SEARCH (ENTER TO SEE ALL RESULTS)

POPULAR TOPICS

Contributed
News
Analysis
The New Stack Makers
Tutorial
Research
Podcast
Science
Feature
Off-The-Shelf Hacker
Skip to content
  • Podcasts
    • TNS @Scale Series
    • TNS Analysts Round Table
    • TNS Context Weekly News
    • TNS Makers Interviews
    • All Podcasts
  • Events
  • Ebooks
    • Storage
    • DevOps
    • Serverless
    • Microservices
    • Kubernetes Ecosystem
    • Docker Ecosystem
    • All Ebooks
  • Newsletter
  • Sponsorship
  • • • •
    • Podcasts
      • TNS @Scale Series
      • TNS Analysts Round Table
      • TNS Context Weekly News
      • TNS Makers Interviews
      • All Podcasts
    • Events
    • Ebooks
      • Machine Learning
      • DevOps
      • Serverless
      • Microservices
      • Kubernetes Ecosystem
      • Docker Ecosystem
      • All Ebooks
    • Newsletter
    • Sponsorship
Skip to content
  • Architecture
    • Cloud Native
    • Containers
    • Edge/IoT
    • Microservices
    • Networking
    • Serverless
    • Storage
  • Development
    • Development
    • Cloud Services
    • Data
    • Machine Learning
    • Security
  • Operations
    • CI/CD
    • Culture
    • DevOps
    • Kubernetes
    • Monitoring
    • Service Mesh
    • Tools
 

Security

▾ 1 MINUTE READ — CLOSE

When it comes to cloud computing and cloud native computing, application and network security take on a new dimension. Meeting this new set of requirements can be a challenge to companies and tool-makers currently focused on enterprise security. Witness the 2019 acquisition of cloud native security vendor Twistlock by traditional enterprise software vendor Palo Alto Networks.

Cloud native security has a new set of priorities that need to be addressed, which we will follow here closely as we track the development and adoption of cloud native security tools, as well as the evolution of traditional security tools into this marketplace.  Such tools should be API-first. They need to integrate easily within DevOps and CI/CD frameworks (“DevSecOps”). They need to offer real-time feedback and they need to be easily licensed for cloud computing environments. Present-day security vendors, except those devoted to the cloud native space, such as Aqua Security, have difficulty with all these requirements (Hence the acquisitions).

What these tool and service providers should be addressing, and what we also will follow, are the new requirements that come with introducing the container and the container orchestrator into a production environment. Container images must be scanned for buggy dependencies. Security policies for pods must be established.

Google itself has thrown itself into an entirely new security architecture for its own cloud, called the Zero-Trust model, which assumes a company firewall will be breached, so it is better to secure the application at the level of the user and device permissions.

The Internet-based collaborative model of application development needs to be better addressed as well. This is sometimes referred to as supply-chain security, where you need to not only worry about the security of your code, but the code you get from other sources, as well as the authentication measures used by these third parties. One break anywhere in the chain could lead to trouble in your operations This became evident with the Docker Hub intrusion in early 2019, which also affected GitHub, BitBucket and other public/private cloud-based repositories.


A newsletter digest of the week’s most important stories & analyses.

Do you also want to be notified of the following?
We don’t sell or share your email. By continuing, you agree to our Terms of Use and Privacy Policy.

DevOps / Security

ZeroNorth: One Risk-Based View for all an Organization’s Security Tools

9 Mar 2020 8:45am, by Susan Hall

Cloud Native / Security / Technology / Contributed

Open Policy Agent’s Mission to Secure the Cloud

6 Mar 2020 11:32am, by Jevon MacDonald

Cloud Services / DevOps / Security / Sponsored / Contributed

3 Myths About Cloud Security

5 Mar 2020 11:23am, by Matt Chiodi

Cloud Native / Kubernetes / Security / Sponsored / Contributed

The Key Principles of Container Security 

3 Mar 2020 9:01am, by Sascha Grunert

CI/CD / DevOps / Security / Sponsored

DevSecOps: Yesterday, Today and The Future

2 Mar 2020 5:00pm, by Alex Williams and B. Cameron Gain

Security / Technology

Researchers Set New Quantum Entanglement Record for Future Quantum Networks

28 Feb 2020 12:00pm, by Kimberley Mok

API Management / Networking / Security

Akamai: The Financial Sector Is Seeing More API-Based Attacks

27 Feb 2020 12:00pm, by David Cassel

CI/CD / DevOps / Security / Sponsored / Contributed

How DevOps Can Save Security

27 Feb 2020 9:41am, by Matt Chiodi

Cloud Services / Security / Serverless

Data Theorem: API Security from Mobile to Serverless

26 Feb 2020 11:00am, by Susan Hall

Development / Kubernetes / Open Source / Security

The New Stack Context: Two Views of Open Source Security

21 Feb 2020 5:00pm, by Libby Clark

CI/CD / DevOps / Security / Sponsored / Contributed

Why DevOps Needs to Change Security

20 Feb 2020 3:00pm, by Brian Buquoi

CI/CD / Security

Problems With Sharing Responsibility for Security

20 Feb 2020 9:54am, by Lawrence E Hecht

Cloud Native / DevOps / Security / Sponsored

Why Security Is Really Different in Today’s Cloud Native World

19 Feb 2020 5:00pm, by Alex Williams and B. Cameron Gain

Cloud Native / Edge / IoT / Security

Dr. Torq: Go Remote with ssh

18 Feb 2020 9:52am, by drtorq

Cloud Native / Cloud Services / Security / Sponsored / Contributed

Cloud Security 2021: 4 Key Trends Not to Miss 

13 Feb 2020 10:10am, by Matt Chiodi

Kubernetes / Security / Service Mesh

Tell Us About Your Service Mesh Usage

13 Feb 2020 9:10am, by Lawrence E Hecht

Security / Service Mesh

Urgent Patch: Istio Authentication Vulnerability Could Leave Sensitive Data Exposed

12 Feb 2020 2:14pm, by Joab Jackson

Cloud Services / Containers / Security

Insights from 68 People Who Care About AWS Container Security

11 Feb 2020 10:02am, by Lawrence E Hecht

Cloud Services / Development / Security / Sponsored / Contributed

How I’d Load Test the Iowa Caucus App

11 Feb 2020 7:11am, by Nicole van der Hoeven

CI/CD / Development / Security

Git Transitioning Away from the Aging SHA-1 Hash

7 Feb 2020 1:40pm, by Jack Wallen

Edge / IoT / Networking / Security / Sponsored / Contributed

How to Manage a Home Network with Infrastructure as Code

6 Feb 2020 1:38pm, by Paul Tyng

Cloud Native / Cloud Services / Security / Sponsored / Contributed

Why Your Successful Cloud Journey Starts with Building the Right Security Team

4 Feb 2020 10:47am, by Matt Chiodi

CI/CD / Security

Fuzzit: Building Fuzzing into Continuous Integration Workflows

4 Feb 2020 7:26am, by Susan Hall

Cloud Native / Security

HPE Buys into Cloud Native Service Authentication with Scytale Acquisition

3 Feb 2020 3:20pm, by Joab Jackson

Development / Linux / Networking / Security

WireGuard VPN Protocol Coming to a Linux Kernel Near You

31 Jan 2020 9:57am, by Jack Wallen

CI/CD / Cloud Native / Security / Sponsored

Cloud Native Security as Software Eats the World

30 Jan 2020 5:00pm, by B. Cameron Gain and Alex Williams

1 2 3 4 5 6 7 8 9 10

Architecture

  • Cloud Native
  • Containers
  • Edge/IoT
  • Microservices
  • Networking
  • Serverless
  • Storage

Development

  • Cloud Services
  • Data
  • Development
  • Machine Learning
  • Security

Operations

  • CI/CD
  • Culture
  • DevOps
  • Kubernetes
  • Monitoring
  • Service Mesh
  • Tools

The New Stack

  • Ebooks
  • Podcasts
  • Events
  • Newsletter
  • About / Contact
  • Sponsors
  • Sponsorship
  • Disclosures
  • Contributions
  • Twitter
  • Facebook
  • YouTube
  • Soundcloud
  • LinkedIn
  • Slideshare
  • RSS

© 2021 The New Stack. All rights reserved.

Privacy Policy. Terms of Use.