SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Cloud Services / Security

Palo Alto Networks: Botched Access Management an Easy Opening for Cloud Attacks

6 Oct 2020 3:00am, by Steven J. Vaughan-Nichols

Cloud Native / Kubernetes / Security

K8Spin Provides Multitenant Isolation for Kubernetes

5 Oct 2020 1:25pm, by Susan Hall

Black_Swan_2_-_Pitt_Town_Lagoon - Creative Commons via Wikipedia by JJ Harrison at jjharison dot com dot au

Development / Security

A Site Reliability Engineer’s Advice on What Breaks Our Systems

4 Oct 2020 6:00am, by David Cassel

Development / Security / Storage / Sponsored / Contributed

Red Hat Code Sleuths Uncover Mysterious Bug in Registry Service

2 Oct 2020 12:24pm, by Alex Handy

DevOps / Security

Culture, Vulnerabilities and Budget: Why Devs and AppSec Disagree

1 Oct 2020 10:01am, by Lawrence E Hecht

Cloud Native / Security / Sponsored / Contributed

15 Considerations for Your Next Cloud Native Security Audit

30 Sep 2020 12:00pm, by Twain Taylor

Cloud Services / Kubernetes / Security

Microsoft Azure Brings Confidential Computing to Kubernetes

30 Sep 2020 11:44am, by Mary Branscombe

Containers / Kubernetes / Security / Sponsored

How Kubernetes Vulnerabilities Have Shifted Since the First API Attacks

28 Sep 2020 3:00pm, by Alex Williams and B. Cameron Gain

DevOps / Security / Sponsored / Contributed

These Infrastructure-as-Code Benefits Are Your Cloud Security Opportunities

28 Sep 2020 12:00pm, by Guy Eisenkot

Data / Kubernetes / Security

Druva Introduces Software as a Service Data Protection for Kubernetes

28 Sep 2020 9:50am, by Steven J. Vaughan-Nichols

Cloud Services / Kubernetes / Security / Contributed

Techniques to Avoid Cloud Lock-in

28 Sep 2020 9:08am, by Shantanu Joshi

Development / Security / Sponsored / Contributed

Implement Delegated Access with OpenID Connect Authentication for Okta Single Sign on

28 Sep 2020 7:24am, by Virag Mody

CI/CD / DevOps / Security / Sponsored

CloudBees CI/CD Widens Access and Control for SecOps

23 Sep 2020 1:48pm, by B. Cameron Gain

CI/CD / DevOps / Security / Sponsored / Contributed

5 Common Risks in Infrastructure-as-Code Templates

22 Sep 2020 10:11am, by Theo Despoudis

API Management / Data / Security

JupiterOne Automates Asset Management, Security, Compliance

21 Sep 2020 9:34am, by Susan Hall

Kubernetes / Security

Laying the Groundwork for Kubernetes Security, Across Workloads, Pods and Users

16 Sep 2020 10:31am, by Jennifer Riggins

DevOps / Security / Sponsored / Contributed

6 DevSecOps Metrics for DevOps and Security Teams to Share

16 Sep 2020 9:19am, by Chris Tozzi

Open Source / Security

The Open Source Security Foundation Looks to Unite and Conquer

15 Sep 2020 3:00am, by Mike Melanson

Cloud Native / Security

KubeCon EU: Cloud Native Security Tools for the Next Decade Will Focus on Recovery

11 Sep 2020 12:25pm, by Jennifer Riggins

Cloud Native / DevOps / Security / Sponsored

Struggles of the Cloud — Survival Tactics from Two GitLab Experts

8 Sep 2020 5:00pm, by Richard MacManus

Cloud Services / Security

Google Launches Confidential VMs, GKE Nodes, to Encrypt Data In-Use

8 Sep 2020 10:35am, by Mike Melanson

DevOps / Security / Sponsored / Contributed

Three Ways to Overcome Cloud DevSecOps Bottlenecks

3 Sep 2020 5:00am, by Idan Tendler

DevOps / Security / Technology

Refactr Brings Easier Automation to DevSecOps

2 Sep 2020 6:00am, by Susan Hall

Cloud Services / Security / Contributed

DIY Access Security for Amazon Web Services

25 Aug 2020 12:00pm, by Michael Dolinsky

Development / Security / Sponsored / Contributed

OAuth 2.0, but Hold the Jargon Please

25 Aug 2020 9:17am, by Virag Mody

DevOps / Security / Sponsored / Contributed

Why DevSecOps Is the New Bottleneck for Cloud Native Teams

24 Aug 2020 8:00am, by Idan Tendler

1 2 3 4 5 6 7 8 9 10

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.