SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Analysis
News
Contributed
The New Stack Makers
Open Source
Research
Tutorial
Science
Off-The-Shelf Hacker
API Management
Skip to content
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Newsletter
  • • • •
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Newsletter
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Security
    • Cloud Services
    • Data
    • Machine Learning
    • Development
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.

+

CI/CD / Data / DevOps / Security

Grafeas: A New Way to Track the DevOps Supply Chain

16 Oct 2017 6:00am, by Susan Hall

+

Culture / Security

Is It Time to Replace Social Security Numbers?

15 Oct 2017 6:00am, by David Cassel

+

Data / Development / Security / Serverless

This Week in Programming: GitHub Will Provide Security Alerts for Code Dependencies

14 Oct 2017 6:00am, by Mike Melanson

+

Security

The O’Reilly Security Conference: Teachable Moments and Envisioning Adversaries

12 Oct 2017 4:00am, by Michelle Gienow

+

Development / Security / Storage

Forthcoming Npm Update Will Add Two-Factor Authentication

10 Oct 2017 1:18pm, by Alex Handy

+

Kubernetes / Security

Security Alert: Patch Dnsmasq on Your Linux Servers, Kubernetes and Networking Devices

9 Oct 2017 1:26pm, by Lucian Constantin

+

Containers / Development / Kubernetes / Security

Container Camp: Four Security Lessons from a Live Container Hacking Session

9 Oct 2017 2:00am, by Jennifer Riggins

+

Machine Learning / Security / Contributed

Machine Learning To Help Find Anomalous and Malicious Activity

26 Sep 2017 7:00am, by Rohan Tandon

+

Security

Apache Web Server Bug Can Allow Attackers to Dip into Memory Data

22 Sep 2017 1:00am, by Lucian Constantin

+

Security / Storage

Okta Wants to Be an Identity Service for Developers

20 Sep 2017 2:00am, by Mary Branscombe

+

Development / Security

Python Package Repository Struggles to Deal with Typosquatting

19 Sep 2017 1:32pm, by Lucian Constantin

+

Security

Equifax Data Breach Shows the Perils of Not Patching in a Timely Manner

14 Sep 2017 12:31pm, by Lucian Constantin

+

Development / Machine Learning / Security

Machine Learning Lends a Hand for Automated Software Testing

13 Sep 2017 2:00am, by Mary Branscombe

+

Development / Security

Here’s Why You Should Have a CAA DNS Record for Your HTTPS Website

8 Sep 2017 6:00am, by Lucian Constantin

+

Development / Security

Critical Vulnerability in Apache Struts Puts Thousands of Web Applications at Risk

6 Sep 2017 2:00am, by Lucian Constantin

+

Containers / Security

Want a Docker Hacking Challenge? Try This Vulnerable VM

4 Sep 2017 5:00am, by Lucian Constantin

+

Development / Security

This Week in Programming: Developers Help with Harvey and TypeScript Gets an Update

2 Sep 2017 9:00am, by Mike Melanson

+

Development / Security

Security Researchers Lose Faith in HTTP Public Key Pinning

1 Sep 2017 2:00am, by Lucian Constantin

+

Cloud Services / Containers / DevOps / Kubernetes / Security / Sponsored

Cloud-Native Apps Lead Red Hat OpenShift Customers to Enterprise Integration

28 Aug 2017 3:59pm, by Alex Williams

+

CI/CD / Cloud Services / Containers / DevOps / Security

VMware Consolidates Its Cloud Platform Around Amazon, Applications

28 Aug 2017 12:16pm, by Scott M. Fulton III

+

CI/CD / DevOps / Kubernetes / Security / Sponsored

Twistlock Rethinks the Developer Pipeline for Securing Hyperscale Applications

25 Aug 2017 1:21pm, by Scott M. Fulton III

+

Development / Security

Grsecurity Vendor Sues Open Source Pioneer Bruce Perens in GPLv2 Disagreement

25 Aug 2017 6:00am, by Swapnil Bhartiya

+

CI/CD / Cloud Native / Security

Pivotal Cloud Foundry Now Can Offer Automated Patching with Concourse

24 Aug 2017 11:55am, by Susan Hall

+

Data / DevOps / Security

HashiCorp’s Introspection About its Open Source Heritage

24 Aug 2017 5:00am, by Susan Hall

+

DevOps / Kubernetes / Microservices / Security / Contributed

Aporeto’s Vision for a Shared Orchestration and Security Platform

24 Aug 2017 2:00am, by Scott M. Fulton III

+

Security

Xen Hypervisor Patched for Privilege Escalation and Information Leak Flaws

23 Aug 2017 2:00am, by Lucian Constantin

11 12 13 14 15 16 17 18 19 20

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Security
  • Cloud Services
  • Data
  • Machine Learning
  • Development

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2019 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.