云工作负载保护平台(CWPP)是, 根据Gartner®, a workload-centric security offering that targets the unique protection requirements of workloads in modern hybrid, 多云数据中心架构. CWPPs help organizations protect their capabilities or workloads (applications, resources, etc.)在云实例中运行.
CWPPs vary across vendor platforms but typically include functions like system hardening, 脆弱性管理, host-based segmentation, system integrity monitoring, 和 application allow lists. CWPPs enable visibility 和 security control management across multiple public cloud environments from a single console.
那么,CWPP到底在保护什么呢? A cloud workload is any application, service, database, or other function running in the cloud. 这些工作负载包括虚拟服务器, 数据库实例, 容器, 节点, 甚至是老式的计算硬件. Their specific purposes may differ, but any resources hosted in the cloud are considered workloads.
cwpp之所以重要,是因为云采用的加速, 企业在哪里享受了无数的福利 迁移 他们的技术资产到一个基于云的环境. Faster operations 和 significant cost savings are two key benefits that have spurred on this trend.
在这种环境中,云工作负载保护变得至关重要. 毕竟, any company’s reputation 和 business can suffer a notable hit whenever a hacking incident hits the news. 以满足日益增长的安全需求, vendors in the security operations (SecOps) space offer a variety of CWPP options.
与早期的安全解决方案不同, 例如端点保护平台(epp), cwpp特别关注工作负载. It’s an approach more suitable for the wide variety of cloud architectures in use today. 最终, enterprise cybersecurity platforms needed to evolve to sufficiently protect modern cloud-based technical infrastructures. As such, CWPPs support public, 私人, hybrid, 和 multi-cloud data centers.
A CWPP must provide the ability to manage any workload currently deployed on a company's cloud platforms. Network administrators typically conduct a vulnerability assessment of workloads, 验证是否符合组织的网络安全政策.
If necessary, an admin applies various security techniques to the workload. 这些可以包括完整性或内存保护、允许列表或 基于主机的入侵防御. Anti-malware protection is another option, depending on the SecOps needs of the enterprise.
其他用例也取决于业务的性质. 例如, software development organizations are able to integrate CWPPs into the automated processes in their 持续集成/持续部署(CI/CD) 管道,通常作为构建过程的一部分. This approach is becoming commonplace in organizations following the development operations (DevOps) or 发展保安行动(DevSecOps) 方法.
在一些企业中,CWPP与客户服务提供商协同工作 云安全态势管理(CSPM) 解决方案. CWPP保证了云工作负载的安全性, while CSPM focuses on the broader view – including the accounts deploying those workloads on the company’s cloud platforms. Tightly integrating CWPP 和 CSPM makes managing cloud assets an easier process for administrators.
In fact, any CWPP must seamlessly integrate with other parts of the enterprise SecOps infrastructure. 在数据隐私和安全至关重要的情况下,链接到 防止数据丢失 解决方案成为一种明智的策略. CWPP还增强了 安全运营中心(SOC), helping it to more effectively detect 和 analyze complex, cloud-based cyberattacks.
A CWPP provides an easy-to-use management window into an organization's cloud infrastructure. 这包括公共, 私人, 以及本地云, where cloud engineers can gain insights into potentially threatening workloads in real time, 一目了然. 让我们来看看CWPP的其他好处:
The difference between CWPPs 和 other 解决方案s are critical to know 和 underst和, 因为它将决定一个组织的正确解决方案. 还记得, cloud workload protection platforms are only one piece in an enterprise's overall 云安全 strategy.
One major limitation of a CWPP is an inability to perform identity tracking 和 access-management functionality. 而且,大多数平台都不提供 云风险管理 用于所有基于云的部署的服务. Because of these potential limitations, enterprises typically use CWPPs in concert with other 云安全 工具. Let's dissect some of the differences between a CWPP 和 a few of these 工具.
CSPM处理 身份和访问管理(IAM) 对于云环境. 因为此功能超出了CWPP解决方案的范围, adding a CSPM platform provides another critical piece of the 云安全 puzzle. It also focuses on monitoring 和 analytics, inventory 和 asset classification, 和 cost management.
A CNAPP focuses on protecting cloud-based applications 和 data as part of a security 解决方案, 与CWPP和CSPM协同工作. This helps bring application 和 data context to protect hosts 和 workloads, 包括虚拟机, 容器, 无服务器功能. Its significant automated capabilities also improve the efficiency of cloud administrators.
A CIEM helps to reduce excessive cloud infrastructure entitlements 和 streamline 最低权限访问 跨分布式云环境的控制. This process can be additive to a CWPP in that it helps to proactively reduce the number of humans 和 machines who can work with 和 access workloads so that security remains a priority.
CWPP侧重于保护工作负载,而CASB则执行策略. A CASB provides strong security policy enforcement by consolidating many features such as authentication, 单点登录, 授权, 凭据映射, 设备配置, 数据加密,标记化,日志记录和警报. Enterprises need to consider including a CASB with a CWPP 和 other 云安全 工具.
2022 Cloud Misconfigurations Report: Latest 云安全 Breaches 和 Attack Trends