
The cloud provides an easy way for development teams to build test environments and prototype solutions quickly, without having to go through the upfront costs and hassle of procuring hardware. Serverless, cloud-native architectures are not tied to any hardware components, and developers are able to make frequent changes without affecting other parts of the application.
This dovetails nicely with DevOps, a set of practices that combines software development and IT operations and seeks to shorten the systems development life cycle through continuous integration and continuous delivery (CI/CD).
Today, the cloud provides developers with more options than ever before for building and running applications and services. According to Palo Alto’s State of cloud native security report 20202, 90% of organisations are using more than one cloud platform and a combination of compute architectures. Virtual machines (VMs) account for 30% of workloads, containers 24%, container-as-a-service (CaaS) 21% and platform-as-a-service (PaaS) 22%.
By allowing applications to be built and tested on various environments, and removing the need for physical machines for testing, the cloud simplifies the implementation of DevOps, enables development teams to save time and optimises costs by allowing resources to be utilised on-demand.
However, as more enterprises embrace DevOps, security teams are starting to realise that their tools are not ready for the dynamic, infrastructure-agnostic patterns of the cloud environment.
As pointed out in an ISACA blog3, managing security within the cloud environment is complex. It requires visibility across the entire cloud-native technology stack, applications and data, the entire application lifecycle, as well as the multi-cloud and hybrid cloud infrastructure.
Many enterprises have responded by deploying multiple security tools to address issues that arise in different parts of the technology stack. According to the Palo Alto report, 57% of teams reported using more than five security tools, with the number going up to 11 or more in some cases.
This in itself presents a security conundrum as enterprises find themselves managing multiple tools and vendors, which increases complexity and costs and creates new blind spots where the tools are not integrated. The proliferation of tools also makes it difficult to enforce consistent security policies across multi-clouds and application development cycles.
A better solution to this, suggests Gartner4, would be to take a workload-centric approach to security, undergirded by a unified cloud-native security platform that can envelop the entire CI/CD lifecycle and integrate with the DevOps workflow. Gartner calls this the cloud workload protection platform (CWPP).
A cloud-native security platform is designed to allocate resources to inspect traffic and respond to threats instantaneously, because it runs in the same elastic and distributed fashion that cloud applications run.
According to Gartner, at runtime, the CWPP protects the workload from attacks using a combination of system integrity protection, application control, memory protection, behavioural monitoring, host-based intrusion prevention and optional anti-malware protection.
A unified cloud-native security platform also helps to strengthen the enterprise’s security posture by sharing context about the infrastructure, users, development platforms, data and application workloads across platform components. Once enterprises have wider and deeper visibility into their assets and resources, they will be able to apply a consistent, metadata-based security policy across the entire infrastructure, be it public, private or hybrid.
By providing coverage across the different compute options, cloud environments and application development lifecycles, a cloud-native security platform allows enterprises to choose the right compute options for any given workload, without having to worry over how to integrate solutions for security, and without impeding the agility and flexibility that drives DevOps and digital transformation.
Speak to us to enhance your cloud security.
1 IDG, 2020 Cloud computing survey, June 8 2020.
2 Palo Alto Networks, The state of cloud native security.
3 Palo Alto Networks, Cloud native security: A blue ocean, October 23 2020.
4 Gartner, Market guide for cloud workload protection platforms, July 9 2020.
