SEARCH (ENTER TO SEE ALL RESULTS)
Cancel Search
POPULAR TOPICS
Contributed
sponsored-post-contributed
News
Analysis
The New Stack Makers
Tutorial
Podcast
Feature
Research
Profile
The New Stack Logo
Skip to content
  • Podcasts
  • Events
  • Ebooks
    • DevOps
    • DevSecOps
    • Docker Ecosystem
    • Kubernetes Ecosystem
    • Microservices
    • Observability
    • Security
    • Serverless
    • Storage
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • DevOps
      • DevSecOps
      • Docker Ecosystem
      • Kubernetes Ecosystem
      • Microservices
      • Observability
      • Security
      • Serverless
      • Storage
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
Search The New Stack
 

Security

▾ 4 MINUTE READ — CLOSE

Application and network security require different approaches in cloud computing and cloud-native computing. Cloud-native security has a new set of priorities and open-source security requirements that come with introducing a container and container orchestrator into a production environment.

Securing both internal and external systems has become vital. This is evident in the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket, and other public/private cloud-based repositories.
What Is Application Security?
Application security is developing and testing security features to detect and prevent vulnerabilities. Securing applications avoids unauthorized access and modification of software.
Network Security Tools Provide Software Protection
Network security tools are hardware and software that protect your network from potential threats. These tools secure sensitive information and enable consistent delivery of your organization’s solutions.

Here are some of the protections that network security tools provide:

Firewall. By using predefined rules, firewalls control network traffic flow.
Network Segmentation. Set boundaries between network segments with similar roles, risks, or functions in a company.
Access Control. Network security systems help organizations manage their networks and systems by limiting or providing access when required.
Data Loss Prevention (DLP). Data Loss Prevention software monitors your network for unauthorized attempts to access your data and stops unauthorized data exfiltration.
Email Security. The protection of email content and accounts from threats is essential for privacy and relationships with customers or team members. Security vendors help email service providers keep your information secure with advanced network security systems.
Intrusion Prevention Systems (IPS). Intrusions often occur in networks and systems. Attackers try to exploit intrusions before solutions are implemented. Security tools such as IPS prevent attackers from interfering by monitoring a network for malicious activity and taking actions such as blocking to prevent such activities.
Sandboxing. Network security tools enable sandboxing — a process that allows you to run codes in an isolated environment that mirrors end-user activities safely. This process is excellent for testing codes and identifying threats before deployment.
Hyperscale Network Security. When numerous servers are networked together into a scalable cloud computing system, that’s hyperscale.Increasing or decreasing the number of servers in use allows the network to cope with both large and small volumes of data, according to changing requirements.

Serverless Security Improves Application Agility
Serverless security is an operational model in cloud computing where applications depend on managed cloud services to simplify infrastructure security. Adopting serverless security reduces operational overhead and other costs. As applications no longer rely on other services for functionality such as authentication, developers can focus on optimization, thereby increasing agility.
Benefits of a Secure Development Process
Many development teams create codes and try to bolt on security at the end of development rather than securing the process from the start. Here are some reasons why a secure development process is essential:

Early detection of errors. A secure development process allows developers to identify problems in different environments quickly. This reduces the time spent on fixes and enables developers to optimize their operations.
Cost reduction. Early detection of security flaws decreases the cost of fixing errors. Fewer development components are affected, reducing the cost of devising and implementing solutions.
Reduction of corrupt data. A secure development process minimizes the risk of threats and code interference. Security tools prevent unauthorized access, malicious behavior and ensure data security.

Security Architecture Challenges
Security platforms prevent system breaches and malware. Although these functions are advantageous, security architecture also poses some challenges:

Adoption of DevOps. Many organizations have adopted some form of DevOps into their processes. The need for agility and speed associated with DevOps introduces development and security vulnerabilities to systems.
Architectural fragments. Many architectures are fragmented with little to no integration. This disconnection increases security risks, as there are blind spots in company infrastructure, room for errors, and time wasted.
Compliance mandates. Security architecture needs to comply with ever-changing government regulations, security standards, and industry regulations. Non-compliance with these requirements attracts fees and penalties. Many present-day security vendors — except those devoted to the cloud-native space such as Aqua Security — have difficulty complying with these mandates as seen in the 2019 acquisition of the Twistlock security platform.
Architecture complexity. The extensiveness of some security architecture makes managing risks complex and causes some teams to use the architecture less, which defeats its initial purpose.

How Can Providers Improve Network Security Software
Vector attacks and security risks increase as software development takes place. These risks create the need to improve security infrastructure and optimize existing software.

Here are some ways security providers can improve applications and platforms:

Establishing security policies for pods. Google has developed a security architecture for its cloud called BeyondCorp, a  zero trust model. The software assumes a company firewall will be breached and secures the application at the user level while managing access.
Addressing issues regarding the internet-based collaborative model of application development. Also known as supply-chain security, this process ensures that you improve the safety of your code. Supply chain security helps organizations monitor, analyze, and mitigate risks arising from external services such as software vendors and open-source libraries.
Scanning container images for buggy dependencies. Container images are immutable static files with executable code that can create containers in a system. Security architecture scans these images to ensure container security and secure the development process.
Application security testing. Teams can secure data and ensure maximum software functionality through application security testing, which is the process of evaluating and reporting on the safety of software applications as they move along the software development lifecycle.

At The New Stack, we monitor the development and adoption of cloud-native security tools and the evolution of traditional security tools — which should be API supported — into the marketplace. We also follow advancements as cloud-native security tools offer real-time feedback and become easily licensed for cloud computing environments.

Save this page to learn more about security tools and how they become integrated with DevOps and CI/CD frameworks.


The New Stack Newsletter Sign-Up
A newsletter digest of the week’s most important stories & analyses.
Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.
API Management / CI/CD / Security
The New Stack’s Top Podcasts for 2021
30 Dec 2021 6:00am, by B. Cameron Gain
lego man working in between a machines' gears
Culture / DevOps / Security / Software Development / Technology
2022 Forecast: What’s Next for Tech Workers?
28 Dec 2021 9:05am, by Heather Joslyn
neon 2021 sign with a tunnel through the zero leading to a Russian metro station
Culture / Security / Technology
Breaches and Ransomware: A Look Back at 2021
26 Dec 2021 6:00am, by David Cassel
programming diagram
Security / Software Development
Funding Is Just One Piece of the Log4j Puzzle
25 Dec 2021 6:00am, by Mike Melanson
fire truck par ds_30 de Pixabay
Security / Open Source / Software Development
How to Find Dangerous Log4j Libraries
23 Dec 2021 6:46am, by Steven J. Vaughan-Nichols
Security
Cloud Security: Whose Responsibility Is It Anyway?
22 Dec 2021 2:26pm, by Celeste Malia
2022
DevOps / Microservices / Security / Sponsored / Contributed
What SecOps Teams Can Expect in 2022
22 Dec 2021 6:40am, by Faith Kilonzi
firefighters
DevOps / Open Source / Security / Sponsored / Contributed
Learning from the Unfolding Log4j Emergency
22 Dec 2021 4:00am, by Charlotte Freeman
API Management / Security / Sponsored / Contributed
Securing Large API Ecosystems
21 Dec 2021 8:00am, by Michal Trojanowski
Open Source / Security / Software Development
Yet Another Log4j Security Problem Appears
20 Dec 2021 10:58am, by Steven J. Vaughan-Nichols
programming diagram
Security / Software Development / Technology
Log4j Is One Big ‘I Told You So’ for Open Source Communities
18 Dec 2021 6:00am, by Mike Melanson
Security
The Projects and People That Shaped Security in 2021
17 Dec 2021 11:07am, by Celeste Malia
IoT Edge Computing / Security / Tools
New Company Quantinuum Offers Quantum-Based Encryption
17 Dec 2021 6:00am, by Jeffrey Burt
communication gap
DevOps / Security / Software Development / Sponsored / Contributed
Address the Communication Gap Between Dev and Security Teams
16 Dec 2021 8:52am, by Joan Goodchild
Culture / DevOps / Security / Sponsored / Contributed
Site Reliability Engineering and the Art of Improvisation
16 Dec 2021 7:33am, by Matt Davis
triangle
Cloud Native Ecosystem / Security / Networking / Sponsored / Contributed
10 Criteria to Evaluate Your Cloud Network Security Solution
16 Dec 2021 6:31am, by Jonathan Maresky
Machine Learning / Security / Software Development / Sponsored
Find Annoying Secrets in Your AWS Java and Python Programs
16 Dec 2021 3:00am, by Steven J. Vaughan-Nichols
API Management / Security / Software Development / Contributed
Beyond API Security Testing: Runtime Protection
15 Dec 2021 10:00am, by David Bisson
fire
Security / Software Development / Technology
Another Day, Another Log4j Vulnerability
15 Dec 2021 8:00am, by Steven J. Vaughan-Nichols
API Management / Security / Technology
Neosec Ties Its API Security Platform to Kong’s API Gateway
15 Dec 2021 5:00am, by Steven J. Vaughan-Nichols
Security / Software Development / Tools
Log4Shell: We Are in So Much Trouble
14 Dec 2021 8:13am, by Steven J. Vaughan-Nichols
orion
CI/CD / DevOps / Security / Sponsored / Contributed
Orion: Go Beyond Package Manager Discovery for Your SBOM
10 Dec 2021 6:50am, by Shripad Nadgowda and Laura Luan
Toronto rail
Data Science / Networking / Security / Sponsored / Contributed
Case Study: Implementing a Real-Time Observability Solution
9 Dec 2021 8:31am, by Jason Myers
dance
DevOps / Security / Software Development / Sponsored / Contributed
3 Reasons Developers Struggle with AppSec
8 Dec 2021 11:00am, by Joan Goodchild
software-supply-chain-chainlink.jpg
Cloud Native Ecosystem / Open Source / Security / Software Development / Technology / Sponsored
The Challenges of Securing the Open Source Supply Chain
8 Dec 2021 3:00am, by Ann R. Thryft
a line of padlocks
Cloud Native Ecosystem / Cloud Services / Data Science / Security / Technology / Sponsored
Why Cloud Native Systems Demand a Zero Trust Approach
6 Dec 2021 7:00am, by Heather Joslyn and Maria Korolov
Pagination Previous Button
1 2 3 4 5 6 7 8 9 10
Pagination Next Button
Architecture
  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage
Development
  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security
Operations
  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools
The New Stack
  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions

© 2022 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.