Cloud-native application protection platforms are a promising approach to securing cloud-based applications without sacrificing development speed. Credit: Getty Images These days cloud application developers are also security engineers. Who did not see this coming, given that application-level security is no longer an option? Also, we are pushing developers to build applications at scale, meaning they are becoming ops engineers and database engineers as well as security engineers, which is scary. The fact that most developers are not security experts is not lost on me. This has led to devsecops practices where developers are given training, tools, and processes to build and deploy more secure cloud-based applications. Of course, anyone who has attempted to implement that kind of cultural change has found that it can’t be done in weeks. It takes months and sometimes years. Emerging concepts out there may help things along. Cloud-native application protection (CNAP) platforms can continuously scan workloads and configurations to find and resolve security issues. They do this during application development, application testing, and application deployment. CNAP, at its core, aggregates two types of security platforms. The first is cloud security posture management (CSPM) platforms, which development organizations already employ to find surface misconfigurations and other vulnerabilities. The second is cloud workload protection platforms (CWPP), which use agent software to protect workloads. CNAP security policies are applied to any workload centrally. This includes microservices-based applications, container-based ones, or legacy applications, which are all in redevelopment or development these days. Centralized security processes make use of agent software to enforce predefined security policies. Moreover, they continuously scan applications and application environments for security concerns that fall outside of set policies. These policies typically are not defined by the developers but by the core enterprise security team. What does all this mean? More simply put, this is continuous scanning for security issues using centralized policies that are directly related to both security and governance. A continuous security scan might identify APIs that remain open but should be closed for security reasons, for example. Or encryption that is not being carried out when data is moving from applications to databases. Usually, small things can lead to big problems. It’s well understood that the faster you build and deploy applications, the larger the attack surface they typically have. Continuous security scanning should allow you to still crank out cloud-based applications yet remain secure—at least, secure in terms of how the policies are set. My advice is to look at this technology if you’re doing cloud-based development and want to do it at speed. In these days of the post-pandemic rush to cloud platforms, this may be something you’re overlooking or have yet to understand the associated risk. I’m never impressed by acronyms (CSPM, CNAP, etc.) that appear on the scene. They are typically built on existing well-understood concepts, and these are no different. I am, however, always willing to leverage a good idea no matter what it’s called. Policy-based security scanning is a reality and your development team should consider it. Related content feature What is Rust? Safe, fast, and easy software development Unlike most programming languages, Rust doesn't make you choose between speed, safety, and ease of use. Find out how Rust delivers better code with fewer compromises, and a few downsides to consider before learning Rust. By Serdar Yegulalp Nov 20, 2024 11 mins Rust Programming Languages Software Development how-to Kotlin for Java developers: Classes and coroutines Kotlin was designed to bring more flexibility and flow to programming in the JVM. Here's an in-depth look at how Kotlin makes working with classes and objects easier and introduces coroutines to modernize concurrency. By Matthew Tyson Nov 20, 2024 9 mins Java Kotlin Programming Languages analysis Azure AI Foundry tools for changes in AI applications Microsoft’s launch of Azure AI Foundry at Ignite 2024 signals a welcome shift from chatbots to agents and to using AI for business process automation. By Simon Bisson Nov 20, 2024 7 mins Microsoft Azure Generative AI Development Tools news Microsoft unveils imaging APIs for Windows Copilot Runtime Generative AI-backed APIs will allow developers to build image super resolution, image segmentation, object erase, and OCR capabilities into Windows applications. By Paul Krill Nov 19, 2024 2 mins Generative AI APIs Development Libraries and Frameworks Resources Videos