Prisma Cloud from Palo Alto Networks sponsored this podcast.
This edition of The New Stack Makers podcast features speakers during Palo Alto Networks’ Cloud Native Security Virtual Event. It kicks off with none other than Seth Meyers, a U.S. Emmy Award-winning comedian of “Late Night with Seth Meyers” and “Saturday Night Live” (SNL), fame and his interview with Palo Alto Networks founder and Chief Technology Officer Nir Zuk.
Meyers began the session by declaring that “much like Nir Zuk, I am a cybersecurity luminary.” He also said he didn’t want to “brag too much” about his accomplishments, but said using your mother’s maiden name to recover passwords was his idea.
Meyers then asked Zuk what cloud native means for organizations, as well as its impact on security management.
For Zuk, it is necessary to first understand that cloud native environments and platforms are first designed for the cloud.
“When we move from on-premise architectures to the cloud, things have to change. If we just do what’s called ‘lift and shift,’ meaning taking whatever you have on-premise and moving it to the cloud, it doesn’t work — it doesn’t, of course, take any advantage of anything in the cloud, it costs a lot of money and so on,” said Zuk. “So, in order to get all the benefits of the cloud, you have to be cloud native. And that applies both to the applications that are being moved and the security that these apply to.”
While there are many obvious reasons to apply the principles of network security to cloud native environments, organizations also often quickly realize that cloud security is different from traditional data center security. How security is deployed and integrated with automated CI/CD pipeline and other DevOps processes are all challenges that must be addressed in order for “network security itself to be cloud native,” said Zuk.
Cloud providers also share responsibility for data protection. “I think that, initially, there was some confusion about who’s responsible for security in the cloud: for example, is my cloud provider… responsible for my security, or am I responsible for my security?” said Zuk. “I think it’s now very clear that it’s a shared responsibility where the cloud provider is responsible for the security of the infrastructure and the application owner is responsible for securing everything beyond the infrastructure, including the operating system, the application, the network and so on.”
Another consideration is “where do you put network security?” said Zuk. “You want to use the language of the cloud versus the language of traditional data centers,” said Zuk. “You don’t want to use IP addresses and port numbers and so on — you want to use workloads and in applications and other terms that you use in the cloud versus traditional data centers.”
Meanwhile, despite the occurrence of many well-publicized security breaches, including, of course, the SolarWinds security attack, there are reasons to remain optimistic about cloud native security practices.
“We’re seeing more and more customers doing the right things, which is taking the same functions that they had in traditional data centers, and finding cloud native ways to do them in cloud security, said Zuk.