Cloud Security Podcast The Truth About CNAPP and Kubernetes Security
14 snips
Jan 14, 2025 
James Berthoty, founder of Latio.Tech, shares his expertise on cloud security tools. He clarifies the concept of CNAPP and discusses whether Kubernetes security is becoming the new standard. The chat dives into the distinction between runtime security and vulnerability management, emphasizing the need for clear approaches in cloud-native security. James also addresses the evolving challenges security engineers face in integrating security within development processes, alongside the pressing necessity for user-centric security tool consolidation.
AI Snips
Chapters
Transcript
Episode notes
Cloud Security = Container Security
- Cloud security is essentially container security, especially for mid-market cloud-native architectures.
- This is often obscured by the simultaneous learning of containerization and cloud infrastructure.
Posture vs. Runtime
- James Berthoty separates cloud security into posture management (scanning) and runtime protection.
- He prefers runtime protection because it allows for direct action, unlike scanning, which generates work for developers.
CNAPP: Overly Broad?
- James dislikes the overly broad definition of CNAPP, finding all-in-one tools often perform poorly.
- He proposes separating it into ASPM for developers, CSPM for systems engineers, and CADR for SOC teams.