Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Multi-Cloud Complexity Driving Use of Cloud Native Application Protection Platforms
August 28, 2023
The Cloud Native Application Protection Platform (CNAPP) has emerged as a critical category of security tooling in recent years. According to the CNAPP Survey Report, commissioned by Microsoft, CNAPP's popularity has been driven by the complexity of comprehensively securing multi-cloud environments and their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), and Cloud Infrastructure Entitlement Management (CIEM), network security, and secure DevOps.
"When considering the challenges facing today's businesses, people and technology take center stage. On one hand, companies need to bolster the workforce with well-trained security professionals who understand their roles and responsibilities. On the other hand, there's a pressing need for effective technology and tooling that both addresses the rapidly evolving landscape of cybersecurity threats while effectively supporting security teams," said Hillary Baron, lead author and Senior Technical Director for Research, Cloud Security Alliance. "It's clear that today's multi-cloud environments are increasingly complex, and enterprises must find ways to comprehensively address their security posture."
"Many traditional security solutions still in use today just aren't capable of adequately protecting increasingly dynamic and distributed multi-cloud strategies. As organizations navigate their path in the cloud, it's imperative that they leverage solutions that offer an integrated approach to security. In doing so, they can better prepare themselves to handle the complex cybersecurity challenges of today and the future," said Adwait Joshi, Director of Cloud Security product marketing at Microsoft.
Among the survey's key findings:
Cloud Native Application Protection Platform
Three out of four organizations are opting to use CNAPP to protect their multi-cloud environment. A majority of organizations (75%) have either implemented or plan to implement CNAPPs in their cloud environments. One of the driving factors behind this move is the prevalence of multi-cloud strategies — 84% of organizations reported that they utilize two or more cloud environments.
Cloud Security Posture Management
Security teams are demanding clear-cut information for proper prioritization. A flood of security alerts has made it difficult for security teams to manage and prioritize security enhancements. 32% of respondents disclosed that they're struggling with prioritizing security improvements due to the overwhelming—and often incorrect—information they receive. Moreover, 34% find themselves buried under security recommendations, while an equivalent percentage lacks contextual or actionable insights to make informed decisions.
DevOps Security
Despite growing recognition the importance of DevOps security, expertise and talent shortages are hindering progress. Despite the trend toward shift-left security and DevSecOps, the incorporation of robust security measures within DevOps is still in its early stages, with significant obstacles hindering full integration. Currently, 51% of organizations are in the process of integrating security into their DevOps practices, with only 35% reporting complete integration. The primary challenges include lack of security expertise (46%), insufficient automation (43%), an excessive number of false positives (42%), and lack of actionable feedback (42%).
Cloud Workload Protection
Challenges around incident response come back to people, process, and technology. The lack of manpower was identified as a significant challenge by 25% of respondents; an absence of formal response plans was reported by 29% of organizations; and 39% reported the lack of automation as a key challenge.
Network Security
The most mature implementation, yet threat detection remains a challenge. Network security, out of all the categories, was the most mature. 43% of respondents reported full integration in a multi-cloud environment for network security, compared to just 28% CSPM. While the growing popularity of zero-trust strategies may be a key driver behind this level, organizations are still facing key challenges in network security, particularly concerning threat detection and the management of a large volume of security alerts.
Cloud Infrastructure Entitlement Management
Just under half (43%) of organizations identified misconfigurations of permissions as their top concern. This prevalent issue can have serious repercussions, potentially leading to unauthorized access and even catastrophic data loss. Misconfigurations can inadvertently expose sensitive data or grant unnecessary privileges, creating openings that could be exploited by malicious actors
Methodology: The survey, conducted in April 2023, gathered more than 1,200 responses from IT and security professionals from various organization sizes, industries, locations, and roles. Sponsors are CSA Corporate Members who support the research project's findings but have no added influence on the content development or editing rights of CSA research.
Industry News
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
April 29, 2024
OpenText™ announced a solution to long-standing open source intake challenges, OpenText Debricked Open Source Select.
April 29, 2024
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.
April 29, 2024
Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat.”
April 25, 2024
JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
April 25, 2024
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.
