SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Podcast
Research
Feature
Science
Profile

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace. Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.

Kubernetes / Security / Service Mesh / Contributed

7 Requirements for Optimized Traffic Flow and Security in Kubernetes

31 Jul 2019 9:51am, by Almas Raza and John Allen

Cloud Services / Security

Capital One’s Cloud Misconfiguration Woes Have Been an Industry-Wide Fear

30 Jul 2019 1:13pm, by Lawrence E Hecht

Cloud Services / Security / Contributed

Taking Advantage of the Public Cloud without Compromising Security

30 Jul 2019 6:00am, by Lior Cohen

Cloud Native / Monitoring / Security

The Evolution of the Site Reliability Engineer

23 Jul 2019 5:00pm, by Jennifer Riggins

Kubernetes / Security / Serverless / Sponsored

Demo: How the Twistlock Security Platform Supports Serverless

22 Jul 2019 5:00pm, by B. Cameron Gain

Culture / Security

ContainerDays 2019: Why GDPR Is Good for Data Sovereignty

15 Jul 2019 9:25am, by B. Cameron Gain

Cloud Services / Security / Sponsored

AWS and Symantec Each Redefine the ‘Single Pane of Glass’ for the Cloud

5 Jul 2019 8:25am, by Mike Melanson

Cloud Services / Security

Organizations Running on More Clouds Less Likely to See Security Threats

3 Jul 2019 1:00pm, by Lawrence E Hecht

Cloud Services / Security / Sponsored

AWS Control Tower Offers Automated Multi-Account Management

1 Jul 2019 11:03am, by Mike Melanson

Containers / Security / Sponsored

Google’s Maya Kaczorowski on Where Responsibility for Container Security Begins and Ends

28 Jun 2019 11:49am, by B. Cameron Gain

DevOps / Monitoring / Security / Sponsored / Contributed

Security Metrics that Actually Matter in a DevOps World

28 Jun 2019 10:59am, by Meg O’Leary

Cloud Native / Security / Serverless / Sponsored

Twistlock 19.07 Builds on Automation, Visibility, Prevention

25 Jun 2019 4:00am, by Mike Melanson

DevOps / Security / Sponsored

Best Practices Across the DevSecOps Lifecycle

24 Jun 2019 5:00pm, by Joab Jackson

Culture / Machine Learning / Security

Are We Ready for AI-Powered Security Cameras?

23 Jun 2019 6:00am, by David Cassel

DevOps / Security / Sponsored

How Service Meshes and Kubernetes Will Close Gap Between Speed and Security

20 Jun 2019 4:00pm, by Jennifer Riggins

Security / Contributed

Biometrics Brings Us One Step Closer to Eliminating Passwords for Good

18 Jun 2019 9:00am, by Pushkar Marathe

Cloud Native / Containers / Kubernetes / Security / Sponsored

Docker, the Cloud Native Computer Foundation Get Serious about Security

17 Jun 2019 5:00pm, by B. Cameron Gain

Containers / Security / Sponsored / Contributed

How to Lock Down the Kernel to Secure the Container

14 Jun 2019 10:35am, by Theo Despoudis

API Management / Cloud Native / Microservices / Security

WSO2 and Ping Partner to Protect Against API Attacks

12 Jun 2019 10:42am, by Mike Melanson

Containers / Security / Contributed

Implementing Effective Container Security Strategies

11 Jun 2019 12:00pm, by Tim Mackey

Networking / Security / Sponsored / Contributed

DNS Is an Easy Target for Attackers: Here’s What You Can Do

11 Jun 2019 9:49am, by Kris Beevers

Edge / IoT / Open Source / Security / Tools

Linux Kernel 5.2 Will Address Industrial Operations, Two-Factor Authentication

10 Jun 2019 12:19pm, by Jack Wallen

Containers / Security / Contributed

The New Open Source Security Stack

6 Jun 2019 10:48am, by Loris Degioanni

CI/CD / Security / Sponsored / Contributed

The Biggest Security Risks Lurking in Your CI/CD Pipeline

5 Jun 2019 2:16pm, by Twain Taylor

CI/CD / DevOps / Security / Sponsored

How One of The Netherlands’ Largest Banks Came to CI/CD

4 Jun 2019 5:00pm, by B. Cameron Gain

Security

Open Source Trends, Vulnerabilities — And Corrections

4 Jun 2019 12:42pm, by B. Cameron Gain

11 12 13 14 15 16 17 18 19 20