SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Kubernetes / Security

Octarine Open Sources a Kubernetes Tool to Check for Configuration Security Errors

24 Jan 2020 3:00am, by Joab Jackson

DevOps / Security / Technology / Sponsored / Contributed

5 Steps to Implement DevSecOps

23 Jan 2020 11:28am, by Matt Chiodi

DevOps / Security / Tools / Sponsored / Contributed

Part 2: The Secret to Winning IT Security Roulette

22 Jan 2020 11:04am, by Thomas Hatch

CI/CD / DevOps / Security / Sponsored

The State of Security for DevOps in 2020

20 Jan 2020 5:00pm, by Jennifer Riggins and Alex Williams

Kubernetes / Security / Storage / Sponsored / Contributed

How to Lockdown and Secure Kubernetes Persistent Volumes 

15 Jan 2020 9:52am, by Andrew Sullivan

DevOps / Security / Tools / Sponsored / Contributed

Part 1: The Secret to Winning IT Security Roulette

14 Jan 2020 11:38am, by Thomas Hatch

Kubernetes / Security

CNCF Bug Bounty Program Shines a Light on the Darker Corners of Kubernetes

14 Jan 2020 10:51am, by Mike Melanson

Containers / Kubernetes / Security / Sponsored

Real Data for a Proper Kubernetes Security Review

13 Jan 2020 2:00pm, by Alex Williams and B. Cameron Gain

DevOps / Security / Sponsored / Contributed

What I Learned Talking to 45 CISOs About DevSecOps

10 Jan 2020 9:18am, by Matt Howard

Culture / DevOps / Security / Sponsored / Contributed

4 New Year’s Resolutions to Integrate Security into DevOps

9 Jan 2020 12:46pm, by Brian Levine

Cloud Native / Containers / Security

CNCF’s Falco Runtime Security Tool Graduates from the Sandbox, Moves into Incubation

8 Jan 2020 9:40am, by Mike Melanson

Data / Security / Sponsored / Contributed

How Changes to Global Data Privacy Affect Your Database

6 Jan 2020 8:43am, by Mat Keep

Containers / DevOps / Security / Contributed

Accelerating DevOps with Advanced Container Security

31 Dec 2019 10:00am, by Lior Cohen

Containers / Security / Service Mesh

Portshift Takes Vulnerabilities Management to the Container Level

26 Dec 2019 9:32am, by Mike Melanson

Kubernetes / Security / Sponsored

How the U.S. Air Force Deployed Kubernetes and Istio on an F-16 in 45 days

24 Dec 2019 8:19am, by Tom Krazit

CI/CD / DevOps / Security / Sponsored / Contributed

The Power of SecOps: Redefining Core Security Capabilities

20 Dec 2019 10:42am, by Thomas Hatch

Cloud Native / Security

TUF Is First Security Project to Graduate the Cloud Native Computing Foundation

19 Dec 2019 11:03am, by Mike Melanson

Cloud Native / Security

BeyondProd: Google’s Internal Model to Securing Cloud Native Microservices

17 Dec 2019 4:52pm, by Joab Jackson

Cloud Services / Security

Alert Logic Adds More Threat Detection to AWS Identity Management

16 Dec 2019 3:00am, by B. Cameron Gain

Liran Tancman and Corey Scobie at ReInvent 2019

CI/CD / DevOps / Security / Sponsored

Chef and Rezilion Partnership Centers on Automation

12 Dec 2019 7:45pm, by Jennifer Riggins and Alex Williams

Security

Chef Teams with Rezilion for Security Automation

12 Dec 2019 2:04pm, by Susan Hall

Containers / Security

8 Tools To Secure Your Docker Containers

9 Dec 2019 12:50pm, by Jack Wallen

Gareth Rushgrove at KubeCon San Diego 2019

Kubernetes / Security / Sponsored

Snyk’s Gareth Rushgrove on How Visibility Is Driving Security

6 Dec 2019 9:22am, by Jennifer Riggins and Alex Williams

Security / Technology

Singapore Researchers Shrink Quantum Chips to the Size of an Integrated Circuit

5 Dec 2019 11:00am, by Kimberley Mok

Security

CrowdStrike and the Nation-State Threat to Cybersecurity: Facts vs. Hype

5 Dec 2019 9:40am, by Lawrence E Hecht

Culture / Open Source / Security / Tools / Sponsored

How SREs and Automation Can Save Your Security Infrastructure

27 Nov 2019 9:25am, by B. Cameron Gain

1 2 3 4 5 6 7 8 9 10

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.