Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Networking

    Zscaler’s CNAPP Platform Focuses on DevOps and Security

    This shift to cloud native requires integrating multiple security capabilities into a single platform.

    By
    Zeus Kerravala
    -
    August 26, 2022
    Share
    Facebook
    Twitter
    Linkedin
      enterprise IT

      At its recent Zenith Live conference, cloud security provider Zscaler launched its new cloud native application protection platform (CNAPP) solution, called Posture Control.

      For those not familiar with CNAPP, it’s a consolidation of different point products that businesses use to achieve their cloud security objectives. CNAPP makes Information security (InfoSec) teams more efficient in public cloud risk mitigation by pulling in signals from different sources to help identify and prioritize vulnerabilities.

      Zscaler’s differentiator is that it built Posture Control from the ground up, with a single data store and risk driven prioritization to help the InfoSec team be more efficient. The data is generated from the company’s Zero Trust Exchange that processes billions of transactions a day.

      For most businesses, cloud is the primary way forward as the flexibility and agility it offers can be incredibly powerful from an innovation standpoint. However, if not properly managed, vulnerabilities can spread across the enterprise quickly. InfoSec teams are in a difficult spot, where they’ve lost control that they once had as gatekeepers for apps and services. Today, software development and IT operations (DevOps) can easily launch new apps and services to the cloud with no such gate in place.

      For this reason, every organization should be thinking about protecting assets that live in the public cloud by identifying vulnerabilities as early as possible, even before an app or service goes into production. The ultimate goal is building security into the development process. It helps the overall health of the business—how it competes and goes to market.

      In my latest ZKast, I interviewed Rich Campagna, senior vice president and general manager of CNAPP at Zscaler, where he oversees strategy for securing public cloud infrastructure and workloads. CNAPP allows organizations to build, deploy, and run secure apps in the public cloud. Campagna explained how CNAPP can help organizations maintain the pace of innovation in the public cloud, while effectively mitigating security risks. Highlights of my ZKast interview, done in conjunction with eWEEK eSPEAKS, are below.

      Also see: Top Cloud Companies

      • CNAPP allows InfoSec teams to collaborate with DevOps teams by integrating into the development lifecycle. Organizations can start to identify risks from the time a developer writes code all the way through to the app’s deployment and run phase. It doesn’t just scan what’s in the cloud, but what’s going to be in the cloud across the entire lifecycle and providing remediation.
      • As organizations move to the cloud, more of the security responsibility is shifting to developers. Developers have the power to provision apps and services to the cloud with a few clicks. While this can be seen as a major challenge for InfoSec teams, it’s also an opportunity for a more strategic approach to security where both teams work together to mitigate risks.

      Also see: Why Cloud Means Cloud Native

      • CNAPP not only helps secure apps, but also the development process. The policies that CNAPP provides are oriented around things like misconfigurations and other types of issues. That’s the foundation layer. Above that is the app and data-centric layer, such as scanning for vulnerabilities. So, issues can be identified even before apps and services get deployed.
      • CNAPP can be integrated into the native workflows that DevOps already use. Through tight integration, vulnerabilities can be identified without deploying additional tools. InfoSec teams can see exactly what the issue is and how to fix it, while developers can continue to launch services without interruption.
      • CNAPP isn’t a panacea for all security issues. It specifically targets workloads that are running in public cloud environments. All CNAPP vendors support the three major cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Ultimately, every organization is responsible for its security, not the public cloud providers.
      • CNAPP scans data that has been deployed across public clouds and then identifies the data source code, since it’s an important part of the risk equation. CNAPP also scans core vulnerabilities in containers, virtual machines (VM), serverless functions, and assets. It looks at the underlying infrastructure and what’s running inside that infrastructure.
      • There are a number of cloud security tools on the market today, such as cloud security posture management (CSPM) and cloud workload protection platform (CWPP). Yet, organizations don’t want to run a dozen different security tools to protect their public cloud infrastructure. That’s why CNAPP is used to eliminate some of the other tools.

      Also see: Top Edge Companies 

      Zeus Kerravala
      https://zkresearch.com/
      Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions. Kerravala is considered one of the top 10 IT analysts in the world by Apollo Research, which evaluated 3,960 technology analysts and their individual press coverage metrics.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×