Wiz Adds Data Security Posture Module to CNAPP

Wiz today announced it added a data security posture management (DSPM) module to its cloud-native application protection platform (CNAPP) that makes it simpler to prioritize remediation efforts based on the value of the data that might be compromised.

Wiz CTO Ami Luttwak said rather than presenting development teams with a long list of vulnerabilities, it’s now possible to specifically identify the risks any given vulnerability really represents to the business.

Other CNAPP platforms, in comparison, are not able to provide that same level of insight into the data that an application is accessing, he added.

The DSPM module is intended to address an issue that is at the core of the cultural divide between cybersecurity teams and application developers. The latter are continually trying to prioritize vulnerability remediation versus the need to write new code for the next application development project. In the absence of any context concerning how critical a vulnerability is, most developers will opt to write new code versus creating a patch for an application that may have been deployed months, sometimes even years, earlier.

The DSPM module provides the context required to effectively implement a set of DevSecOps best practices at a time when the number of potential vulnerabilities and misconfigurations that need to be addressed is simply overwhelming, noted Luttwak. In effect, IT organizations need to be able to look at the data that might be compromised before shifting responsibility for application security further left toward developers, he added.

It’s not clear how readily organizations are embracing DevSecOps best practices, but in the wake of a series of high-profile cybersecurity breaches, organizations of all sizes are reviewing how their software supply chains are managed. The challenge is most developers have little to no cybersecurity expertise, so they are not well-equipped to identify the severity of a vulnerability. As a result, it’s probable that code that may have a serious vulnerability will find its way into the build that is being created. That means the build, in addition to the code used to create it, needs to be scanned for vulnerabilities as it moves through a software development pipeline.

In addition, the tools and platforms used to create those pipelines are also now under attack. Organizations of all sizes need to make sure that malware has not been embedded into the tools and platforms used to manage their software development pipelines so they can ensure the integrity of the software supply chains.

Hopefully, as more cybersecurity guardrails are embedded in the tools and platforms used to build and deploy software, the whole process of ensuring security will become more automated. However, no matter how automated the cybersecurity guardrails embedded in these tools become, there will certainly be a need for someone with cybersecurity expertise to be involved. Organizations are generally addressing that requirement in one of three ways. They are looking for someone in the developer team that has a real aptitude for cybersecurity to coach everyone else. A second option is to add a dedicated security engineer to the team that manages the DevOps workflow. A third option is to create a cybersecurity center of excellence that includes cybersecurity professionals that work alongside developers as they build applications.

Each organization will, naturally, need to decide for itself which combination of those approaches makes the most sense for them.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard