SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Analysis
News
Contributed
The New Stack Makers
Open Source
Research
Tutorial
Science
Off-The-Shelf Hacker
API Management
Skip to content
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Newsletter
  • • • •
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Newsletter
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Security
    • Cloud Services
    • Data
    • Machine Learning
    • Development
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.

+

Monitoring / Security

Chef InSpec 3.0: Wider, Deeper on Automated Compliance

16 Oct 2018 10:52am, by Susan Hall

+

DevOps / Security / Technology / Tools

Add It Up: Test Automation Is Not a Tooling Story

11 Oct 2018 12:38pm, by Lawrence E Hecht

+

DevOps / Security

Sauce Labs: Pipeline Automation Key for Competitive Advantage

3 Oct 2018 1:04pm, by TC Currie

+

Security / Contributed

How to Start Applying Google’s ‘Zero Trust’ Model

3 Oct 2018 9:47am, by Steve Dyer

+

Security

TLS Token-Binding Standard Gains a Foothold on the Web

3 Oct 2018 3:00am, by Mary Branscombe

+

Security

Two Serious Vulnerabilities Hit the Linux Kernel

1 Oct 2018 9:56am, by Lucian Constantin

+

Security / Contributed

Serverless Security Suggestions: Tips for Securing Functions

26 Sep 2018 9:29am, by John Morello

+

Kubernetes / Security

Hitachi Vantara: Improved Security, Management for Kubernetes

26 Sep 2018 6:00am, by Susan Hall

+

Security / Contributed

Temper Kubernetes and Container FOMO Through Security

25 Sep 2018 9:26am, by Chris Ford

+

Development / DevOps / Security / Sponsored

DevOps and Security Practices Equals DevSecOps

18 Sep 2018 3:03pm, by TNS Staff

+

DevOps / Security / Sponsored

SaltStack Expands into Security Compliance Scanning and Remediation

12 Sep 2018 9:13am, by Joab Jackson

+

Containers / Security

Kube-hunter: Aqua’s New Open Source Tool for Hunting Kubernetes Security Issues

20 Aug 2018 10:50am, by Susan Hall

+

Containers / Security / Sponsored / Contributed

Container Image Registry Security Best Practices

17 Aug 2018 9:00am, by Ben Bernstein

+

Microservices / Security / Sponsored

Automation Makes Microservices Security Practical to Deliver

15 Aug 2018 11:04am, by TNS Staff

+

Security / Sponsored / Contributed

Beefing Up Your Cloud Provider’s Security

15 Aug 2018 8:48am, by Michael Churchman

+

Security / Serverless / Sponsored / Contributed

Six Security Considerations for Serverless Environments

13 Aug 2018 9:51am, by Gadi Naor

+

CI/CD / DevOps / Security

Add It Up: DevOps Security Needs More Tooling

9 Aug 2018 1:00pm, by Lawrence E Hecht

+

CI/CD / Culture / DevOps / Security

DevSecOps: Security Automation in Enterprise DevOps

7 Aug 2018 10:55am, by Jennifer Riggins

+

CI/CD / Containers / Security

Anchore: Container Security Starts with the Images

7 Aug 2018 9:00am, by Susan Hall

+

Containers / Security / Serverless / Sponsored / Contributed

Security Differences: Containers vs. Serverless vs. Virtual Machines

7 Aug 2018 6:00am, by Vince Power

+

Culture / Edge / IoT / Machine Learning / Security

The Internet of Things: Securing Tomorrow’s Cars

6 Aug 2018 1:56pm, by Swapnil Bhartiya

+

Containers / Security

Alert Logic Debuts Intrusion Detection for Containers

2 Aug 2018 11:14am, by Susan Hall

+

Security / Serverless / Contributed

Your Security Just Might Kill Your Serverless

27 Jul 2018 8:49am, by Hillel Solow

+

Containers / Security

Cilium: Making BPF Easy on Kubernetes for Improved Security, Performance

23 Jul 2018 10:56am, by Susan Hall

+

Kubernetes / Security

Covalent Talks Cilium, and How It Brings BPF to Kubernetes

19 Jul 2018 12:42pm, by Alex Handy

+

Development / Security

Poor Password Hygiene Enabled ESLint Supply-Chain Attack on Npm

18 Jul 2018 3:00am, by Lucian Constantin

1 2 3 4 5 6 7 8 9 10

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Security
  • Cloud Services
  • Data
  • Machine Learning
  • Development

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2019 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.