SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Analysis
News
Contributed
The New Stack Makers
Open Source
Research
Tutorial
Science
Off-The-Shelf Hacker
API Management
Skip to content
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Newsletter
  • • • •
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Newsletter
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Security
    • Cloud Services
    • Data
    • Machine Learning
    • Development
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.

+

Cloud Native / Containers / Kubernetes / Security

Kata Containers: Secure, Lightweight Virtual Machines for Container Environments

18 Dec 2017 10:16am, by Scott M. Fulton III

+

CI/CD / Development / Microservices / Security

ShiftLeft Shifts Security Focus to Analyzing Applications, Not Reacting to Threats

15 Dec 2017 12:00pm, by Susan Hall

+

CI/CD / Cloud Services / Containers / Data / Development / DevOps / Kubernetes / Monitoring / Security

CloudPassage’s Security-as-a-Service Addresses Needs in Speed, Compliance

13 Dec 2017 10:04am, by Susan Hall

+

Development / Security

Node.js Fixes High-Risk Data Confidentiality Flaw

12 Dec 2017 9:48am, by Lucian Constantin

+

Development / DevOps / Security

HashiCorp Brings Terraform Infrastructure Provisioning to the Enterprise

12 Dec 2017 9:00am, by Alex Handy

+

Containers / Security

Nested Virtualization Offers Containers the Isolation of VMs without the Overhead

12 Dec 2017 3:00am, by Mary Branscombe

+

Containers / DevOps / Security

tCell.io Aims to Make Application Security More DevOps Friendly

11 Dec 2017 6:00am, by Susan Hall

+

Cloud Native / Security

Trilio Evolves Data Backup to Migration and Compliance Services

11 Dec 2017 2:00am, by Mark Boyd

+

Development / DevOps / Security

Developers Care About Security, but the Infosec Team Cares More

2 Dec 2017 9:20am, by Lawrence E Hecht

+

Containers / DevOps / Kubernetes / Security

CSPi Puts Container Security Focus on Protecting Data, Rather than Infrastructure

28 Nov 2017 6:00am, by Susan Hall

+

Security / Storage

TNS Guide: How to Manage Passwords and Keep Your Online Accounts Secure

23 Nov 2017 3:00am, by Lucian Constantin

+

Cloud Native / DevOps / Kubernetes / Security

How Cloud Foundry Helps Developers Embrace Flexibility While Balancing Security

20 Nov 2017 2:00pm, by Kiran Oliver

+

CI/CD / Development / Machine Learning / Security

GitHub Applies Machine Learning to Alert Your Project Dependencies

17 Nov 2017 3:00am, by Michelle Gienow

+

CI/CD / Cloud Native / Containers / Development / Security

Chef Sweetens the Deal for Developers on AWS

16 Nov 2017 5:00am, by Susan Hall

+

Machine Learning / Security / Storage

AI Startup Cracks CAPTCHA Codes with Human-Like Vision

13 Nov 2017 6:00am, by Kimberley Mok

+

Development / Kubernetes / Microservices / Networking / Security / Storage

What Kubernetes Needs to Run in Production

9 Nov 2017 11:18am, by Craig Martin, Janakiram MSV and Krishnan Subramanian

+

Cloud Native / Containers / Security

Vulnerability Management at Scale: A Talk with Pivotal’s Technical Program Manager of Security

7 Nov 2017 2:00pm, by Kiran Oliver

+

CI/CD / Development / Security / Serverless

Lori MacVittie of F5 Networks: Who’s in Charge of Automated Security?

6 Nov 2017 1:38pm, by Scott M. Fulton III

+

CI/CD / Cloud Native / Kubernetes / Security

OpenStack Summit Sydney Addresses Open Source’s Integration Pains

6 Nov 2017 10:07am, by Mark Boyd

+

Data / Microservices / Security / Storage

Apache Kafka 1.0 Released Exactly Once

3 Nov 2017 1:13pm, by Alex Handy

+

CI/CD / Containers / Security / Sponsored / Contributed

Containerization Makes Security and Compliance Instantly Easier

2 Nov 2017 7:00am, by John Morello

+

Development / Monitoring / Security

Corelight Boosts the Battle-Hardened Bro Network Monitoring Tech

27 Oct 2017 10:49am, by Susan Hall

+

Development / Security

Node.js Update Fixes a Serious Remote Denial-of-Service Flaw

25 Oct 2017 9:57am, by Lucian Constantin

+

Development / Security

This Week in Programming: Automated Pull Requests for the Security Win

21 Oct 2017 6:00am, by Mike Melanson

+

Cloud Native / Containers / Security

A Look at SCONE: Secure Linux Containers in Untrusted Environments with Intel SGX

20 Oct 2017 8:30am, by Joab Jackson

+

CI/CD / Security

Jenkins Security Updates Fix Three High-Risk Vulnerabilities

18 Oct 2017 11:05am, by Lucian Constantin

11 12 13 14 15 16 17 18 19 20

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Security
  • Cloud Services
  • Data
  • Machine Learning
  • Development

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2019 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.