SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Podcast
Research
Feature
Science
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • DevOps
    • DevSecOps
    • Docker Ecosystem
    • Kubernetes Ecosystem
    • Microservices
    • Serverless
    • Storage
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Containers / Security

Red Hat Enlists Black Duck to Assess Container Security

20 Oct 2015 10:05am, by Scott M. Fulton III

Cloud Native / Cloud Services / Containers / Data / Development / DevOps / Kubernetes / Microservices / Open Source / Security

TNS Makers from AWS re:Invent: Jut, Platform9, Basho and General Catalyst’s Steve Herrod

18 Oct 2015 2:10pm, by Kiran Oliver

API Management / Cloud Services / Containers / Development / DevOps / Microservices / Open Source / Security

TNS Makers from AWS re:Invent: Appcito, Sysdig, Rancher and Runscope

12 Oct 2015 9:00am, by Kiran Oliver

Security

Immunio’s App-Security Tool for Secure Development

30 Sep 2015 5:17pm, by Susan Hall

Development / Open Source / Security

Picasso Didn’t Have Markdown, or “Matt Ray’s DevOps World” — Software Defined Talk #44

23 Sep 2015 5:24pm, by Michael Coté

Containers / Security

How Docker Helped Yelp Leave the Monolith Behind

16 Sep 2015 8:32pm, by Jennifer Riggins

Kubernetes / Security

Defining a Unikernel and How it Works

17 Aug 2015 11:42am, by Russell Pavlicek

Containers / Security

Docker: With Content Trust, You Can Run Containers on Untrusted Networks

12 Aug 2015 5:15pm, by Scott M. Fulton III

Security

Microsegmentation: How VMware Addresses the Container Security Issue

30 Jun 2015 10:03am, by Scott M. Fulton III

Containers / Security

Docker Trusted Registry Goes On-Prem, Promises Better Security

23 Jun 2015 10:09am, by Susan Hall

Cloud Services / DevOps / Microservices / Monitoring / Security

Sumo Logic Funding Shows Demand for Predictive Analytics with Data Streaming

1 Jun 2015 10:56am, by Susan Hall

Cloud Native / Containers / Security

VMware Responds to Container Movement with Lightweight Linux OS and Cloud-Native Tools

20 Apr 2015 5:01am, by Susan Hall

Containers / Monitoring / Security

Docker Shows Maturity in Latest Release with IPv6 Support, Read-Only Containers

13 Feb 2015 9:43am, by Mark Boyd

Containers / Security

Google’s Private Container Registry in Beta Release

23 Jan 2015 11:15am, by Susan Hall

Development / Open Source / Security / Sponsored

The Git Vulnerability and its Aftermath

22 Dec 2014 12:02pm, by Luke Lefler

Security

Major Git Security Vulnerability Discovered Causing GitHub to Encourage Update to Git Clients

18 Dec 2014 2:11pm, by Alex Williams

Containers / Security

Docker Addresses More Security Issues and Outlines “Pluggable” Approach

12 Dec 2014 4:53pm, by Mark Boyd

Security

With Launch of Germany Region, AWS Strives to Quell Privacy Concerns

23 Oct 2014 6:50am, by Nancy Gohring

API Management / Containers / DevOps / Kubernetes / Networking / Security / Sponsored

Defining Orchestration and Drinking The Docker Kool-Aid at IDF

15 Sep 2014 1:46pm, by Alex Williams

Security / Sponsored

Naked Selfies Will Get Exposed In a World of Data Shaded in Gray

3 Sep 2014 9:11pm, by Tal Klein

API Management / Development / Security

Evaluating Node.js Frameworks, Hacking a WordPress Site and more from the Sponsored Feed

18 Aug 2014 8:29am, by Alex Williams

Security

The Problem with Email Security

15 Aug 2014 10:40am, by Paavan Mistry

Containers / Development / Open Source / Security / Sponsored

Docker’s Inherent Lack of Security, the Black Hat View

13 Aug 2014 7:38am, by Alex Williams

API Management / Security

Posting Private Keys in the Code Repository Hunting Grounds

26 Jul 2014 8:14am, by Paavan Mistry

Security

Security Do’s and Don’ts for Early-Stage Companies

9 Jul 2014 4:16pm, by Bradley Buda

Cloud Native / Security

The Cloud Has ‘Key’ Problems

2 Jul 2014 6:29am, by Paavan Mistry

25 26 27 28 29 30 31 32 33 34

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.