Cloud Native Security Program Self Assessment

{{overallScore}}

Result:

{{result}}

with {{ttl}} out of a possible 100 points


Nascent - Isolated < 31
Intermediate - Transforming > 31 and < 80
Advanced - Automated > 80

PEOPLE
Earned {{t1}} out of a 30 possible points.
0
30

At what level of your company is security managed for internally developed cloud native applications?
{{Answer03}}

Which team is primarily responsible for defining security policies to protect your cloud native applications?
{{Answer04}}

Does your company have an individual or group designated as cloud security architects and/or DevSecOps engineers?
{{Answer05}}

Policy and Processes
Earned {{t2}} out of a 30 possible points.
0
30

Into which stages of your organization’s software development lifecycle (SDLC) has security been integrated? (please check all that apply)

{{Answer06a}} We include security in our planning process

{{Answer06b}} We have shifted security left into our development processes

{{Answer06c}} We integrate security measures at the integration and build stages

{{Answer06d}} We integrate security measure into our delivery/deployment stages

{{Answer06e}} We apply security controls to protect runtime production environments

{{Answer06f}} None of the above

Regardless of the previous answer, how do your organization’s project teams, across all roles, feel about the security approach of ‘shift left’ (i.e., integrating security processes and controls earlier in the SDLC)?
{{Answer07}}

When integrating security controls within the SDLC, do your project teams employ a risk-based approach that takes into account both the critically of different cloud native applications and their associated threat models?
{{Answer08}}

Technology
Earned {{t3}} out of a 40 possible points.
0
40

Which of the following controls are currently employed to secure your organization’s cloud native applications? (please check all that apply)

{{Answer09a}} We use security controls native to the cloud service provider or our orchestration platform

{{Answer09b}} We use third-party security controls (e.g., commercial solution)

{{Answer09c}} We use open-source security controls (e.g. Clair, Trivy, Osquery, Falco, Kube-Bench, etc.)

{{Answer09d}} We develop our own set of security controls

{{Answer09e}} None of the above

{{Answer09f}} Don't know

Which of the following security use cases and areas of focus has your organization implemented to protect your cloud native applications? (please check all that apply)

{{Answer10a}} Vulnerability management

{{Answer10b}} Host hardening

{{Answer10c}} Kubernetes hardening

{{Answer10d}} Runtime monitoring

{{Answer10e}} Micro-segmentation

{{Answer10f}} Secrets management

{{Answer10g}} Compliance mandates (e.g. PCI-DSS, HIPAA, etc.)

{{Answer10h}} Malware prevention and analysis

{{Answer10i}} Runtime threat protection

{{Answer10j}} Auditing and forensics

{{Answer10k}} Don’t know

Which of the following cloud security solutions is currently being used by your organization? (please check all that apply)

{{Answer11a}} Application security testing (Software composition analysis, code scanning)

{{Answer11b}} Cloud security posture management (CSPM)

{{Answer11c}} Cloud workload protection platforms (CWPP)

{{Answer11d}} Container security

{{Answer11e}} Serverless Security

{{Answer11f}} API Security

{{Answer11g}} Cloud infrastructure entitlement management (CIEM)

{{Answer11h}} Micro-segmentation

{{Answer11i}} Web application firewall (WAF)

{{Answer11j}} Data loss prevention (DLP) for object stores

{{Answer11k}} None of the above

{{Answer11l}} Don’t know

At what stage is your organization regarding consolidation of cloud security controls and using an integrated platform to protect your cloud native applications and infrastructure.
{{Answer12}}

Cloud Adoption
This category was not scored.

How many of your company’s internally developed cloud native applications are considered business-critical?
{{Answer01}}

For how long has your organization been using the following technologies as part of your internally developed cloud native applications? (Please check one per row)
Containers: {{Answer02a}}
Kubernetes: {{Answer02b}}
Serverless function-as-a-service FaaS: {{Answer02c}}
Continuous Integration and Continuous Delivery CI/CD Tools: {{Answer02d}}
Microservices Service Mesh: {{Answer02e}}

How You Can Improve

Where do you stand today?

Aqua’s cloud native security model, developed by ESG, is based on three pillars: people, policy and Process, and technology. Your maturity ranking is the result of aggregating your organization’s approach and performance across these three pillars. Based on your inputs, your organization is ranked as a Beginner with an aggregated score of {{overallScore}} out of a possible 100 points.

Below, we have compiled recommendations across people, processes, and technologies that your organization can enact to improve its standing and create a competitive edge over its peers.

Assessment and benchmark
research powered by ESG

ANSWER WEIGHTS
Category 1
Answer01 = 0
Answer02 = 0
Answer03 = (A=10, B=5, C=0, D=dont_know)
Answer04 = (A=6, B=2, C=2, D=10, E=9)
Answer05 = (A=10, B=8, C=2, D=0, E=0)


ANSWERS SELECTED
Category 1
Answer01={{Answer01}}
Answer02a={{Answer02a}}
Answer02b={{Answer02b}}
Answer02c={{Answer02c}}
Answer02d={{Answer02d}}
Answer02e={{Answer02e}}
Answer03={{Answer03}}
Answer04={{Answer04}}
Answer05={{Answer05}}
Question01={{Question01}}
Question02={{Question02}}
esg_global_assessment_notes={{esg_global_assessment_notes}}

Score={{cat1Score}} out of 30
Pillar={{cat1Bucket}}

ANSWER WEIGHTS

Category 2
Answer06 = (A=3, B=3, C=3, D=3, E=3, F=none) *multi
Answer07 = (A=5, B=2, C=0, D=0)
Answer08 = (A=10, B=6, C=2, D=0)

 

ANSWERS SELECTED
Category 2
Answer06={{Answer06}}
Answer07={{Answer07}}
Answer08={{Answer08}}

Score={{cat2Score}} out of 30
Pillar={{cat2Bucket}}

ANSWER WEIGHTS

Category 3
Answer9 = (A=1, B=5, C=3, D=1, E=none, F=dont_know) *multi
Answer10 = (A=1, B=1, C=1, D=1, E=1, F=1, G=1, H=1, I=1, J=1, K=dont_know) *multi
Answer11 = (A=1, B=1.5, C=1.5, D=1, E=1, F=1, G=1, H=1, I=.5, J=.5, K=none, L=dont_know) *multi
Answer12 = (A=10, B=8, C=4, D=0, E=dont_know)

 

ANSWERS SELECTED
Category 3
Answer9={{Answer09}}
Answer10={{Answer10}}
Answer11={{Answer11}}
Answer12={{Answer12}}

Score={{cat3Score}} out of 40
Pillar={{cat3Bucket}}

RESULTS

Overview
Total Available Points = 100
People = {{cat1Score}} out of 30
Policies and Process = {{cat2Score}} out of 30
Technology = {{cat3Score}} out of 40

by Cohort
Nascent – Isolated: <30 points
Intermediate – Transforming: 31-79 points
Advanced – Automated: >80 points
Overall Score={{overallScore}}

resultCopy={{resultCopy}}