Quantifying the Business Value of CNAPP: Total Economic Impact Study
Businesses have been embracing cloud native technologies because of their elasticity and flexibility. They allow enterprises to quickly scale and develop applications that are built with services packaged in containers, deployed as microservices and managed on elastic infrastructure through agile DevOps processes and continuous delivery workflows. But with the opportunity that comes with cloud native, there exists questions around not only its security but its value to the business.
As a leader in cloud native application protection platforms (CNAPP), we commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study. Forrester Consulting interviewed six customers with experience using the Aqua Platform and combined the results to form a single composite organization. The study looked at the challenges each had around securing their cloud native applications, as well as the benefits and investment value the Aqua CNAPP platform brought to each business.
As cloud and container adoption increases, organizations need solutions to overcome the complex and regulatory challenges they face around security infrastructure that traditional approaches no longer meet. Without adequate security protection, organizations and their clients are vulnerable to attacks that can severely impact business and result in large financial losses and damage to reputation.
Forester Consulting Aqua TEI Study
Cost Reduction and Business Acceleration
The study states: "(There is) no suitable solution for container security. The organizations mainly relied on traditional, on-premises security solutions that were no longer being supported. This means they had to quickly find alternative cloud-based or hybrid solutions to meet their security needs."
The cloud model is designed to simplify the deployment, scaling, and management of containerized applications. Many services provide the flexibility of containerized application management that makes containers an ideal solution for businesses aiming for efficient, scalable, and consistent application deployment in the cloud, and offers an effective way to minimize the effort to run containers.
Interviewees stated that Aqua helped to accelerate development worth $1.6 M through the adoption of containerized environments, allowing customers to scale and grow their business faster.
“The data from Aqua has given us the business justification to invest in overall practice improvement [and] say we need to improve the way we manage and maintain our containers, not just the way we scan our containers. … That’s been a very, very high business-value aspect by being able to drive the investment [and] drive the improvement to those practices.” – Product security director, technology
Additionally, efficiency and improvements in business processes lead to increased competitiveness and consequently higher revenue.
“The business impact from this is that we can deploy much faster. So, if development said, ‘Hey, we’re going to put this feature in right now,’ they could deploy it, get those through, and it would go out as long as it passed those checkboxes. None of us would have to be involved with that at all. So, the business becomes more prevalent.” – Information security manager, health insurance
With this flexibility though comes a loss of control over your infrastructure and your security.
Vulnerability Management and Remediation
Aqua enables complete visibility across the application development lifecycle through runtime, so security teams have an accurate and complete picture of vulnerabilities and can better assess the criticality they pose given the context from development and production.
The study uncovered that prior to using the Aqua Platform, many of the organizations did not have container security tool solutions for vulnerability management and runtime protection, gate-like controls, and threat detection. This was because interviewees said there was no suitable tool for container security on the market that satisfied their organizations’ regulatory requirements and compliance mandates.
The main solutions for vulnerability management available in the cloud space at the time were traditional (on-prem only) tools that targeted classic operating system workloads but not containers. Alternatively, the organizations would have had to try and build their own security solutions that would not have met the requirements. This meant they lacked visibility into potential threats and left them vulnerable to cloud space attacks.
The Aqua Platform uncovered a lot of things for the interviewees that previously they did not have visibility on. Security-wise, it was very high value for what it unearthed or uncovered such as better visibility into container vulnerabilities, enabling security teams time to focus on other high-priority tasks. The Forrester Consulting study overall quantified the huge gains in threat detection and remediation abilities to include a 90% reduction in vulnerability research and detection time and efficiencies reaching nearly $2 million.
Aqua Impact: Meeting Compliance Requirements
Organizations already had some security measures in place to minimize potential breaches, but interviewees said having the Aqua Platform in place reduced exposure from 20% to 10%, and the amount of remedial work required.
Additionally, many gained a deeper level of visibility into container vulnerabilities. One key result from the investment included savings from reduced risk exposures, a container image vulnerability investigation and remediation time savings.
As organizations deploy applications using containers, serverless functions and other cloud native technologies, they are stepping into uncharted compliance territory. The Aqua Platform provides purpose-built cloud native compliance controls, full visibility and auditing, and what we refer to as compliant by default templates to facilitate compliance with less hassle.
With the evolving security environment constantly changing, it became more difficult for the organizations to keep up with and meet the regulatory and compliance standards of security without the support of an efficient and specialized solution.
After investing in the Aqua Platform, the interviewees’ organizations were able to meet customer criteria mandates and cloud-level security compliance requirements, and they gained a deeper level of visibility into their container vulnerabilities.
Aqua Customers Are Protected. Are You?
Forrester Consulting concluded through the interviews and aggregated data that the Aqua Platform had the following three-year impact.
Aqua helps accelerate development - by adopting containerized environments, you can scale and grow your business faster. With Aqua you don't have to worry about the security implications. Aqua protects you no matter where you run. To get a demo of the only true CNAPP on the market today visit auqasec.com/demo or visit here to read more from the Forrester Consulting TEI study.