Chapter 3. A Shadow Cloud Emerges: Immediate Visibility, Maintaining Control
Everything that we see is a shadow cast by that which we do not see.
Martin Luther King Jr.
“What. Is. That?”
It was a fair question. Our CISO was a woman of few words, and these had come spluttering forth at an understandable moment. Surprise is perhaps the least welcome emotion in the security department, but, inadvertently, we’d planned a party without even knowing it.
After the MI5 debacle, we deployed a CNAPP with all the fanfare of a new tool in the toolbox. The fact that this tool was a veritable tool chest and expert practitioner in one had only added to our excitement.
We’d expected some red flags to alert us immediately. We knew there was security debt (fallout technical debt) in our systems, even the brand-new cloud native ones. Debt accumulated interest fast, so we had steeled ourselves for a host of vulnerabilities, even with a rudimentary set of security policies in effect.
But we weren’t prepared for what happened next.
We’d been expecting to catch a few fish, but not the entire white whale all at once. The white whale we were facing was a shadow cloud.
Notable by Its Absence
A shadow cloud may be less dark and mysterious than its name implies, but it can still come as something of a shock. In our case, lines of communication ended abruptly at a boundary that we didn’t recognize. Workloads and network connections we expected to be starkly rendered in crisp outline were not showing up. ...
Get Cloud Native Application Protection Platforms now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
