SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Podcast
Research
Feature
Science
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • DevOps
    • DevSecOps
    • Docker Ecosystem
    • Kubernetes Ecosystem
    • Microservices
    • Serverless
    • Storage
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Culture / Linux / Security

University of Minnesota Researchers Tried to Poison the Linux Kernel for a Research Project

2:09pm, by Jack Wallen

Machine Learning / Security / Contributed

Confidential Computing Is Transforming Data Encryption in Healthcare, Finance

5:00am, by Pandurang Kamat

CI/CD / Kubernetes / Security

Accurics Extends Terrascan Vulnerability Detection into the Kubernetes Runtime

21 Apr 2021 3:00pm, by B. Cameron Gain

CI/CD / Open Source / Security

Not Your Usual Supply Chain Hack: The Codecov Bash Uploader Blunder

21 Apr 2021 9:24am, by Steven J. Vaughan-Nichols

API Management / Development / Security / Sponsored

Okta’s Platform to Outsource Identity Management for Busy Developers

20 Apr 2021 12:44pm, by Mary Branscombe

Kubernetes / Security / Sponsored / Contributed

The Kubernetes Network Security Effect

19 Apr 2021 11:00am, by Amir Kaushansky

Development / DevOps / Security

NeuVector Expands Container Vulnerability Scanning to Developers

19 Apr 2021 3:00am, by Mike Melanson

Development / Security

How to Analyze Code and Find Vulnerabilities with SonarQube

16 Apr 2021 10:09am, by Jack Wallen

Cloud Native / Kubernetes / Security / Contributed

Defend the Core: Kubernetes Security at Every Layer

15 Apr 2021 12:00pm, by Jimmy Mesta

Monitoring / Security / Sponsored / Contributed

Why Using a Time-Series Database Improves Security Monitoring

14 Apr 2021 6:30am, by Peter Albert

Networking / Security / Sponsored / Contributed

Defense in Depth: The First Step to Security Certainty

13 Apr 2021 11:00am, by Allen McNaughton

Open Source / Security / Sponsored / Contributed

New Research Shows Secure Usage of Open Source Remains Problematic

13 Apr 2021 8:55am, by Tim Mackey

Development / Security / Contributed

Strong Security Doesn’t Have to Equate to Slow Development

9 Apr 2021 11:34am, by Rob Juncker

DevOps / Security / Sponsored / Contributed

Interactive Application Security Testing Is the Next Big Thing in AppSec

9 Apr 2021 8:54am, by Eugene Pakhomov

Cloud Services / Security / Sponsored

Okta Launches a Unified Control Plane for Enterprise Identity and Access Management

7 Apr 2021 2:21pm, by Joab Jackson

Cloud Native / Security / Sponsored / Contributed

Why You Need to Implement a Cloud Native Data Protection Solution

7 Apr 2021 9:00am, by Nivas Iyer

API Management / Microservices / Security / Sponsored

Okta Expands Free Identity Management Services, Cloud Native Deployment Options

6 Apr 2021 4:00pm, by Joab Jackson

Culture / Development / Security / Sponsored / Contributed

6 Talks That Developers Will Be Excited to See at Oktane21

5 Apr 2021 3:00am, by Lee Brandt

Cloud Native / Security

Sysdig Detects Lateral Movement Attacks Across Containers and Clouds

1 Apr 2021 2:02pm, by Steven J. Vaughan-Nichols

Cloud Services / Security / Sponsored / Contributed

Protect Workloads Utilizing RDP in AWS from Common Brute Force Attacks

1 Apr 2021 12:00pm, by Maya Levine

CI/CD / Kubernetes / Security

CircleCI Extends CI/CD Platform Beyond the Cloud

1 Apr 2021 10:41am, by B. Cameron Gain

Networking / Security / Service Mesh / Sponsored

Solo.io: Istio Is Winning the Service Mesh War

31 Mar 2021 12:23pm, by B. Cameron Gain

Kubernetes / Security / Sponsored / Contributed

Calico Extends eBPF Data Plane to Offer Host Protection

31 Mar 2021 9:00am, by Shaun Crampton

Open Source / Security / Technology

PHP Supply Chain Attack Shows Open Source’s Virtues and Vices

30 Mar 2021 4:22pm, by Steven J. Vaughan-Nichols

Cloud Native / Cloud Services / Security / Sponsored

Orchestrating Against Advanced Threats in the Cloud

30 Mar 2021 3:00pm, by Alex Williams and B. Cameron Gain

CI/CD / Open Source / Security

GitLab Open Sources Protocol Fuzzer Community Edition

30 Mar 2021 4:00am, by Steven J. Vaughan-Nichols

1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.