Aqua Security today announced that its cloud-native security platform will be available now in two editions that enable IT teams to apply varying levels of cybersecurity based on specific requirements.
The first of the offerings is Aqua Wave, a software-as-a-service (SaaS) application based mainly on the cloud security posture management (CSPM) software that Aqua Security currently offers.
The second is Aqua Enterprise, a more robust security offering that can be deployed on-premises or accessed via a SaaS application.
Rani Osnat, vice president of strategy for Aqua Security, says Aqua Wave provides IT teams deploying cloud-native applications a lighter-weight alternative to Aqua Enterprise. In addition to the CSPM tool that Aqua Security offers, Osnat says vulnerability Scanning and an existing Aqua Dynamic Threat Analysis (DTA) are integrated as options.
In addition, the core CSPM tools have been upgraded to add support for auto-remediation of common weaknesses in configuration, in addition to surfacing remediation advice. The ability to discover configuration issues stemming from reliance on Terraform and AWS CloudFormation templates to spin up virtual machines and containers has also been added.
Finally, Aqua Security has added support for the Google Cloud Platform (GCP) and Oracle Cloud.
Aqua Enterprise, meanwhile, provides additional capabilities based on the service level selected. Capabilities such as risk-based insight to prioritize vulnerability remediation, role-based access controls (RBAC), tools to access Kubernetes clusters, improved file integrity monitoring (FIM) and support for both Linux system and Windows Registry integrity controls are included.
In general, Osnat says cybersecurity professionals have become a lot more involved in security decisions as they apply to cloud-native applications. Previously, much of the responsibility for cybersecurity was left in the hands of the DevOps team, he says.
Now there’s a greater effort being made to converge DevOps and cybersecurity workflows within the context of a unified DevSecOps process that each organization needs to define for themselves. The level of control over a Kubernetes cluster that any organization is likely to give administrators and developers is likely to vary considerably, Osnat notes.
However, Osnat says most organizations are focusing their efforts on informing and educating developers about cybersecurity issues versus implementing hard rules that prevent code from being merged because a cybersecurity issue exists. IT teams are leaving it up to the developer to weigh cybersecurity risks against application development workflows and deadlines.
It’s too hard to say to what degree IT organizations will alter their approach to cybersecurity as cloud-native applications become more prevalent. Aqua Security is betting the rise of containers and serverless computing frameworks will drive IT teams to embrace a cybersecurity platform capable of securing new platforms alongside existing legacy virtual machines.
At a time when many organizations are re-evaluating the total cost of cybersecurity to reduce costs, a cybersecurity platform capable of securing a wide range of applications may resonate now more than ever. The real challenge will be getting everyone on the same DevSecOps page once it’s determined what the right platform is.