![\"Prisma](\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/05\/prisma_gartner-trends-2020_lp-1400x585-1.png\")
<\/span><\/div><\/p>\nSecurity professionals are being deluged by a profusion of tools \u2013 there seem to be point tools for nearly every single issue. Thankfully, there are platforms that smartly package these tools into more comprehensive solutions. The trend many are seeing now, though, is that these platforms have so far only focused on certain parts of the software development lifecycle. What many security teams need are simpler, full lifecycle approaches to secure cloud native applications.<\/span><\/p>\n I want to highlight a trend of consolidating cloud security posture management (CSPM) and cloud workload protection platforms (CWPP) into the emerging area of cloud native application protection, which offer a full lifecycle approach and simplify security. In addition, I'll present subsequent recommendations stemming from the consolidation.<\/span><\/p>\n Palo Alto Networks was recently listed by Gartner in \u201cTop Security and Risk Management Trends\u201d as one of three sample vendors converging <\/span>CWPP<\/span><\/a> and CSPM capabilities across development and production, including container\/serverless protection.<\/span><\/p>\n <\/p>\n Cloud native applications present tremendous challenges for security and risk professionals:<\/span><\/p>\n DevOps and infrastructure teams are leveraging microservices \u2013 using a combination of containers, Kubernetes and serverless functions \u2013 to run their cloud native applications. This growth is happening in conjunction with a constantly increasing cloud footprint. This combination leads to a larger number of entities to protect, both in production and across the application lifecycle.\u00a0<\/span><\/p>\n <\/p>\n Public and private cloud environments are constantly changing due to the rapid-release cycles employed by today\u2019s development and DevOps teams. As enterprises deploy weekly or even daily, this presents a challenge for security personnel looking to gain control over these deployments without slowing down release velocity.<\/span><\/p>\n <\/p>\n Enterprises are using a wide-ranging combination of public and private clouds, cloud services and application architectures. Security teams are responsible for addressing this entire infrastructure and how any gaps impact visibility and security.\u00a0<\/span><\/p>\n <\/p>\n In order to secure cloud native applications and cloud environments, security controls need to be addressed before deployment. This includes integrating vulnerability scanning and hardening checks into integrated developer environments (IDEs), security configuration management (SCM), continuous integration (CI) workflows and image registries to quickly pass feedback to the development teams and address security issues before deployments.\u00a0<\/span><\/p>\n Additionally, protecting cloud environments and running applications is a top requirement for modern enterprises. Security teams need to continuously monitor cloud configurations, while also protecting the VMs, containers and serverless applications running on top of that infrastructure.<\/span><\/p>\n This is where a consolidated platform helps organizations scale their security efforts, both across the lifecycle and up and down the entire stack.<\/span><\/p>\n <\/p>\n Recently, Gartner published \u201cTop Security and Risk Management Trends,\u201d highlighting key themes and requirements for security and risk professionals. In the report, Gartner states:<\/span><\/p>\n \u201cAs a result of the protection needs of cloud-native applications, the CWPP and CSPM market are rapidly converging into cloud-native application protection platforms. Support for scanning of containers and serverless functions in development is becoming a mandatory requirement for any CWPP. Runtime protection of containers and serverless functions is also becoming a requirement. CSPM across development and runtime is becoming a requirement.\u201d<\/span><\/p>\n In the report, under Trend No. 8, we think Gartner includes recommendations for security and risk management (SRM) leaders looking to improve their cloud workload protection. Here are a few key recommendations that Palo Alto Networks has chosen to summarize:<\/span><\/p>\n <\/p>\n In November 2019, Palo Alto Networks announced that Prisma Cloud was <\/span>the industry\u2019s most complete Cloud Native Security Platform<\/span><\/a>, officially combining best-in-class capabilities from evident.io, RedLock, PureSec and Twistlock to address the needs that organizations have across CSPM and CWPP. And in the second half of 2020, Prisma Cloud will strengthen its capabilities, adding identity-based microsegmentation for applications running on any cloud, through the integration of the <\/span>recent acquisition of Aporeto<\/span><\/a>.<\/span><\/p>\n We\u2019re proud to be formally mentioned in this report, as we strongly feel our capabilities map directly to the suggested requirements for cloud native application protection.<\/span><\/p>\nIt Can Be Challenging to Secure Cloud Native Applications<\/strong><\/h2>\n
A larger number of entities to secure<\/h6>\n
Environments are constantly changing<\/h6>\n
Architectures are diverse, spanning multi- and hybrid-cloud environments<\/h6>\n
The Need for Integrated Security Across the Application Lifecycle<\/strong><\/h2>\n
An Emerging Category: Cloud Native Application Protection Platforms<\/strong><\/h2>\n
\n
We believe Palo Alto Networks is well-positioned to secure cloud native applications.<\/strong><\/h6>\n