SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Security / Serverless

Love Serverless, Remember Security

9 Jul 2018 6:00am, by B. Cameron Gain

Security

Containers Break the Shared Responsibility Model Between Cloud Providers and Ops 

3 Jul 2018 3:00am, by Gadi Naor

Containers / Kubernetes / Security

Over 20,000 Container Management Dashboards Are Exposed on the Internet

2 Jul 2018 3:00am, by Lucian Constantin

Containers / Security

Repository Attacks Continue with Backdoored Docker Images

29 Jun 2018 4:00am, by Lucian Constantin

Kubernetes / Security

Security for Kubernetes

26 Jun 2018 1:15pm, by Alex Handy

Containers / Kubernetes / Security

Sysdig Hones in on Unifying Security and Monitoring

18 Jun 2018 8:46am, by Susan Hall

Security

Container Security in Multitenant Environments

13 Jun 2018 12:09pm, by Scott M. Fulton III

Security / Sponsored / Contributed

Twistlock Makes Istio’s Security Layer More Robust, Easier to Monitor

7 Jun 2018 10:17am, by Liron Levin and John Morello

Security / Sponsored / Contributed

Will GDPR Pressure SaaS Vendors to Go On-Prem?

6 Jun 2018 6:00am, by Chris Churilo

CI/CD / Security / Sponsored / Contributed

Better Defense Against Spectre and Everything Else with Patching, SaltStack Hardening

5 Jun 2018 10:20am, by Mehul Revankar

Security

What Can We Learn from the Ransomware Attack on Atlanta?

3 Jun 2018 6:00am, by David Cassel

Security / Contributed

Five Things You Need to Know About API Security

31 May 2018 9:00am, by Renata Budko

Development / Security

Npm Attackers Sneak a Backdoor into Node.js Deployments through Dependencies

8 May 2018 9:42am, by Lucian Constantin

Security

Interview: Google gVisor and the Challenge of Securing Multitenant Containers

7 May 2018 10:17am, by Joab Jackson

Security / Sponsored

Cloud-Native Security Patching with DevOps Best Practices

2 May 2018 8:52am, by Liz Rice

Security

Google Launches gVisor, an Open Source Sandboxed Container Runtime

2 May 2018 3:00am, by Joab Jackson

Security / Sponsored / Contributed

Beyond CI/CD: How Continuous Hacking of Docker Containers and Pipeline Driven Security Keeps Ygrene Secure

25 Apr 2018 9:32am, by Zach Arnold and Austin Adams

Security / Contributed

The Bittersweet Road to Kubernetes Production

20 Apr 2018 11:21am, by Oliver Thylmann

Containers / Security / Contributed

Containers and Compliance: Building Secure, Automated Systems on Amazon Web Services

19 Apr 2018 9:01am, by Jason McKay

Security

Sunil James, CEO of Scytale, Explains SPIFFE

17 Apr 2018 1:41pm, by Alex Handy

Data / Security

Watchful.io Brings Real-Time Pattern Matching

13 Apr 2018 12:00pm, by Susan Hall

Security / Contributed

How to Scale Security with a Hardware Chain of Trust

12 Apr 2018 9:00am, by Chris Rosen

Kubernetes / Security

China vs. the World: A Kubernetes and Container Perspective

5 Apr 2018 10:02am, by Lawrence E Hecht

Edge / IoT / Security

Architectures at the Edge to Go the Last Mile

3 Apr 2018 4:43pm, by Alex Williams

Development / Security

How lgtm Discovered the Spring Framework Vulnerability

30 Mar 2018 6:00am, by Susan Hall

Kubernetes / Security

Here’s Why You Should Secure Your Etcd Deployment

29 Mar 2018 9:25am, by Lucian Constantin

11 12 13 14 15 16 17 18 19 20

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.