SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

DevOps / Kubernetes / Security / Contributed

Fairwinds Insights Brings Kubernetes Configuration Checks to the Developer

11 Nov 2020 10:34am, by TNS Staff

Cloud Services / Security / Serverless / Sponsored / Contributed

How to Achieve Ironclad Serverless Security

11 Nov 2020 7:25am, by Guy Podjarny

Cloud Services / DevOps / Security / Sponsored / Contributed

Terraform on AWS: Multi-Account Setup and Other Advanced Tips

10 Nov 2020 1:10pm, by Serkan Özal

CI/CD / Security

GitHub Actions Design Flaw Leaves Security Hole for Remote Code Execution

10 Nov 2020 10:18am, by Steven J. Vaughan-Nichols

DevOps / Security / Sponsored / Contributed

Best Practices for Securing Identity and Access Management on Amazon Web Services

9 Nov 2020 2:00pm, by Matt Johnson

Linux / Networking / Security

eBPF: Put the Kubernetes Data Plane in the Kernel

6 Nov 2020 1:33pm, by Joab Jackson

Culture / Security

Q&A: Book Author Andy Greenberg on Government-Sponsored Hacker Threats

6 Nov 2020 11:12am, by B. Cameron Gain

Kubernetes / Security / Sponsored / Contributed

Kubernetes Security Best Practices to Keep You out of the News

5 Nov 2020 12:03pm, by David Sudia

Cloud Native / Kubernetes / Security / Sponsored / Contributed

Why Securing Secrets in Cloud and Container Environments Is Important – and How to Do It

30 Oct 2020 12:27pm, by Gary Duan

Kubernetes / Security

StackRox KubeLinter Brings Security Linting to Kubernetes

30 Oct 2020 3:00am, by Steven J. Vaughan-Nichols

Cloud Native / Machine Learning / Security

Snyk Rethinks Static Application Security Testing for Developers

29 Oct 2020 12:20pm, by B. Cameron Gain

API Management / Security / Contributed

4 Essential Tools for Protecting APIs and Web Applications

29 Oct 2020 10:30am, by Brian Schwarz

Kubernetes / Monitoring / Security / Sponsored / Contributed

Kubernetes Horror Stories

27 Oct 2020 12:28pm, by Serkan Özal

DevOps / Security / Contributed

DevSecOps Can Address the Challenges of Governance, Risk, Compliance (GRC)

27 Oct 2020 11:36am, by Andrew Davis

API Management / Security

Puppet Comply Automates Security Policy

27 Oct 2020 10:37am, by Mike Melanson

Cloud Native / DevOps / Security / Sponsored / Contributed

The Future of Cloud Native Security Is Self-Healing

26 Oct 2020 9:29am, by Jon Jarboe

Cloud Services / Security / Sponsored / Contributed

Intelligently Managing Risk: Multicloud Infrastructure Security

21 Oct 2020 9:03am, by Vince Power

Cloud Native / Development / Security

Primer: How HashiCorp Boundary Brings Cloud Native Computing to the Developer Desktop

20 Oct 2020 11:59am, by Joab Jackson

Cloud Services / Security / Tools

HashiCorp Adds Vault to Its Cloud Platform, Launches Access Security Project

14 Oct 2020 11:44am, by B. Cameron Gain

DevOps / Security / Sponsored / Contributed

Avoid the 5 Most Common Amazon Web Services Misconfigurations in Build-Time

9 Oct 2020 1:58pm, by Nimrod Kor

Development / Security

InfoSec Use of Compliance Tools for Open Source Software

8 Oct 2020 9:27am, by Lawrence E Hecht

CI/CD / DevOps / Security / Sponsored

DevOps World: DevOps Moves to Resilient Collaboration

7 Oct 2020 1:20pm, by Jennifer Riggins

Cloud Native / Kubernetes / Security

VMworld 2020: Can a Single Vendor Pull DevOps into One API?

7 Oct 2020 11:51am, by B. Cameron Gain

Cloud Services / Kubernetes / Security / Contributed

Brendan Burns: Everything You Need to Know About Confidential Computing and Containers

7 Oct 2020 6:00am, by Brendan Burns

Microservices / Security / Service Mesh / Sponsored / Contributed

Zero-Trust Security with Service Mesh

6 Oct 2020 12:00pm, by Rose Sawvel

DevOps / Security / Sponsored / Contributed

Prescription for Connected Device and Telehealth Developers: Focus on Actual vs. Perceived Risk

6 Oct 2020 7:24am, by Tal Klein

1 2 3 4 5 6 7 8 9 10

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.