March 30, 2023

Cloud security challenges continue to mount as organizations increasingly move their workloads out of traditional data center environments onto one or more Infrastructure as a Service (IaaS) platforms. One study found that 72% of organizations were using multiple IaaS providers in 2022, while 45% experienced a data breach or failed an audit involving data and applications in the cloud. Meanwhile, recruiting security experts familiar with one cloud platform, let alone two or more, is beyond the resources of most organizations.

Ermetic uses an identity-first approach to CNAPP that provides the multi-cloud platform intelligence, and context lacking from single purpose security tools, to bridge the enterprise skill gap and automate the protection of applications and data across leading IaaS platforms from AWS, Microsoft Azure and GCP.

According to Gartner, “CNAPP offerings operationalize cloud-native application risk (a concept referred to as RiskOps and introduced in Seven Imperatives to Adopt a CARTA Strategic Approach) by ‘connecting the dots’ to help understand the effective risk across the multiple layers of a modern cloud-native application. Risk-prioritizing the findings is critical as developers and security professionals are overloaded with alerts and findings of siloed tools.”

The report also recommends that organizations, “Reduce complexity and improve the developer experience by choosing integrated CNAPP offerings that provide complete life cycle visibility and protection of cloud-native applications across development and staging and into runtime operation.”

“Identifying, prioritizing and remediating cloud security risk requires deep and contextual full stack analysis of vulnerabilities, as well as automation capabilities to simplify complex tasks,” said Shai Morag, CEO of Ermetic. “Both security professionals and developers trust the Ermetic platform to provide detailed, accurate findings and remediation work flows that enable them to measurably improve the organization’s cloud security posture with limited time and effort.”

The Ermetic CNAPP unifies and automates cloud infrastructure entitlement management (CIEM), cloud security posture management (CSPM), cloud workload protection (CWP), infrastructure as code (IaC) security and Kubernetes security posture management (KSPM). It unifies full asset discovery, deep risk analysis, runtime threat detection and compliance reporting, combined with pinpoint visualization and step-by-step guidance.