SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Cloud Native / DevOps / Security

Panel Discussion: Cloud Security in the Age of Distributed DevOps

20 May 2020 8:00am, by TNS Staff

Development / Security / Sponsored / Contributed

5 More Security Risks for Infrastructure-as-Code

20 May 2020 7:35am, by Piyush Sharrma

Kubernetes / Security

VMware to Acquire Octarine to Boost Kubernetes Runtime Security

13 May 2020 2:02pm, by Joab Jackson

Development / Security

Sudo Update Offers Python Plug-Ins, Extended Logging, Auditing

13 May 2020 10:11am, by Mike Melanson

Containers / Kubernetes / Security / Sponsored

How to Fix the Gaps in Kubernetes Infrastructure Management

12 May 2020 5:00pm, by B. Cameron Gain

Cloud Native / Security / Sponsored / Contributed

Cryptographic Keys in a Cloud Native Environment

11 May 2020 1:19pm, by Leonid Sandler

Networking / Security / Service Mesh

Simplicity and Security: What Commercial Providers Offer for the Service Mesh

11 May 2020 12:04pm, by Emily Omier

Development / DevOps / Security / Contributed

How Autonomous Linux Simplifies DevSecOps for Developers

11 May 2020 9:37am, by Robert Shimp

DevOps / Machine Learning / Security / Contributed

AIOps Readiness in 5 Steps

6 May 2020 9:34am, by Paul Scully

DevOps / Security / Sponsored / Contributed

The State of XOps: Successful SecOps Teams Automate and Align

6 May 2020 6:55am, by Alex Peay

Kubernetes / Security

Tutorial: Create a Kubernetes Pod Security Policy

5 May 2020 12:35pm, by Jack Wallen

Networking / Security / Contributed

How the Network Effect Levels the Cybersecurity War Zone

5 May 2020 9:45am, by Ian Baxter

Cloud Native / DevOps / Security

Cloud Security in a Distributed DevOps World: A Virtual Pancake Breakfast

4 May 2020 12:50pm, by Celeste Malia

Security / Contributed

Game Theory: Why System Security Is Like Poker, Not Chess

4 May 2020 9:28am, by David Brumley

CI/CD / Development / DevOps / Security

Automated Dependency Management with Depfu

4 May 2020 3:00am, by Susan Hall

Containers / Microservices / Security / Contributed

Public Key Infrastructure Needs to Evolve to Support Cloud Native Computing

1 May 2020 10:55am, by Ben Hirschberg

Cloud Services / Security / Sponsored / Contributed

Making Security an Open Source Community Affair

30 Apr 2020 12:00pm, by Matt Asay

CI/CD / Security

Add It Up: Integrating Security into the Development Pipeline

30 Apr 2020 11:27am, by Lawrence E Hecht

CI/CD / DevOps / Security

Snyk Brings Its DevOps Security Sweep to Red Hat OpenShift

29 Apr 2020 1:56pm, by B. Cameron Gain

Edge / IoT / Monitoring / Security / Sponsored / Contributed

A Logging Stack for the Internet of Things

29 Apr 2020 12:00pm, by Laura Santamaria

DevOps / Security / Serverless / Contributed

How Serverless Accelerates DevSecOps

28 Apr 2020 8:51am, by Tim Zonca

Development / Security / Sponsored / Contributed

Top 5 Security Risks for Infrastructure-as-Code

28 Apr 2020 7:37am, by Piyush Sharrma

Cloud Native / Containers / Security

Kata Containers Demo: A Container Experience with VM Security

27 Apr 2020 2:05pm, by Alex Williams and B. Cameron Gain

DevOps / Security / Tools / Sponsored / Contributed

SecOps and IT Operations: When and How to Use Automation

24 Apr 2020 8:46am, by Thomas Hatch

Data / Development / Security

Why COVID-19 Contact Tracing Requires a Distributed Database

23 Apr 2020 2:15pm, by Joab Jackson

DevOps / Security / Sponsored / Contributed

Cloud Security in the Age of COVID-19

23 Apr 2020 7:48am, by Matt Chiodi

1 2 3 4 5 6 7 8 9 10

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.