SEARCH (ENTER TO SEE ALL RESULTS)

STORIES

TAGS

AUTHORS

POPULAR TOPICS

Analysis
News
Contributed
The New Stack Makers
Open Source
Research
Tutorial
Science
Off-The-Shelf Hacker
API Management

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace. Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.

+

DevOps / Security / Sponsored

How Service Meshes and Kubernetes Will Close Gap Between Speed and Security

20 Jun 2019 4:00pm, by Jennifer Riggins

+

Security / Contributed

Biometrics Brings Us One Step Closer to Eliminating Passwords for Good

18 Jun 2019 9:00am, by Pushkar Marathe

+

Cloud Native / Containers / Kubernetes / Security / Sponsored

Docker, the Cloud Native Computer Foundation Get Serious about Security

17 Jun 2019 5:00pm, by B. Cameron Gain

+

Containers / Security / Sponsored / Contributed

How to Lock Down the Kernel to Secure the Container

14 Jun 2019 10:35am, by Theo Despoudis

+

Cloud Native / Microservices / Security

WSO2 and Ping Partner to Protect Against API Attacks

12 Jun 2019 10:42am, by Mike Melanson

+

Containers / Security / Contributed

Implementing Effective Container Security Strategies

11 Jun 2019 12:00pm, by Tim Mackey

+

Networking / Security / Sponsored / Contributed

DNS Is an Easy Target for Attackers: Here’s What You Can Do

11 Jun 2019 9:49am, by Kris Beevers

+

Edge / IoT / Security / Tools

Linux Kernel 5.2 Will Address Industrial Operations, Two-Factor Authentication

10 Jun 2019 12:19pm, by Jack Wallen

+

Containers / Security / Contributed

The New Open Source Security Stack

6 Jun 2019 10:48am, by Loris Degioanni

+

CI/CD / Security / Sponsored / Contributed

The Biggest Security Risks Lurking in Your CI/CD Pipeline

5 Jun 2019 2:16pm, by Twain Taylor

+

CI/CD / DevOps / Security / Sponsored

How One of The Netherlands’ Largest Banks Came to CI/CD

4 Jun 2019 5:00pm, by B. Cameron Gain

+

Security

Open Source Trends, Vulnerabilities — And Corrections

4 Jun 2019 12:42pm, by B. Cameron Gain

+

Culture / DevOps / Security / Contributed

Your Next Security Hire Might Need to Be a Developer

4 Jun 2019 11:30am, by Hillel Solow

+

Cloud Native / Security

Cloud Native Security Consolidation: Palo Alto Networks Buys Twistlock, PureSec

30 May 2019 9:22am, by Mike Melanson

+

Development / Security

The Cloud Native Ecosystem’s Impact on Linux Kernel Development

29 May 2019 1:12pm, by Jack Wallen

+

Containers / Security

Docker Symlink-Race Vulnerability Could Allow Unauthorized Data Access

29 May 2019 11:26am, by Joab Jackson

+

Security

Fresh Spectre Vulnerabilities May Force Cloud Providers to Disable Intel Hyper-Threading

15 May 2019 2:53pm, by Joab Jackson

+

Culture / Security / Contributed

Secure Your IoT Deployment During the Security Talent Shortage

14 May 2019 4:00am, by Galen Hunt

+

Containers / Security / Contributed

As Enterprises Experiment with Containers, Secure Access Remains a Challenge

9 May 2019 3:00am, by Markku Rossi

+

Culture / DevOps / Security / Sponsored

Real Steps to Take to Go Beyond DevSecOps as a Concept

6 May 2019 5:00pm, by B. Cameron Gain

+

Containers / Security

A Week Later, Docker Offers Scant Details on Hub Attack

3 May 2019 1:55pm, by Joab Jackson

+

Containers / Kubernetes / Security

Locking Down Kubernetes Security, Compliance with Harbor

2 May 2019 5:00pm, by B. Cameron Gain

+

DevOps / Security

Taking Container Security to the Next Level with DevOps

1 May 2019 9:26am, by Michelle McLean

+

Containers / Security

The Docker Hub Hack: The Quick Fix and the Long-Term Questions

30 Apr 2019 6:00am, by Alex Williams

+

Containers / Security

Docker Hub Compromised, Users Urged to Reset Passwords, Tokens

27 Apr 2019 7:08am, by Joab Jackson

+

Security / Sponsored

8 Best Practices for Container Secrets Management

22 Apr 2019 8:34am, by Twain Taylor

1 2 3 4 5 6 7 8 9 10