SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

DevOps / Security / Contributed

DevOps Needs Security Champions

9 Dec 2020 9:00am, by John Worrall

Cloud Native / Security / Sponsored / Contributed

Why We Need to Rethink Authorization for Cloud Native

9 Dec 2020 8:00am, by Tim Hinrichs

Kubernetes / Security / Contributed

Accenture’s Kubernetes Certification Covers Security at Every Level

8 Dec 2020 12:09pm, by John Forman

DevOps / Security / Sponsored / Contributed

3 Reasons Traditional Approaches to App Security Need an Upgrade

8 Dec 2020 11:49am, by Andreas Lehofer

Kubernetes / Security

Unfixable Kubernetes Security Hole Means Potential Man-in-the-Middle Attacks

8 Dec 2020 10:18am, by Steven J. Vaughan-Nichols

Cloud Services / Containers / Security

Quick Take: Container Security on Amazon Web Services

7 Dec 2020 1:29pm, by Lawrence E Hecht

Open Source / Security / Technology / Contributed

Open Source Is Taking Over Security

4 Dec 2020 5:00am, by Loris Degioanni

API Management / Security / Sponsored / Contributed

Developing Customer Identity and Access Management (CIAM) Solutions

3 Dec 2020 3:00pm, by Malithi Edirisinghe

Cloud Native / DevOps / Security / Sponsored / Contributed

Avoiding Technical Security Debt During Cloud Transformation

3 Dec 2020 1:18pm, by Chris Tozzi

Containers / Security

New containerd Security Hole Needs to Be Patched ASAP

3 Dec 2020 6:52am, by Steven J. Vaughan-Nichols

Linux / Networking / Security

Isovalent Harnesses eBPF for Cloud Native Security, Visibility

3 Dec 2020 3:00am, by Susan Hall

DevOps / Monitoring / Security / Sponsored / Contributed

Top 12 Best Practices for Better Incident Management Postmortems

2 Dec 2020 4:00am, by Steve Tidwell

DevOps / Security / Sponsored / Contributed

Intelligent Orchestration: the Key to the Future of DevSecOps

1 Dec 2020 12:00pm, by Meera Rao

CI/CD / DevOps / Security / Sponsored / Contributed

Vulnerability Management Could Use Some Validation

1 Dec 2020 10:11am, by Tal Klein

Cloud Native / Kubernetes / Security / Sponsored

CNCF’s Special Interest Group for Security

1 Dec 2020 3:00am, by Steven J. Vaughan-Nichols

Data / Machine Learning / Security / Sponsored

Microsoft: Machine Learning Models Can Be Easily Reverse Engineered

30 Nov 2020 11:45am, by Joab Jackson

Kubernetes / Security / Sponsored

Starboard: Putting all the Kubernetes Security Pieces into One Place

30 Nov 2020 11:00am, by Steven J. Vaughan-Nichols

Kubernetes / Security / Sponsored

Jetstack’s cert-manager Joins the CNCF Sandbox of Cloud Native Technologies

25 Nov 2020 4:00am, by Susan Hall

DevOps / Security / Sponsored / Contributed

SRE Tips to Prepare for Black Friday

25 Nov 2020 3:00am, by Austin Gunter

Cloud Native / Containers / Security / Sponsored

Pancakes are Hot and so Is Immutable Security

24 Nov 2020 2:33pm, by Alex Williams and B. Cameron Gain

Containers / Kubernetes / Security / Sponsored

Flatcar Container Linux Moves Beyond CoreOS Roots with Commercial Editions

24 Nov 2020 12:16pm, by Mike Melanson

Lennart Poettering in 2015

Data / Linux / Security

Systemd’s Lennart Poettering Wants to Bring Linux Home Directories into the 21st Century

22 Nov 2020 6:00am, by David Cassel

Cloud Native / Culture / Security / Sponsored

KubeCon: Lessons in Disaster Recovery from COVID-19 and Site Reliability Engineering

20 Nov 2020 11:50am, by Jennifer Riggins

Containers / Security / Sponsored / Contributed

How to Enable Developer Teams to Improve Container Security

20 Nov 2020 9:44am, by Sarah Conway

Development / Networking / Security / Sponsored

Kyverno, a New CNCF Sandbox Project, Offers Kubernetes-Native Policy Management

19 Nov 2020 1:44pm, by Mike Melanson

Cloud Native / Networking / Security

Open Policy Agent for the Enterprise: Styra’s Declarative Authorization Service

18 Nov 2020 9:00am, by Steven J. Vaughan-Nichols

1 2 3 4 5 6 7 8 9 10
21 22 23 24 25 26 27 28 29 30

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.