Hitachi Application Reliability Centers

Full-Stack Security for Modern Workloads

This thread has been viewed 39 times
  • 1.  Full-Stack Security for Modern Workloads

    Posted 12-07-2022 11:43

    As our customers accelerate their digital transformation journey, they look at adopting cloud-native architecture to build their modern applications. Cloud-native architectures are built using modern tools and technologies like microservices, containerization, immutable infrastructure and DevOps practices to deliver highly resilient, scalable and cost-effective applications. The complexity of ensuring and managing security increases as they continue to adopt more cloud-native architecture to develop their apps across a multicloud environment. 

    The siloed nature and capabilities of multiple overlapping security toolsets across their evolving infrastructure, platform, development and runtime environments does not provide a consolidated view of risk for their security team. Dis-integrated security insights create challenges to effectively handle security risk and compliance to match the rapid pace of software development. This puts added pressure on the security team as it becomes difficult for them to focus on high-priority, high-severity findings in the midst of several low-priority alerts.

    That's where cloud-native application protection platform (CNAPP) provides a unified platform approach to implementing full-stack security across modern workloads. 

    Shift-left with a modern, cloud-native security approach
    According to Gartner, CNAPP is "an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production."

    CNAPP combines the capabilities of multiple point solutions to provide holistic, full-stack security visibility across cloud environments. By intelligently orchestrating the security signals from various cloud security toolsets, e.g., cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), cloud workload protection platform (CWPP), and other DevSecOps tools, security teams can significantly enhance their cyber threat detection and protection capabilities for cloud-native applications. 

    CSPM solutions play a critical role in identifying cloud misconfigurations and track deviations of security controls against specific compliance standards. CWPP provides security visibility and control of cloud-native workloads like VMs, containers and serverless functions by identifying any potentially exploitable security issues within the workload. And with CIEM, security teams can enforce the principles of least privilege access control by effectively managing identities and access entitlements to reduce attack surface.

    Enterprises should adopt a true DevSecOps process by taking a shift-left security strategy. This ensures all cloud-native development artifacts, including IaC scripts, source code, open source components, containers, API declarations and serverless functions are scanned for vulnerabilities, malware and hard-coded secrets to ease the pressure on runtime security requirements. By adopting "security as code" processes, customers can proactively enforce security guardrails to prevent security misconfigurations and compliance violations. It is critical to deploy necessary runtime protection capabilities, including API protection, web application firewalling, DDoS protection, application security monitoring and cloud workload protection to achieve multi-layer security across the software development framework.

    Enterprises should start redefining their thought process from "protecting the infrastructure'' to "protecting the applications" by improving collaboration between security teams and DevSecOps architects to understand the combined security risks that span development artifacts, platform configuration and runtime protection.

    Cloud Security Services, which are part of our Hitachi Application Reliability Centers, takes an integrated security approach by embedding security controls across the infrastructure, development and production environment to truly embrace the principles of cloud-native application protection platforms. 

    How has your approach to security changed as you continue your journey with cloud-native infrastructure? Share your thoughts below. 


    Rajesh Deenadayalan
    Director, Cloud Security Services
    Hitachi Vantara