Eight years ago, Amir Jerbi and I founded Aqua Security with the aspiration of creating a better approach to securing modern cloud applications. While our journey initially focused on securing Docker technology, digital transformation and a changing threat landscape drove us to innovate further and eventually pioneer a new category known as CNAPP (Cloud Native Application Protection Platforms).
Today we still see security too often being treated as an afterthought or viewed as a roadblock when modernizing cloud applications and infrastructure. The reality is that security can serve as the biggest accelerator to a return on investment during the modernization process. For this reason, businesses are seeking out the expertise of Accenture, a leading force in enhancing security practices during cloud migration, digital transformation, and implementation of DevSecOps. I’m proud to announce that we formed a deep partnership with Accenture to ensure the safeguarding of their clients’ cloud applications across the entire lifecycle of development and production – from code to cloud and back.
When it comes to cloud security, it’s not just about using the right tools. People and processes matter just as much. Accenture’s expertise as forward-thinking security advisors and cloud transformation leaders aligns seamlessly with our mission. Reimagining security and cloud transformational services has made Accenture a trusted advisor and has firmly placed them as the leading experts in the field of consulting and systems integration. Their customer-first and outcome-driven approach is vital to the success of any security enabled cloud modernization project. Through mutual respect and a shared mission of securing the massive shift to cloud native computing, Accenture and Aqua have built a strategic partnership to serve enterprises around the globe.
I sat down recently with our partner and highly regarded cyber industry veteran, Rex Thexton, Senior Managing Director of Cyber Protection Services at Accenture. He shared his perspective on the different security challenges this new paradigm in cloud native computing presents to the market, and he discussed how the partnership with Aqua is addressing the challenges of a rapidly evolving business landscape driven by cloud technology. Our conversation provides a glimpse on how Accenture and Aqua harmonize efforts to navigate this complexity to deliver effective solutions.
Accenture is starting to focus on what it calls MySecurity for Cloud Native Application Protection (CNAPP) – can you explain a bit about what this means?
MySecurity is a broad idea around how we are evolving and securing modern workloads for our customers. By taking the approach to reduce the drag of technical debt and increase service quality. MySecurity for CNAPP is a set of offerings that brings comprehensive services and expertise to secure cloud native applications, infrastructure as code, containers and serverless functions.
Why is MySecurity for CNAPP a priority now?
The increased attacks on applications and the elevated cost associated with data breaches is the catalyst for prioritization. By securing the code, so be it throughout the development lifecycle or infrastructure, we can increase resilience and ideally reduce cost / rework. Many clients on their cloud journeys are past how I build in cloud and now transitioning to how do I enhance my cloud security. Dynamic between DevOps and Security has shifted with the transition to cloud where they need to be interlocked.
Can you describe the shift that you’re seeing companies make to cloud native? And what is their reliance on hyperscalers?
The shift that companies are making towards becoming cloud native is a strategic response to the growing demand for scalable, agile, and reliable application deployment. Cloud native refers to an approach where applications are designed, built, and operated using cloud services and technologies to leverage the benefits of the cloud environment fully.
This transition involves a few key components. The utilization of Cloud Services allows companies to focus on their core business logic while offloading infrastructure management to the CSPs. Cloud native applications help businesses take advantage of the cloud and companies are rearchitecting their applications to be cloud native. This means designing applications to be modular, scalable, and resilient, often using microservices architecture. These applications can be easily scaled up or down based on demand and are more fault-tolerant, ensuring high availability.
DevOps practices streamline the development and deployment of applications. Continuous integration and continuous delivery (CI/CD) pipelines allow for rapid and automated testing, integration, and deployment of code changes. Additionally, the shared responsibility model that outlines the division of security and operational responsibilities between the cloud service provider and the customer businesses need to ensure their environments are secure and well-maintained.
These are just a few of the reasons why many companies find it advantageous to partner with hyperscale cloud providers due to their extensive infrastructure, services, and global presence. Hyperscalers offer a wide range of services, from basic infrastructure to advanced AI/ML capabilities and edge computing. This reliance allows companies to focus on innovation rather than investing heavily in building and maintaining their own data centers.
How has this shift to cloud native affected the software supply chain?
There has been significant impact to the software supply chain the top three that come to mind are increased complexity and security due to the interconnectivity of several components such as microservices, containers, and APIs. Increased reliance on open source to build cloud native components can also mean an increase in risk of security vulnerabilities. Finally, the practice of moving toward shift left security where developers are trained in secure coding practices to help prevent introducing vulnerabilities during the development process.
Ultimately, it is about bringing the left and the right together to create an integrated strategy that helps organizations build more secure, resilient, and adaptable software systems. It also helps to foster collaboration between development, operations, and security teams throughout the software lifecycle.
How do security orgs need to reconsider their processes and tooling to address this change?
Security organizations must adapt their processes and tooling to effectively address the changing landscape of complexity, reliance, and security risks. Security teams should possess software engineering skills to effectively navigate the complexities of modern software ecosystems. This enables them to understand development processes, identify potential vulnerabilities, and work collaboratively with developers to implement robust security measures.
They must adopt a risk-based approach. Instead of trying to eliminate every possible vulnerability, they should focus on managing and mitigating risks according to their potential impact. This includes having mechanisms in place to assess the overall risk landscape and allocate resources accordingly.
Additionally, they need to revamp their processes and tooling to align with the changing dynamics of the security landscape. This involves the integration of continuous monitoring, automation, developer education, and upskilling security teams. By establishing these pillars, organizations can effectively address the increasing complexity of security challenges while minimizing risks and promoting a culture of security awareness.
Where does CNAPP fit into your strategy / why is CNAPP important to your customers?
CNAPP is a major part of our cloud security strategy as we are seeing a lot of clients build upon their secure cloud foundations and continue to diversify into a multi cloud estate. Being able to provide a CNAPP solution has become essential to our customers for several reasons.
Firstly, the evolution towards modern architectures demands adaptable security measures. The intricate nature of multi-cloud landscapes introduces complexities that challenge comprehensive security. Furthermore, the drive to bolster data security across a range of modernized cloud-based applications underscores the significance of a CNAPP solution.
Secondly, heightened compliance regulations imposed by government bodies and sensitive industries, such as the financial sector, underscore the necessity for integrating threat intelligence. This integration serves to minimize the attack surface, given the heightened emphasis on cloud native security controls.
Thirdly, the appeal of CNAPP lies in its inherent flexibility and scalability, which is particularly advantageous within multi-cloud ecosystems. The ability to effortlessly accommodate changing demands and scale resources aligns seamlessly with the dynamic nature of modern cloud environments.
Lastly, CNAPP enables us to swiftly fortify emerging technologies like LLM and Gen AI. By seamlessly integrating with these advancements, CNAPP ensures that security keeps pace with innovation.
CNAPP occupies a pivotal position within our cloud security strategy due to its ability to address the evolving challenges of multi-cloud environments. It’s indispensable to our customers for its adaptability to modern architectures, compliance-driven threat intelligence integration, scalability within multi-cloud setups, and support for securing emerging technologies.
Aqua’s research team Aqua Nautilus recently issued its 4th annual cloud native threat report. Among its findings was a 1,400% increase in fileless attacks, indicating threat actors are focusing on more ways to avoid detection and establish a stronger foothold in the compromised system. How are you educating your customers on threats like this?
Our approach is to leverage facts via reports such as Aqua Nautilus to give clients a sense of how threat actors are evolving as the technology landscape is evolving. We then want to showcase our services and partners that can support the risk mitigation of such threats. All our clients have a sense that the world is a scary place, however, as a good partner it’s our duty to provide them with recommendations and solutions to continue to protect their business.
What’s next for Accenture from your point of view?
Accenture Security is continually innovating cybersecurity solutions, specializing in automating cloud processes to ensure rapid deployment and scalability. We are prioritizing the incorporation of secure by design principles, guaranteeing that security measures are an integral part of every stay of development and deployment, thereby reducing vulnerabilities and ensuring robust protection for our clients.
I’d like to thank Rex for taking the time to share his perspectives, and I’d also like to thank the entire Accenture team for working with us to solve the cloud native challenges for organizations worldwide. On behalf of Aqua, I can say we’re excited to continue our work together in helping businesses transform efficiently and securely!
For more information, reach out to [email protected] or [email protected]