Palo Alto Networks’ CTO of Prisma Cloud Talks Securing ‘Code to Cloud’

2023-06-23 20:02

Palo Alto Networks held its annual Code to Cloud Cybersecurity Summit Thursday, focusing on cloud, DevOps and security.

Recently, Palo Alto Networks' Unit 42 issued a cloud threat report finding that the average security team takes six days to resolve a security alert.

Among the speakers at the event was Ory Segal, chief technology officer at Palo Alto Networks Prisma Cloud, who joined a panel on how cloud security can be aligned with the aggressive development cycle under which developers work.

TR: What constitutes a CNAPP now? What falls under that banner, and how do you untangle the different approaches to it when it comes to DevOps security, when it comes to [reducing] vulnerabilities in applications lifted to the cloud or written for cloud environments?

Segal: It's not the application that you are building for your customers, but rather the application that you are using to build your own software; third-party libraries that you're bringing in, for example, or if we're using Jenkins or CircleCI to build code and generate artifacts, are we securing those points as well? Because I can write the most secure cloud-native application and deploy it, but if somebody can somehow tamper with the pipeline itself - with my build and deployment process - all of the security that I'm embedding in my own code is not worthwhile.

TR: So you are coming out with a Palo Alto Prisma Cloud product specific to securing CI/CD. Segal: Yes, we're planning to add a CI/CD security module to the Prisma Cloud platform to help secure the software supply chain.

News URL

https://www.techrepublic.com/article/palo-alto-networks-ory-segal-securing-code-cloud/

#cloud #CTO #paloalto