Runecast adds CNAPP capabilities to secure workloads across three cloud service providers
Runecast announces major gains in the Cloud Native Application Protection Platform (CNAPP) and IT Operations Management (ITOM) spaces by rounding out its coverage to the third-largest cloud service provider on the market, Google Cloud Platform (GCP).
According to analyst firm Canalys, the Big Three public cloud service providers (CSPs) – Amazon Web Service (AWS), Microsoft Azure and GCP – now control a combined 62% of a market that in Q1 2022 reached $55.9 billion, with 33%, 21% and 8% market shares, respectively.
Organizations are in need of complete visibility for complex hybrid or multi cloud environments, with the ability to consolidate various tool sets where possible, and a solution that requires no learning curve (due to prevalent staffing shortages) to help ensure security compliance across the estate.
“As CISOs face increasing challenges in the areas of staffing shortages – combined with increasingly complex hybrid IT environments obscuring the transparency of their security posture – there is a move toward greater consolidation of solutions and vendors for organizations’ security needs across hybrid and multi cloud environments,” said Markus Strauss, Head of Product Management at Runecast.
Enter CNAPP, for securing the cloud
CNAPP combines the categories Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP), providing both the proactive monitoring element of CSPM and the protection aspect of CWPP.
It is important for organizations to choose a platform that meets specific needs, which in terms of multi and hybrid cloud environments typically means coverage of multiple vendors and locations visible through a single vendor or a single-platform view. Such a holistic view enables organizations to effectively secure and protect cloud-native applications and remove silos between the large number of tools that an organization might be using to cover all aspects of its infrastructure.
On CNAPP adoption, Mr. Strauss stated, “CNAPP adoption will largely be driven by DevOps and DevSecOps teams looking for ways to secure their cloud workloads natively in the cloud, while IT Procurement departments will use this as a catalyst to consolidate tool spend and prefer single-vendor purchasing.”
Enter Runecast, a leader in the CNAPP space
Runecast has ranked as a ‘High Performer’ in both the Spring and Summer 2022 G2 Grid Reports for the categories Security Risk Analysis, Cloud Workload Protection Platforms (CWPP), Vulnerability Scanner, Cloud Compliance and Cloud Security.
Runecast provides organizations a proactive approach to security compliance, business continuity and operational resilience – whether on-premises, hybrid multi cloud, containers or OS – providing automated compliance auditing, best practice checks, configuration drift management, vulnerability assessment/management, remediation and reporting for multiple technologies.
“In the wake of digital transformation, which led to experimentation with many disparate toolsets, IT teams are aiming to consolidate into a single platform that evolves along with their needs,” said Mr. Strauss. “To provide the means of future-proofing their environments, Runecast integrates cross-technology insights – for AWS, Azure, GCP, Kubernetes, VMware, Windows and Linux – into a single platform.”
New in version 6.2, GCP support and KSPM enhancements
Runecast has expanded its coverage to the third-largest cloud service provider on the market, GCP, bringing insights and control for teams charged with configuration management and security posture management across the platform.
Organizations using GCP can now gain greater visibility into exactly how their environment is configured at any given time – and be able to determine when and where any changes have occurred to provide consistent configuration (a crucial part of stable and predictable infrastructure). Additionally, IT teams can monitor and see how their Google Cloud environment stacks up against latest CIS Benchmarks.
For Kubernetes, Runecast is expanding the level of support, allowing teams greater insights into the nodes running on the Kubernetes cluster and greatly increasing the amount of vulnerabilities that customers are able to discover.
Customers can now check for vulnerabilities in all container images deployed across their environment. Image scanning is available for images that have already been deployed, but also as part of the DevOps deployment process (CI/CD pipeline). This allows customers to shift image security to the development process (shift left) allowing for secure development and deployment of container images, in addition to the ability of scanning images for vulnerabilities that are already deployed.
Enter Efficiency, to counter IT skills shortages
Runecast solves CISO and CIO pain points by enabling their Security and Operations teams to ‘do more with less’ via automated checks against about a dozen of the most common security standards, vendor security hardening guidelines and best practices. Teams see configuration drift and vulnerabilities listed by criticality. This assists with staff shortages and shifts teams away from reactive approaches that hinder the ability to focus on business growth drivers.
“Customers report 75-90% time savings in the areas of troubleshooting and upgrade planning,” said Mr. Strauss. “This in turn enables them to focus rather on new projects.”
Designed to operate fully on-premises, Runecast can analyze both on-prem and hybrid cloud environments. It functions fully offline (with offline-capable weekly updates) – so that no sensitive data needs to leave the organization’s control (e.g. for external support requests). Runecast is designed to require no learning curve and enable teams to proactively address issues before they devolve into inefficiencies or downtime.
Mr. Strauss added, “Pressure from regulatory bodies and industry standards will continue to increase and localized or industry specific regulatory frameworks will be added. Vendors need to be able to support customers across many compliance standards.”
Runecast audits against best practices and multiple security standards (e.g. BSI, CIS, Cyber Essentials, DISA STIG, GDPR, ISO 27001, NIST), with more checks regularly added to the platform’s capabilities – to provide customers ever greater value over time.