SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Cloud Native / Security / Serverless / Sponsored

CISOs: 5 Essential Features in a Cloud Native Security Platform

18 Dec 2018 3:00am, by John Morello

Containers / Kubernetes / Security

How Rancher Discovered the Kubernetes Vulnerability

17 Dec 2018 3:00pm, by B. Cameron Gain

Open Source / Security / Contributed

Open Source Vulnerabilities: Minding Your Blind Spots

13 Dec 2018 9:00am, by Rami Sass

Cloud Native / Kubernetes / Security

KubeCon: New Tools for Protecting Kubernetes with Policy

12 Dec 2018 11:38am, by Mary Branscombe

Security / Serverless

Reaching 1.0, HashiCorp Vault Comes into Its Own

12 Dec 2018 3:00am, by Susan Hall

Kubernetes / Security

Aqua Security’s Kubernetes Benchmarks Get CIS Approval

11 Dec 2018 11:56am, by Mike Melanson

Security

Twistlock Enhances Visibility into Multicloud, Istio, Kubernetes

10 Dec 2018 12:35pm, by Susan Hall

Kubernetes / Security

Critical Vulnerability Allows Kubernetes Node Hacking

4 Dec 2018 10:24am, by Lucian Constantin

Cloud Native / DevOps / Security

Q&A: Rain Capital’s Chenxi Wang on ‘DevSecOps’

3 Dec 2018 10:30am, by Joab Jackson

Microservices / Security / Service Mesh / Sponsored / Contributed

Is Istio the Most Next-Gen, Next-Gen Firewall Ever?

3 Dec 2018 3:00am, by John Morello

Security

Attackers Up Their Game with Latest NPM Package Compromise

30 Nov 2018 8:29am, by Lucian Constantin

Cloud Native / Security / Serverless / Contributed

For Cloud Native, Application Security Starts with Identity Management

28 Nov 2018 9:59am, by Hillel Solow

DevOps / Security

Security’s Case Against ‘Cloud-Native DevOps’

27 Nov 2018 12:20pm, by Scott M. Fulton III

Security / Serverless

PureSec: The Most Dangerous Current Security Risks to Serverless

27 Nov 2018 10:00am, by Mark Boyd

Security / Serverless

Aqua’s ‘Guardrails’ for Securing Serverless Containers, Functions

19 Nov 2018 9:42am, by Susan Hall

CI/CD / DevOps / Security / Sponsored

Poorly Configured CI/CD Systems Can Be a Backdoor into Your Infrastructure

8 Nov 2018 9:22am, by Lucian Constantin

Cloud Services / Security / Serverless

PureSec Founder on Taking Control of Serverless Security

29 Oct 2018 3:00pm, by B. Cameron Gain

CI/CD / Security

How Dow Jones Folded Security into its Automated Dev Pipeline

26 Oct 2018 10:11am, by Joab Jackson

Cloud Native / Microservices / Security / Sponsored

A Service Mesh Helps Simplify PCI DSS Compliance

25 Oct 2018 9:12am, by Granville Schmidt

CI/CD / Development / Security

This Week in Programming: GitHub Dives Into DevOps with Actions

20 Oct 2018 6:00am, by Mike Melanson

Security / Tools

Add It Up: Reality Check on Automated Security Testing

18 Oct 2018 9:33am, by Lawrence E Hecht

CI/CD / Security / Sponsored

Integrate Security and Compliance into Your CI/CD Pipeline

17 Oct 2018 3:00am, by Twain Taylor

Monitoring / Security

Chef InSpec 3.0: Wider, Deeper on Automated Compliance

16 Oct 2018 10:52am, by Susan Hall

DevOps / Security / Technology / Tools

Add It Up: Test Automation Is Not a Tooling Story

11 Oct 2018 12:38pm, by Lawrence E Hecht

DevOps / Security

Sauce Labs: Pipeline Automation Key for Competitive Advantage

3 Oct 2018 1:04pm, by TC Currie

Security / Contributed

How to Start Applying Google’s ‘Zero Trust’ Model

3 Oct 2018 9:47am, by Steve Dyer

11 12 13 14 15 16 17 18 19 20

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.