TNS
VOXPOP
Which agile methodology should junior developers learn?
Agile methodology breaks projects into sprints, emphasizing continuous collaboration and improvement.
Scrum
0%
Kanban
0%
Scrumban (a combination of Scrum and Kanban)
0%
Extreme Programming (XP)
0%
Other methodology
0%
Bah, Waterfall was good enough for my elders, it is good enough for me
0%
Junior devs shouldn’t think about development methodologies.
0%
0%
Cloud Native Ecosystem / Open Source / Security

CloudNativeSecurityCon: Shifting Left into Security Trouble

Priyanka Sharma, the Cloud Native Computing Foundation Executive Director, remarks that while the shift left phenomena caused by containers and microservices has been great for rolling out applications quickly, it also causes security worries.
Feb 14th, 2023 12:47pm by
Featued image for: CloudNativeSecurityCon: Shifting Left into Security Trouble

SEATTLE: At the first CloudNativeSecurityCon here, the good news is that cloud native computing has made creating and delivering software faster than ever. The bad news is the security problems are coming just as fast.

In the first keynote, Priyanka Sharma, the Cloud Native Computing Foundation (CNCF) Executive Director, said that even as containers, microservices, and Kubernetes have enabled us via continuous integration/continuous delivery (CI/CD) to build and deploy programs at record-setting paces by shifting work left  But, simultaneously, it’s leading to “more exposed edges and nodes with attack surfaces and ultimately less control.”

What to Do?

What to do? Sharma suggests we use our same new-age, cloud native tools to fix our security problems. It’s not like we have much choice in the matter. After all, “security is not a one-and-done task. And no person is an island when it comes to security. It’s an ongoing conversation because things are very dire right now. The cost of us not doing anything is very high.”

How much? Sharma said, “the average cost of a breach on an organization is $3.8 million. And you look into the private cloud, that number goes up to $4.2 million. And then with public clouds, it’s over $5 million. And this is just the average cost. Not a good thing, especially in the times we face today.”

To combat this, we must address our poor training and lack of collaboration between teams. “Siloed teams often working in separate countries with multiple time zones using different tools, and policy frameworks” is a recipe for your security breach.” Sharma continued, “We believe that security is people power,” which means getting all the people on the same security page.

In addition, “We all benefit when we collaborate as a knowledgeable vendor-neutral community to develop the tools and processes that will defend our systems,” Shama noted. That means, “Practitioners and developers should share their development and deployment expertise. We’re in a position to teach each other. We’re all a global team of doers. And when we work together, we cover far more ground than any single organization,” she said. If that sounds familiar, it should. It’s the fundamental principle of open source development.

Of course, it’s harder now than it once was. As Sharma pointed out, “security truly is a multi-dimensional problem today.” But, if we work together and support community security efforts and industry collaboration, we can secure our projects. But it can be done. And efforts such as CloudNativeSecurityCon bringing together 700-odd developers and security experts was a good stepping stone forward.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.