Developer-led companies are innovating with unprecedented speed and agility, and are focusing on software investment, which is both a capability and a competitive advantage.
Enterprises continue to modernize their
software development lifecycle and use modern tools and processes, such as DevOps, containers, and other cloud-native architectures. This growth is accompanied by an increasing diversified cloud footprint, which ultimately doubles the number of entities that need to be protected during production and throughout the application life cycle.
As companies gradually automate more cloud infrastructure construction processes, they are adopting and creating new infrastructure-as-a-code (IaC) templates. Without the help of the right security tools and processes, these infrastructure building blocks have a lot of holes when they are created. The Spring 2020 Cloud Threat Report published by Unit 42 found that nearly 200,000 insecure IaC templates are being used by enterprises around the world. These vulnerabilities pose major security risks.
Due to the gap between visibility and
security protection, different security methods that lack consistency in controlling applications, data, and infrastructure are not effective. To complicate matters further, each operational level is independent, and security issues will no longer be solely the responsibility of the security team.
Aspirants (at the same time integrating cloud-native security platforms)
The growth of
cloud-native infrastructure and the accompanying security challenges has spawned cloud security, and our goal is to create a comprehensive cloud-native security platform (CNSP). Enterprises want to ensure that they can deploy both the Cloud Security Situation Management (CSPM) solution and the Cloud Workload Protection Platform (CWPP).
The security team needs to continuously monitor the cloud configuration while also protecting the continuous operation of devices (virtual machines, containers, and serverless) above the infrastructure. A unified platform can help enterprises extend their security work throughout the entire life cycle and the full stack.
Safe front function
IaC scanning: Provides out-of-the-box and custom strategy scanning of IaC templates for insecure configurations, allowing customers to bring innovative products to market faster without worrying about the security of
cloud-native applications and workloads. Now Prisma Cloud users can use a variety of security front-end plugins to meet various customer environments and needs, including IDE (IntelliJ, VSCode), SCM (GitHub) and CI/CD (AWS CodePipeline, Azure DevOps, CircleCI, GitLab, Jenkins) . Other plugins such as GitLab and BitBucket will also be available soon.
Central CI/CD policy management: Customers can now set vulnerability and compliance policies directly from the Prisma Cloud centralized dashboard to manage CI and CD workflows. Customers will also be able to view and write IaC policies in the Prisma Cloud policy dashboard. The out-of-the-box IaC strategy complies with the Internet Security Center (CIS) standards that AWS, Azure, and GCP are required to comply with. These updates help further simplify cloud-native security features and integrate cloud risk management.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
