Gartner released its April 2019 Market Guide for Cloud Workload Protection Platforms, which focuses on emerging trends in cloud native infrastructure and how organizations should secure VMs, containers, and serverless workloads. In the report, Gartner acknowledges Twistlock as a Representative Vendor for Cloud Workload Protection Platforms.*
Download now: The full Gartner report is available on the Twistlock website here.
Defining Cloud Workload Protection Platforms
As enterprises leverage VMs, containers, and serverless workloads in public and private clouds, they need to implement a security strategy and tooling that meet the specific requirements for their cloud native applications and workloads.
In the Market Guide for Cloud Workload Protection Platforms, Gartner states:
“The future of most enterprise data centers is a hybrid, multicloud architecture. Require CWPP offerings to protect physical machines, VMs, containers and serverless workloads — all from a single console and managed from a single set of APIs.”
Latest Cloud Workload Protection Takeaways
At Twistlock, we wanted to take some time to offer what we believed were some of the key takeaways that the market guide discusses.
Organizations have more compute options than ever before, each with specific security requirements: Twistlock has used the Continuum of Cloud Native Topologies to represent the various configurations, qualities, and architectures that organizations leverage today to run their workloads and applications. As organizations manage and grow their cloud native footprint, they should focus on the specific security requirements for each technology stack.
In the graphic above, titled the Evolution of Workload Abstractions, Gartner references characteristics about various workloads, including notes about virtualization and life span — each workload abstraction includes unique tradeoffs and security requirements that should be addressed.
Container security needs to be addressed now, not in the future: Gartner mentions that a majority of enterprises are piloting or using container-based applications. The immutability of containers, along with their portability, requires a new approach to security not found in legacy tooling. Because the requirements for securing containers, and the orchestration layer like Kubernetes, are different than traditional VM workloads, organizations need to implement container security tooling that addresses their security requirements both across the application lifecycle and up-and-down the entire containerized stack.
Newer architectures present new security challenges, especially at runtime: Infrastructure teams and security teams need to understand how CaaS, OaaS, and serverless computing impact how an agent can be installed and who is responsible for managing the underlying host:
- Containers-as-a-Service (CaaS) offerings have been growing throughout the last two years. While infrastructure teams transfer some or all of the work for managing the underlying host to the cloud or platform provider, managed Kubernetes offerings still need to be configured properly. In addition, users are still responsible for securing their code in the build and at runtime.
- Orchestration-as-a-Service (OaaS), which we like to refer to as on-demand containers, is still in its infancy, but growing. Platforms like AWS Fargate and Azure Container Instances, which don’t rely on Kubernetes, require new architectures to provide security at runtime by embedding security within the application or Fargate task.
- Serverless computing continues to rise as organizations adopt AWS Lambda and other emerging function platforms. Serverless computing provides a way to deploy snippets of code aka functions triggered by predefined events. When serverless technology is deployed correctly, it can save money, time, and resources—all while allowing developers to focus on writing code rather than solving infrastructure issues. At the same time, security teams can be challenged to identify vulnerabilities, locate misconfigurations, and protect serverless functions at runtime.
DevSecOps is central to securing cloud native applications: Developers and DevOps teams play a key part in the security of cloud workloads. The practice of DevSecOps embeds security right into today’s modern workflows in an automated and scalable way. By integrating with the tools developers are already using, like Jenkins or CircleCI, standards set by security teams are continually applied as part of the build and deploy process.
DevSecOps provides benefits to offer quick feedback to developers and keep insecure or non-compliant workloads out of production. Security can set quality gates around security and compliance and automate these checks as part of the CI process. Thus, developers can fix security vulnerabilities and compliance issues while they’re still in development of a feature, rather than releasing vulnerable code to production.
Recommendations for organizations evaluating a CWPP vendor: In the Market Guide for Cloud Workload Protection Platforms, Gartner offers the following evaluation criteria for evaluating potential vendors:
- Diversity of workload types supported
- Use of analytics and machine learning
- Console and integrations
- Integration into the development pipeline
- Licensing flexibility
- Other CWPP market adjacencies
The Twistlock approach
Twistlock continues to be the single platform that protects your entire environment , starting from the creation of the resource by a developer, through testing and deployment, and during runtime in production.
Twistlock leverages vulnerability data from over 30 unique data sources, to integrate powerful data with real-time scanning and behavioral learning of your entire environment, creating the most intelligent and future-proof security platform for the cloud journey. Along with the intelligent rules that are generated automatically, customers can also explicitly whitelist and blacklist specific commands, processes, and network traffic within their environment.
Whether your organization is currently on-premises, employing a mix of hybrid cloud technology and on-premises resources, or all in on cloud-native technologies, Twistlock will protect all your assets in their entirety. Twistlock gives you full control and confidence to deploy your applications in the cloud and keep them up and running securely.
Twistlock prides itself on it’s own cloud-native heritage, merging the ideals of simple deployment, APIs for everything, agility, efficiency, and control. The foundation of the platform is security through automation and AI, so it’s constantly learning about your entire environment and intelligently determining the best course of action automatically. This automation and simplicity makes this the only security platform that not only provides visibility, but active prevention before your applications are compromised. The core principles that give you full control of the rules, policies, configuration, and actions within the platform also drive the full control of the data about and within your environment – all the data is stored in your data stores and fully managed by you.
To learn more about cloud native security and how it aligns with cloud workload protection, download the full Gartner report is on the Twistlock website here.
*Gartner, Inc., Market Guide for Cloud Workload Protection Platforms, Neil MacDonald, 8 April 2019.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
- Application Security
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
How to Lock Down the Kernel to Secure the Container HostRead the Blog
One Chapter Ends, Another BeginsRead the Blog
The Greatest Security Risks Lurking in Your CI/CD PipelineRead the Blog
Cloud Platform Radar: Powerful Cloud Asset IdentificationRead the Blog
Securing Serverless Functions: Visibility with Serverless RadarRead the Blog