SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Podcast
Research
Feature
Science
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • DevOps
    • DevSecOps
    • Docker Ecosystem
    • Kubernetes Ecosystem
    • Microservices
    • Serverless
    • Storage
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

Development / Security / Sponsored / Contributed

OAuth 2.0, but Hold the Jargon Please

25 Aug 2020 9:17am, by Virag Mody

DevOps / Security / Sponsored / Contributed

Why DevSecOps Is the New Bottleneck for Cloud Native Teams

24 Aug 2020 8:00am, by Idan Tendler

DevOps / Security / Sponsored / Contributed

Shifting Left: The Evolving Role of Automation in DevOps Tools

19 Aug 2020 12:00pm, by James Brotsos

Edge / IoT / Kubernetes / Security

KubeCon EU: Surge of Kubernetes Edge Deployments Leads to Cluster Sprawl

18 Aug 2020 5:00am, by Joab Jackson

Cloud Native / Security

KubeCon EU: Accurics, Snyk Release Tools to Secure Infrastructure-as-Code Deployments

17 Aug 2020 9:16am, by Joab Jackson

Kubernetes / Security / Sponsored / Contributed

How to Help Your Security Team Help You

13 Aug 2020 2:27pm, by Robert Haynes

Open Source / Security

Add It Up: Competing Estimates of Open Source Composition

13 Aug 2020 9:19am, by Lawrence E Hecht

API Management / Security / Service Mesh / Contributed

Shadow APIs Breaking Your Security? The Enroute API Gateway Could Help

5 Aug 2020 9:03am, by Chintan Thakker

Cloud Native / Security / Sponsored / Contributed

Measuring the State of Cloud Native Security

5 Aug 2020 7:39am, by Zeus Kerravala

Kubernetes / Security

CNCF Webinar: Five Recently-Unearthed Kubernetes Security Vulnerabilities

3 Aug 2020 2:02pm, by Joab Jackson

Culture / Development / Security

This Week in Programming: What’s Not on GitHub’s Roadmap

1 Aug 2020 6:00am, by Mike Melanson

Kubernetes / Security

The New Stack Context: Operators Can Be a Security Hazard

31 Jul 2020 1:37pm, by Joab Jackson

Cloud Native / Security

Accurics Secures Cloud Infrastructure Through Policy-as-Code

30 Jul 2020 10:43am, by Susan Hall

Cloud Native / Containers / Security

Aqua Security Automates Configuration Vulnerability Remediation

30 Jul 2020 8:04am, by Mike Melanson

Kubernetes / Security / Contributed

Build, Deploy, Runtime: The 3 Stages of Kubernetes Security

28 Jul 2020 1:00pm, by David Bisson

CI/CD / DevOps / Kubernetes / Security / Contributed

CI Checks Are Not Enough: Combat Configuration Drift in Kubernetes Resources

24 Jul 2020 1:16pm, by Gadi Naor

Cloud Native / Security

Bridgecrew: Misconfigured Terraform Modules Are a Security Issue

24 Jul 2020 12:15pm, by Lawrence E Hecht and Joab Jackson

DevOps / Monitoring / Security

Snyk Seeks to Sharpen Distinction Between Low-Priority and Urgent Security Alerts 

22 Jul 2020 11:30am, by B. Cameron Gain

Containers / Security / Contributed

The Road to Kata Containers 2.0

16 Jul 2020 10:58am, by Horace Li

Cloud Native / Cloud Services / Security / Sponsored

Why a Financial Data Firm Bet Security on Palo Alto Networks

14 Jul 2020 3:00pm, by Alex Williams and B. Cameron Gain

CI/CD / DevOps / Security / Sponsored

Shift as Far Left as You Can to Protect Cloud Native Applications

7 Jul 2020 3:00pm, by Alex Williams and B. Cameron Gain

Cloud Native / DevOps / Security

Primer: Benefits and Risks of Automated Patch Management

7 Jul 2020 1:00pm, by Emily Omier

Edge / IoT / Linux / Security

Linux Lesson: Copy Files Over Your Network with scp

3 Jul 2020 8:07am, by drtorq

Cloud Services / Security / Contributed

Antifragile Identity for a Multicloud World

2 Jul 2020 12:00pm, by Eric Olden

Cloud Native / Cloud Services / Security / Sponsored

How the Financial Sector Is a Barometer for Cloud Native

30 Jun 2020 3:00pm, by Alex Williams and B. Cameron Gain

DevOps / Machine Learning / Security / Technology

GuardRails: Security for the DevOps Age

25 Jun 2020 1:00pm, by Susan Hall

1 2 3 4 5 6 7 8 9 10

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.