What is a Cloud-Native Application Protection Platform (CNAPP)?

CNAPP is a new cloud security approach defined by Gartner that emphasizes the need for unified lifecycle security as opposed to patchwork solutions. CNAPP encompasses a wide set of overlapping tools spanning development and production, including but not limited to: Infrastructure as Code (IaC) scanning, cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM). The Ermetic platform provides a strong entry point to CNAPP.

The Purpose of the Cloud-Native Application Protection Platform (CNAPP) Model

According to Gartner, “The unique characteristics of cloud-native applications makes them impossible to secure without a complex set of overlapping tools spanning development and production”. The analyst group recommends that instead of siloed solutions, organizations adopt technologies that provide full coverage and visibility into multicloud environments and detect security and compliance risks across the tech stack, including cloud configuration, workload and identity. Additionally, organizations should ‘shift-left’ to identify risk early in the development lifecycle.

Cloud-Native Application Security Challenges

CNAPP simplifies cloud security by combining the capabilities of tools such as: Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Cloud Infrastructure Entitlement Management (CIEM) in one platform. However, en route to pursuing CNAPP adoption, organizations face multiple complexities and business challenges:

  • Lack of visibility: Silos, gaps and other complexities make it difficult to gain visibility and insights into all cloud assets and applications, extending from development to runtime.
  • Inadequate risk monitoring: The lack of centralized cloud security management makes it difficult to holistically assess, prioritize and mitigate risk across the full product lifecycle.
  • Siloed roles and responsibilities: Security and DevOps teams independently using multiple stitched-together tools can negatively impact the journey to cloud-native security at scale.

Ermetic offers a strong starting point on your path to CNAPP. See how Ermetic’s holistic identity-first platform can help you understand and reduce your cloud-native security risks.

Organizations have manually stitched together DevSecOps with 10 or more disparate security tools — some new and some old — each with siloed responsibilities and a limited view of application risk.

Gartner, Inc, Innovation Insight for Cloud-Native Application Protection Platforms Report August 2021

Continuously Manage Access Risk

The Ermetic platform provides a strong entry point to CNAPP by delivering cloud native, context-aware security for AWS, Azure and GCP – achieved via a unique combination of cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM). Ermetic provides deep visibility and actionable risk intelligence, automated remediation, real-time anomaly detection and compliance across your multicloud environment.

With Ermetic, Security, DevOps, DevSecOps and IAM stakeholders can work together to govern access, improve cloud security posture and achieve least privilege, without impact to application continuity or speed to market.

  • Deep visibility & full inventory
  • Anomaly & threat investigation
  • Auto-remediate & shift left
  • Governance & compliance

Maintain Compliance and Access Governance

A cloud environment can be compliant with industry standards and best practices yet not be secure. Ermetic enables organizations to proactively detect and automatically remediate both compliance and security risks. Security stakeholders can ensure compliance with industry standards, audit and investigate access on evolving threats, and generate fully customized reports.

  • Carry out continuous compliance audit including for CIS, GDPR, HIPAA, ISO, NIST, PCI and SOC2
  • Generate detailed reports for asset inventory, network configurations and activity audits
Ermetic provides an audit trail of JIT-related activity
Ermetic provides an audit trail of JIT-related activity

Enable Shift-left Cloud-Native Security

Ermetic allows to shift-left by defining and enforcing automated guardrails for cloud identities, resources and network configuration. Security and DevOps can effectively achieve identity-centric security strategies like least privilege and zero trust at scale.

The platform uniquely remediates detected risks via auto-generated least privilege access policies sent through standard workflows, including ticketing systems, CI/CD pipelines and CloudFormation and Terraform snippets – all to reduce the cloud attack surface and blast radius in case of a breach.

  • Enforce automated guardrails for identities, resources and network configuration
  • Facilitate workflows integrations with customizable policy templates
  • Define just-in-time access for developers and DevOps

Learn How AppsFlyer is Remediating Risk Using Ermetic

With Ermetic, we immediately saw the risks to our environment and could quickly remediate them. No other solution provided this type of deep visibility into access entitlements and publicly accessible resources.”

Read the Case Study

Hear from Our Customers

Read Case Studies
Larry Viviano Director of Information Security, IntelyCare

If I didn’t have Ermetic to manage my cloud security, I probably would need an additional two or three headcount in order to do that manually.

IntelyCare x Ermetic
David Christensen Senior Information Security Executive

This is one of the few platforms I’ve brought into the cloud that has had actionable efforts in under 30 days. From a return on investment perspective, it was one of the best decisions we made.

Dominic Zanardi Security Engineer, Latch

If we didn’t have Ermetic analyzing roles, policies and network configuration, that would easily be an additional three to four analysts. It’s saving us hours and head count.

Eugene Gorelik VP Engineering at Airslate

Ermetic has allowed us to concentrate on our business rather than on concentrate just on the cloud security.