SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Security

TLS Token-Binding Standard Gains a Foothold on the Web

3 Oct 2018 3:00am, by Mary Branscombe

Security

Two Serious Vulnerabilities Hit the Linux Kernel

1 Oct 2018 9:56am, by Lucian Constantin

Security / Contributed

Serverless Security Suggestions: Tips for Securing Functions

26 Sep 2018 9:29am, by John Morello

Kubernetes / Security

Hitachi Vantara: Improved Security, Management for Kubernetes

26 Sep 2018 6:00am, by Susan Hall

Security / Contributed

Temper Kubernetes and Container FOMO Through Security

25 Sep 2018 9:26am, by Chris Ford

Development / DevOps / Security / Sponsored

DevOps and Security Practices Equals DevSecOps

18 Sep 2018 3:03pm, by TNS Staff

DevOps / Security / Sponsored

SaltStack Expands into Security Compliance Scanning and Remediation

12 Sep 2018 9:13am, by Joab Jackson

Containers / Security

Kube-hunter: Aqua’s New Open Source Tool for Hunting Kubernetes Security Issues

20 Aug 2018 10:50am, by Susan Hall

Containers / Security / Sponsored / Contributed

Container Image Registry Security Best Practices

17 Aug 2018 9:00am, by Ben Bernstein

Microservices / Security / Sponsored

Automation Makes Microservices Security Practical to Deliver

15 Aug 2018 11:04am, by TNS Staff

Security / Sponsored / Contributed

Beefing Up Your Cloud Provider’s Security

15 Aug 2018 8:48am, by Michael Churchman

Security / Serverless / Sponsored / Contributed

Six Security Considerations for Serverless Environments

13 Aug 2018 9:51am, by Gadi Naor

CI/CD / DevOps / Security

Add It Up: DevOps Security Needs More Tooling

9 Aug 2018 1:00pm, by Lawrence E Hecht

CI/CD / Culture / DevOps / Security

DevSecOps: Security Automation in Enterprise DevOps

7 Aug 2018 10:55am, by Jennifer Riggins

CI/CD / Containers / Security

Anchore: Container Security Starts with the Images

7 Aug 2018 9:00am, by Susan Hall

Containers / Security / Serverless / Sponsored / Contributed

Security Differences: Containers vs. Serverless vs. Virtual Machines

7 Aug 2018 6:00am, by Vince Power

Culture / Edge / IoT / Machine Learning / Security

The Internet of Things: Securing Tomorrow’s Cars

6 Aug 2018 1:56pm, by Swapnil Bhartiya

Containers / Security

Alert Logic Debuts Intrusion Detection for Containers

2 Aug 2018 11:14am, by Susan Hall

Security / Serverless / Contributed

Your Security Just Might Kill Your Serverless

27 Jul 2018 8:49am, by Hillel Solow

Containers / Security

Cilium: Making BPF Easy on Kubernetes for Improved Security, Performance

23 Jul 2018 10:56am, by Susan Hall

Kubernetes / Security

Covalent Talks Cilium, and How It Brings BPF to Kubernetes

19 Jul 2018 12:42pm, by Alex Handy

Development / Security

Poor Password Hygiene Enabled ESLint Supply-Chain Attack on Npm

18 Jul 2018 3:00am, by Lucian Constantin

Security / Sponsored / Contributed

Serverless Security Risks Laid Bare

13 Jul 2018 8:23am, by Vince Power

Containers / Kubernetes / Security

StackRox Adds Feedback Loop, Orchestrator Security

12 Jul 2018 9:27am, by Susan Hall

Security / Contributed

Understanding AWS Cognito User and Identity Pools for Serverless Apps

12 Jul 2018 9:00am, by Jake Bennett

CI/CD / Security / Contributed

Building a ‘DevSecOps’ Power Trifecta

12 Jul 2018 6:00am, by Mehul Revankar

11 12 13 14 15 16 17 18 19 20

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.