SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Open Source / Security

What ‘Security’ Means for Open Source Software

23 Jun 2020 9:24am, by Emily Omier

Development / DevOps / Security / Sponsored / Contributed

A New Path for Security: The Benefits of a Dev-First Security

23 Jun 2020 3:00am, by Guy Podjarny

CI/CD / Containers / Security

CloudBees Continuous Integration Platform Meets U.S. Military Specs

22 Jun 2020 11:49am, by B. Cameron Gain

DevOps / Security / Sponsored / Contributed

DevSecOps Is Having Its ‘OK Boomer’ Moment

22 Jun 2020 9:02am, by Tal Klein

DevOps / Kubernetes / Security / Contributed

5 Best Practices for Kubernetes Security

16 Jun 2020 1:06pm, by Robert Brennan

DevOps / Security / Tools

How SaltStack Reinvented Itself for a Cloud-Dominated World

16 Jun 2020 3:00am, by B. Cameron Gain

API Management / Security / Sponsored / Contributed

Why API Security Is Different and How the OpenAPI Spec Can Help

15 Jun 2020 9:37am, by Jesse Casman

Containers / Kubernetes / Security

Kubernetes Starboard Project Offers Security Scanning from Kubectl

15 Jun 2020 3:00am, by Mike Melanson

Cloud Services / DevOps / Security

GitLab Adds Security Fuzzing with Double Acquisition

11 Jun 2020 6:00am, by Mike Melanson

DevOps / Security / Tools / Sponsored

Why Third-Party Security Adoption Must Get Better

10 Jun 2020 5:00pm, by B. Cameron Gain and Alex Williams

Cloud Services / Kubernetes / Security / Contributed

Best Practices for Network Policies on the Amazon Elastic Kubernetes Service

10 Jun 2020 1:12pm, by Karen Bruner

Development / Security

Microsoft: Rust Is the Industry’s ‘Best Chance’ at Safe Systems Programming

10 Jun 2020 10:10am, by Joab Jackson

Cloud Native / Containers / Security / Contributed

The Container Security Maturity Model, a Step-by-Step Approach to Cloud Native Security

9 Jun 2020 10:37am, by Michelle McLean

Cloud Native / Security

CVSS Struggles to Remain Viable in the Era of Cloud Native Computing

9 Jun 2020 9:19am, by Jack Wallen

Development / Security

BluBracket: Getting a Grip on Open Source Code

4 Jun 2020 6:00am, by Susan Hall

Cloud Native / DevOps / Security / Sponsored

Survey: DevOps Teams Use too Many Cloud Security Tools

3 Jun 2020 10:29am, by B. Cameron Gain

Development / Open Source / Security

GitHub Open Source Projects Entangled by the Octopus Malware Scanner

3 Jun 2020 9:05am, by Jack Wallen

CI/CD / DevOps / Security

Chef Turns Its Focus to Security with Compliance, Desktop Additions

2 Jun 2020 9:00am, by Mike Melanson

Development / Open Source / Security

Securing the Software Supply Chain with a Software Bill of Materials

1 Jun 2020 1:35pm, by Mary Branscombe

DevOps / Security

Tools and DevSecOps: Necessary but Not Sufficient

28 May 2020 11:00am, by Emily Omier

Data / Security / Sponsored / Contributed

How to Make Health Care Data Both Accessible and Secure

27 May 2020 12:00pm, by Ben Wolfson

Cloud Native / Security / Technology / Sponsored

What Cloud Native Security Means for You and Your Peers Today

27 May 2020 8:01am, by B. Cameron Gain

Containers / Microservices / Security

Red Hat’s Keycloak Identity Access Management Bids to Join CNCF

26 May 2020 10:43am, by Mike Melanson

DevOps / Security

DevSecOps: Not Just About Security

26 May 2020 10:27am, by Emily Omier

DevOps / Kubernetes / Security / Sponsored / Contributed

A Security Checklist for Cloud Native Kubernetes Environments

22 May 2020 8:33am, by Arvind Gupta

CI/CD / DevOps / Security

Unmaintained Dependencies and Other Ways to Measure CI/CD Security

21 May 2020 9:19am, by Lawrence E Hecht

1 2 3 4 5 6 7 8 9 10

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.