SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Podcast
Research
Feature
Science
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • DevOps
    • DevSecOps
    • Docker Ecosystem
    • Kubernetes Ecosystem
    • Microservices
    • Serverless
    • Storage
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Security

What Can We Learn from the Ransomware Attack on Atlanta?

3 Jun 2018 6:00am, by David Cassel

Security / Contributed

Five Things You Need to Know About API Security

31 May 2018 9:00am, by Renata Budko

Development / Security

Npm Attackers Sneak a Backdoor into Node.js Deployments through Dependencies

8 May 2018 9:42am, by Lucian Constantin

Security

Interview: Google gVisor and the Challenge of Securing Multitenant Containers

7 May 2018 10:17am, by Joab Jackson

Security / Sponsored

Cloud-Native Security Patching with DevOps Best Practices

2 May 2018 8:52am, by Liz Rice

Security

Google Launches gVisor, an Open Source Sandboxed Container Runtime

2 May 2018 3:00am, by Joab Jackson

Security / Sponsored / Contributed

Beyond CI/CD: How Continuous Hacking of Docker Containers and Pipeline Driven Security Keeps Ygrene Secure

25 Apr 2018 9:32am, by Zach Arnold and Austin Adams

Security / Contributed

The Bittersweet Road to Kubernetes Production

20 Apr 2018 11:21am, by Oliver Thylmann

Containers / Security / Contributed

Containers and Compliance: Building Secure, Automated Systems on Amazon Web Services

19 Apr 2018 9:01am, by Jason McKay

Security

Sunil James, CEO of Scytale, Explains SPIFFE

17 Apr 2018 1:41pm, by Alex Handy

Security / Technology

SSL Adoption Continues to Rise

14 Apr 2018 9:00am, by Lawrence E Hecht

Data / Security

Watchful.io Brings Real-Time Pattern Matching

13 Apr 2018 12:00pm, by Susan Hall

Security / Contributed

How to Scale Security with a Hardware Chain of Trust

12 Apr 2018 9:00am, by Chris Rosen

Kubernetes / Security

China vs. the World: A Kubernetes and Container Perspective

5 Apr 2018 10:02am, by Lawrence E Hecht

Edge / IoT / Security

Architectures at the Edge to Go the Last Mile

3 Apr 2018 4:43pm, by Alex Williams

Development / Security

How lgtm Discovered the Spring Framework Vulnerability

30 Mar 2018 6:00am, by Susan Hall

Kubernetes / Security

Here’s Why You Should Secure Your Etcd Deployment

29 Mar 2018 9:25am, by Lucian Constantin

Kubernetes / Security

Kubernetes Races to Fix Regressions Introduced by Recent Security Patches

26 Mar 2018 8:56am, by Lucian Constantin

Microservices / Security

Microservices Security: Probably Not What You Think It Is

26 Mar 2018 6:00am, by B. Cameron Gain

Security

This Week on The New Stack: Kubernetes and the Single Sign-on

23 Mar 2018 1:57pm, by Libby Clark

Kubernetes / Security

The Top Challenges Kubernetes Users Face with Deployment

22 Mar 2018 9:00am, by Lawrence E Hecht

Containers / Security / Sponsored / Contributed

Five Docker Security Best Practices

22 Mar 2018 6:00am, by Amit Sharma

Machine Learning / Security / Sponsored / Contributed

Machine Learning and Beyond: Algorithmic Detection in Security

19 Mar 2018 8:37am, by Vishwanath Raman

Security / Sponsored / Contributed

Why a Firewall Can’t Protect Against a Memcache DDoS Attack

19 Mar 2018 3:00am, by Nitzan Niv

Containers / Kubernetes / Security

Aqua Extends Container Security Platform to Kubernetes, Cloud Services

12 Mar 2018 12:15pm, by Joab Jackson

Culture / Edge / IoT / Open Source / Security

Mender: An Open Source Software Updater for the Internet of Things

12 Mar 2018 6:00am, by Susan Hall

11 12 13 14 15 16 17 18 19 20

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.