On March 26, 2018, Gartner updated the Market Guide for Cloud Workload Protection Platforms. A number of Gartner analysts have been on the forefront of understanding the impact of digital transformation on cloud, application, and container infrastructure, including security. Their work continues to evolve, including new market segments, as containers take on a bigger role in the overall technology ecosystem. This report identifies Layered Insight as one of the vendors offering “container-focused” Cloud Workload Protection Platform (CWPP) offerings.
The full report is available here for those with a Gartner account. Since I was lucky enough to see a copy of the report, I thought I’d summarize a few of it’s more interesting points, especially in the context of container security and Layered Insight.
As is common in analyst reports, the first section everyone sees is key findings. In this new report, it basically comes down to a list that focuses on complexity of the cloud, inconsistent security approaches, and the inability of legacy security solutions to address the latest technology trends.
This is not surprising, as we have been saying the same thing. Containers are different and traditional security solutions cannot protect them. Instead of applying old approaches to new technologies, containers force us to think differently. That’s why we believe in a Container Native approach. By embedding security into the container, not only can we protect the container, but we can add a consistent approach across any infrastructure whether it’s on-premise, in the cloud, or hybrid.
Next comes a list of recommendations. As you can image, the recommendations focus on using CWPP offerings, not traditional security solutions, to protect these new technologies regardless of where they run, including physical and virtual machines, cloud infrastructure, or other container infrastructure. It also identifies the need to protect the application.
The future of security needs to focus on the application, not the host. Hosts are being abstracted away from our visibility and control as we move to true container-as-a-service and serverless offerings. The best security is to protect the application, which is why we call it Container Native Application Protection. That’s what provides application protection, but from within the container, not via the host.
In this section, Gartner identifies a number of capabilities needed to address this market. No need to summarize these here, as I have already outlined most of these capabilities and a few more in this blog post: Critical Capabilities Of Container Native Application Protection. Let’s just say I’m pretty happy with the list Gartner provided.
This section of the report is really interesting to me, as we have been seeing a number of the same trends. However, I’m not sure that most security professionals truly understand the impact of these trends. To me, this section comes down to the fact that cloud-native applications and the use of cloud infrastructure are here to stay. And, this will continue to fuel the following trends:
- Next-generation applications will be container-based
- Container-as-a-Service (CaaS) and Serverless computing options will continue to gain traction
- Infrastructure will become immutable
You know what these mean, right? Containers, not infrastructure, are the future of security. This will require you to protect your next-generation applications with a container native solution. Kernel plugins and privileged containers will not address the future needs of the container security market.
This last section gets into more details about the capabilities of the CWPP market. There is one section that discusses CWPP Architectural Considerations and Container Support, which states: “Another approach is to “inject” or layer the security controls into each container as they are constructed before release into production…” It’s always great when the analysts acknowledge your approach.