SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Security / Sponsored

Twistlock Brings Container-Native Security to Virtual Machines

5 Mar 2019 11:27am, by B. Cameron Gain

Cloud Native / Microservices / Security

Scytale Launches SPIFFE-Based Service Identity Management

4 Mar 2019 8:50am, by Susan Hall

CI/CD / Kubernetes / Security

New Alcide Release Enhances Kubernetes, Istio Security

27 Feb 2019 9:35am, by Susan Hall

Security

Open Source Maintainers Want to Reduce Application Security Risk

26 Feb 2019 6:00am, by Lawrence E Hecht

Security

Information Security Spending: Don’t Be Fooled by Overconfidence

21 Feb 2019 9:49am, by Lawrence E Hecht

Cloud Native / Security / Sponsored

How ‘Secure’ Cloud Native Deployments Can Be

20 Feb 2019 3:00pm, by B. Cameron Gain

Containers / Kubernetes / Security / Sponsored

Guide for 2019: What to Consider About VMs and Kubernetes

18 Feb 2019 10:52am, by Joe Fernandes

Containers / Security

What You Need to Know About the RunC Container Escape Vulnerability

14 Feb 2019 9:40am, by Lucian Constantin

CI/CD / Containers / Security

WhiteSource: Open Source Security Management for Containers

14 Feb 2019 6:00am, by Mike Melanson

CI/CD / DevOps / Security

Facebook’s Tool for Automated Testing at 2 Billion Users Scale

4 Feb 2019 11:57am, by Jennifer Riggins

Containers / DevOps / Security

Security and Monitoring Are Converging

28 Jan 2019 3:00am, by Salil Deshpande

Culture / Security / Sponsored

Disseminating Knowledge: PagerDuty Open Sources Its Security Training

24 Jan 2019 12:00pm, by Rich Adams

Kubernetes / Security

StackRox Adds Kubernetes-Specific Security Capabilities

23 Jan 2019 11:53am, by Susan Hall

Containers / Kubernetes / Security

Kubernetes and the Return of the Virtual Machines

17 Jan 2019 3:00pm, by Joab Jackson

Culture / Security / Sponsored

The What and Why of a Unified Security Strategy

16 Jan 2019 6:00am, by Chris Riley

Data / Security / Contributed

5 Ways to Ensure Your Data Storage Systems Protect Customer Data

15 Jan 2019 10:50am, by Paul Steen

Cloud Native / Security / Sponsored

Twistlock: Cloud Native Implications For Security

11 Jan 2019 11:01am, by Libby Clark

Microservices / Monitoring / Security / Sponsored / Contributed

Monitoring Metrics You Can’t Afford to Ignore

11 Jan 2019 7:24am, by Dave Farinelli

Containers / Security

Security Worries Rise as Container Adoption Increases

10 Jan 2019 9:41am, by Lawrence E Hecht

Cloud Native / Cloud Services / Security / Sponsored

How to Secure Your Cloud Environment Beyond Your Cloud Vendor’s Tools

8 Jan 2019 3:00am, by Maame Efua Boham

Cloud Native / Cloud Services / Containers / Machine Learning / Security

The New Stack Survey: What to Expect in 2019

3 Jan 2019 11:59am, by B. Cameron Gain

Security

This Week in Programming: Kubernetes’ Future in Virtual Machines

29 Dec 2018 6:00am, by Mike Melanson

Development / Monitoring / Networking / Open Source / Security

Linux Technology for the New Year: eBPF

28 Dec 2018 11:44am, by Joab Jackson

Cloud Services / Kubernetes / Security / Serverless

Google’s Kelsey Hightower Dissects Serverless Hype and Hope

27 Dec 2018 3:00pm, by B. Cameron Gain

Security / Contributed

How to Implement Secure Containers Using Google’s gVisor

19 Dec 2018 9:00am, by Karthikeyan Shanmugam

Security

Semmle’s Insights Signal a Gestalt Shift in Security

18 Dec 2018 11:18am, by TC Currie

11 12 13 14 15 16 17 18 19 20

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.