One ring to rule them apps....or rather, if Palo Alto has its way, one platform. Nir Zuk, the company’s founder and CTO, argued a “platform approach” to cloud security can unify security (SecOps) and developer teams (DevOps) behind the common goal of meeting the evolving needs of enterprise cloud infrastructure.
Speaking during Palo Alto’s Code to Cloud event last week, Zuk noted organizations are hopping on the cloud security wagon, unleashing a new market of possibilities but also challenges that are leaving security teams caught in the dust behind developers. A recent Palo Alto Unit 42 report confirmed that while 80% of survey respondents say their cloud infrastructure is evolving, 77% of organizations say aligning security tools with security goals is challenging.
Zuk claimed Palo Alto’s platform approach offers two key opportunities: the ability to start security much earlier on in the cycle with code to cloud, and the ability to do that in a consolidated cloud security platform, “which makes us much more scalable, much more secure,” said Zuk.
Holistic cloud security platforms are relatively new and not available from many vendors, Zuk said. Instead, the code-cloud security industry is set up right now with individual solutions to individual challenges that aren’t outcome oriented.
“A lot of marketing power has tried to push individual solutions,” said Zuk about the current cloud market. “[Founders and investors] try to solve more problems with a lot of money, go and sell individual solutions and then exit by selling to bigger companies. Changing that is very, very hard as a platform provider... I think we are on the right side of history and those that are trying to solve little things with different solutions are going to end up on the wrong side of history.”
Platform approach: outcomes over individual challenges
At the end of the day, an organization may end up with a code- cloud platform, so “why not do it from the get-go?” Zuk asked. The platform approach is expected to be more secure because you don't have a “split brain” working on different things, he added.
“It’s addressing outcomes versus addressing individual challenges with three or four letter acronyms… the three or four letter acronyms of things that ‘you must buy and you cannot live without’. I think that's wrong,” Zuk said.
Instead, Zuk argued Palo Alto’s platform approach carries the traditional advantages of one vendor — it’s easier to buy, easier to deploy and easier to operate, rather than buying solutions that fail to connect the entire infrastructure during an organization’s different stages of code to cloud.
Not only does a platform approach allow you to have one centralized platform, “but also [you] have the ability to stitch together the security aspects and the security risks of all the different players into something that’s more cohesive and that makes sense,” said Palo Alto’s Guy Eisenkot, VP of Product, Prisma Cloud.
Prisma Cloud: securing an entire lifecycle
A fair share of organizations (76%) say the current number of cloud security tools they use create blind spots, according to Unit 42’s report. Palo Alto plans to introduce stronger visibility capabilities to Prisma Cloud, its Cloud-Native Application Protection Platform (CNAPP) to dissolve gaps and limitations between security and engineering teams.
“What we're about to introduce into Prisma Cloud are some very strong capabilities around gaining visibility into the engineering ecosystem, mapping the attack surface, providing the practitioner with a very comprehensive level of understanding of what the engineers are doing and enabling them to have very informed conversations with those engineers,” Palo Alto’s Daniel Krivelevich, CTO of application security said alongside Segal during the summit.
The emerging code to cloud market is sure to shake up the future of shared infrastructure between security and DevOps teams — “And that's the opportunity from a CNAPP perspective: how do we bring four or five different things that don't have anything else in common except for the fact that they all use the same shared infrastructure?” Palo Alto’s Prisma Cloud CTO Ory Segal asked.
“How do we have [teams] use a single inventory to see all their assets and growing policies consistently, to be able to drive time or communicate collaboratively about the threat landscape,” Segal concluded. “Those are the biggest opportunities I've seen with this market emerging.”
Back in January, Dell’Oro Group Research Director Mauricio Sanchez told Silverlinings CNAPPs will play a key role in the cloud security landscape in 2023 — the firm predicted the cloud workload security market will top $6 billion this year, a 300% increase from $1.5 billion in 2020.