Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Cloud Native Skill Gaps are Killing Your Gains 
May 22nd 2023 7:15am, by Victoria Wright
A Boring Kubernetes Release
May 19th 2023 12:23pm, by Alex Williams
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
How Otomi Helped the City of Utrecht Move to Kubernetes
May 15th 2023 10:00am, by Sander Rodenhuis
RabbitMQ Is Boring, and I Love It
May 15th 2023 6:30am, by Josh Long
Red Hat Podman Container Engine Gets a Desktop Interface
May 23rd 2023 7:30am, by Joab Jackson
Scan Container Images for Vulnerabilities with Docker Scout
May 20th 2023 6:00am, by Jack Wallen
Container or VM? How to Choose the Right Option in 2023
May 17th 2023 8:42am, by Andrew Sullivan and Alex Handy
How Otomi Helped the City of Utrecht Move to Kubernetes
May 15th 2023 10:00am, by Sander Rodenhuis
Deploy an On-Premises Bitwarden Server with Docker
May 6th 2023 6:00am, by Jack Wallen
Gothenburg, Sweden Used Open Source IoT to Drastically Cut Water Waste
May 23rd 2023 6:58am, by Alex Handy
Building a Plant Monitoring Tool with IoT
May 8th 2023 9:27am, by Zoe Steinkamp
How to Choose and Model Time Series Databases
Apr 28th 2023 3:00am, by Robert Kimani
How to Optimize Queries for Time Series Data
Apr 27th 2023 12:00pm, by Robert Kimani
Calyptia Core 2.0 Tackles Fleet Management for Observability
Apr 26th 2023 6:49am, by Jelani Harper
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by Susan Hall
RabbitMQ Is Boring, and I Love It
May 15th 2023 6:30am, by Josh Long
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Spring Cloud Gateway: The Swiss Army Knife of Cloud Development
May 8th 2023 6:47am, by Juergen Sussner
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
How to Decide Between a Layer 2 or Layer 3 Network
Apr 25th 2023 10:00am, by Gino Dion
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by Joab Jackson
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
IBM's Quiet Approach to AI, Wasm and Serverless
May 4th 2023 6:00am, by Loraine Lawson
Cloud Control Planes for All: Implement Internal Platforms with Crossplane
Apr 13th 2023 10:00am, by Bassam Tabbara
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by Rick Houlihan
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by Casey Samulski
Boost DevOps Maturity with a Data Lakehouse
May 17th 2023 10:20am, by Guido Deinhammer
Vercel Offers Postgres, Redis Options for Frontend Developers
May 1st 2023 9:00am, by Loraine Lawson
Why We Need an Inter-Cloud Data Standard
Apr 27th 2023 8:19am, by Aaron Schneider
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
New Image Trends Frontend Developers Should Support
May 25th 2023 6:00am, by
Microsoft One-ups Google with Copilot Stack for Developers
May 24th 2023 11:45am, by
How to Start a Software Project: A Guide for Junior Devs
May 20th 2023 7:00am, by
Dev News: Trouble in npm, Vue 3.3 and Cloudflare Updates
May 20th 2023 5:00am, by
Generative AI Thread Runs Through Google’s New Products
May 19th 2023 12:37pm, by
Developer Tips in AI Prompt Engineering
May 25th 2023 10:35am, by
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by
Is Open Source the Original Product-Led Growth?
May 25th 2023 7:32am, by
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by
Dev News: Angular v16, plus Node.js and TypeScript Updates
Apr 22nd 2023 4:00am, by
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by
JavaScript or WebAssembly: Which Is More Energy Efficient and Faster?
Jan 30th 2023 9:51am, by
What TypeScript Brings to Node.js
Dec 26th 2022 3:00am, by
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by
New Image Trends Frontend Developers Should Support
May 25th 2023 6:00am, by
Could WebAssembly Be the Key to Decreasing Kubernetes Use?
May 22nd 2023 6:00am, by
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by
Dev News: Dart 3 Meets Wasm, Flutter 3.10, and Qwik ‘Streamable JavaScript’
May 13th 2023 9:00am, by
Cloud Dependencies Need to Stop F---ing Us When They Go Down
May 25th 2023 10:00am, by
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by
A Boring Kubernetes Release
May 19th 2023 12:23pm, by
Optimizing Mastodon Performance with Sidekiq and Redis Enterprise
May 18th 2023 10:30am, by and
Datadog’s $65M Bill and Why Developers Should Care
May 17th 2023 10:56am, by
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by
Better Data Logistics Is the Key to Effective Machine Learning
May 24th 2023 10:00am, by
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by
Gothenburg, Sweden Used Open Source IoT to Drastically Cut Water Waste
May 23rd 2023 6:58am, by
AI Talk at KubeCon
May 24th 2023 1:36pm, by
Better Data Logistics Is the Key to Effective Machine Learning
May 24th 2023 10:00am, by
FAQ: What Is Automated Incident Response?
May 24th 2023 6:04am, by
The Benefits and Limitations of AI for Service Optimization
May 23rd 2023 10:00am, by
Economists Show AI Bringing Positive Impact to Workplaces
May 21st 2023 6:00am, by
Bitwarden Moves into Passwordless Security
May 25th 2023 7:11am, by
Detect and Mitigate Common Attack Techniques for Containers
May 24th 2023 10:55am, by
Lineaje Unveils SBOM360 Hub for Software Bills of Materials
May 24th 2023 8:46am, by
AppSec 'Worst Practices' with Tanya Janca 
May 24th 2023 8:08am, by
Tracy Ragan: My Favorite Open Source Security Projects
May 22nd 2023 12:52pm, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Developer Platforms: Key Findings from a Forrester Snapshot
May 19th 2023 10:52am, by Aeris Stewart
How Otomi Helped the City of Utrecht Move to Kubernetes
May 15th 2023 10:00am, by Sander Rodenhuis
IBM Cloud CTO: Pros Outweigh the Cons with Platform Engineering
May 5th 2023 6:00am, by Loraine Lawson
Infrastructure as Code or Cloud Platforms — You Decide!
May 2nd 2023 9:34am, by Venkat Thiruvengadam
KubeCon Panel: How Platform Engineering Benefits Developers
Apr 28th 2023 8:51am, by Loraine Lawson
Cloud Dependencies Need to Stop F---ing Us When They Go Down
May 25th 2023 10:00am, by Jeff Martens
AI Talk at KubeCon
May 24th 2023 1:36pm, by Alex Williams
Better Data Logistics Is the Key to Effective Machine Learning
May 24th 2023 10:00am, by Michael Tanenbaum
Red Hat Ansible Gets Event-Triggered Automation, AI Assist on Playbooks
May 24th 2023 6:22am, by Joab Jackson
FAQ: What Is Automated Incident Response?
May 24th 2023 6:04am, by Ariel Russo
Is DevOps Tool Complexity Slowing Down Developer Velocity?
May 17th 2023 6:29am, by Heather Joslyn and Lawrence E Hecht
AI Has Become Integral to the Software Delivery Lifecycle
May 12th 2023 11:01am, by Richard MacManus
4 Core Principles of GitOps
May 11th 2023 2:17pm, by Alex Williams
5 Version-Control Tools Game Developers Should Know About
May 9th 2023 10:00am, by Sharone Zitzman
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
May 8th 2023 10:00am, by Mike Long
Is Open Source the Original Product-Led Growth?
May 25th 2023 7:32am, by Kim McMahon
AppSec 'Worst Practices' with Tanya Janca 
May 24th 2023 8:08am, by Taylor Armerding
Overcoming the Kubernetes Skills Gap with ChatGPT Assistance
May 23rd 2023 11:00am, by Dev Nag
Cloud Native Skill Gaps are Killing Your Gains 
May 22nd 2023 7:15am, by Victoria Wright
Economists Show AI Bringing Positive Impact to Workplaces
May 21st 2023 6:00am, by David Cassel
Is Open Source the Original Product-Led Growth?
May 25th 2023 7:32am, by Kim McMahon
How to Start a Software Project: A Guide for Junior Devs
May 20th 2023 7:00am, by David Eastman
AI Improves Developer Workflow, Says Gradle Dev Evangelist
May 19th 2023 10:00am, by Richard MacManus
Guardrails Can Be the Common Language to Bring Dev and Ops Together
May 18th 2023 7:04am, by Cortney Nickerson
Boost DevOps Maturity with a Data Lakehouse
May 17th 2023 10:20am, by Guido Deinhammer
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Overcoming the Kubernetes Skills Gap with ChatGPT Assistance
May 23rd 2023 11:00am, by Dev Nag
Could WebAssembly Be the Key to Decreasing Kubernetes Use?
May 22nd 2023 6:00am, by Loraine Lawson
A Boring Kubernetes Release
May 19th 2023 12:23pm, by Alex Williams
Guardrails Can Be the Common Language to Bring Dev and Ops Together
May 18th 2023 7:04am, by Cortney Nickerson
Red Hat Ansible Gets Event-Triggered Automation, AI Assist on Playbooks
May 24th 2023 6:22am, by Joab Jackson
Observability: Working with Metrics, Logs and Traces
May 22nd 2023 8:23am, by Jessica Wachtel
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
Datadog’s $65M Bill and Why Developers Should Care
May 17th 2023 10:56am, by Loraine Lawson
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
Cloud Native Ecosystem / Security

Seamlessly Secure Your Cloud Workloads

A look at how cloud workload protection programs (CWPPs) work, examples of workloads that you can secure and the importance of automation.
Apr 1st, 2022 9:00am by
Featued image for: Seamlessly Secure Your Cloud Workloads
Featured image via Pixabay

Chris Tozzi
Chris Tozzi has worked as a Linux systems administrator and freelance writer. He has more than 10 ten years of experience covering the tech industry, especially open source, DevOps, cloud native technology and security.

You’ve secured your cloud identities. You’ve hardened your cloud security posture. You’ve configured strong cloud access controls. But there’s still one more thing you need in order to secure your cloud environment: a cloud workload protection platform, or CWPP.

Cloud workload protection platforms secure the workloads that run on your cloud — which are distinct from the infrastructure, user identities and configurations that form the foundation of your cloud environment.

This article examines why a CWPP is a critical ingredient in any cloud security strategy. It explains how CWPPs work, identifies examples of workloads that you can secure with CWPPs and discusses the importance of automation within the context of a CWPP.

What Is Cloud Workload Protection?

Cloud workload protection is the practice of securing workloads that you deploy in the cloud. In other words, cloud workload protection mitigates risks that exist at the workload level of your cloud environment, as opposed to the infrastructure or configuration level.

The workloads in question could be software, data or a combination thereof that your organization hosts in the cloud. For example, cloud workload protection could apply to the operating system and application running in a cloud-based VM instance, or it could secure the data inside an object storage bucket.

What Is a CWPP?

Tools that provide cloud workload protection are often called cloud workload protection platforms, or CWPPs. Protecting cloud workloads is important because most other types of cloud security practices don’t address workload risks.

Cloud security posture management, or CSPM, alerts you to problems within cloud infrastructure configurations that could create security issues, like IAM policies that provide public access to sensitive data. But CSPM doesn’t cover configuration risks within workloads, such as a lack of encryption for data as it moves within an application.

Likewise, you can track cloud metrics and logs to identify potential security threats. But that data originates mostly from cloud IaaS providers, not individual applications, so it does little to reveal security risks that are specific to applications or data you’ve deployed in the cloud.

CWPP solutions fill these gaps by ensuring that you can protect the code and data that actually run on your cloud, not just the underlying cloud environment.

It’s also worth noting that cloud workload protection platforms help you secure workloads across multiple clouds. Because CWPPs focus on your workload rather than the cloud that hosts it, you can use cloud workload protection to identify security risks in any type of cloud-based workload, even as it moves across clouds.

CWPPs at Work: Some Examples

To contextualize cloud workload protection further, consider how it applies in the following domains.

Containers

When you deploy cloud workloads using containers, you must address special security challenges. You need to make sure that containers can’t run in privileged mode, for example. You must also scan container images for malware.

Cloud workload protection for containers ensures that you have the specific processes in place that are required to protect containerized workloads, independent of other security processes that you apply to your cloud environment.

Kubernetes Security

Kubernetes, too, poses a variety of special security challenges that can only be addressed at the workload level. You must ensure that Kubernetes RBAC policies and security contexts are configured properly, for instance. You should also use Kubernetes audit logs to monitor for potential security risks that arise within your Kubernetes environment.

VM Security

Even if your cloud VM service is properly configured, security issues may lurk inside your VMs. The images you use could contain malware or just configurations (like the absence of a kernel hardening framework) that lead to a weak security posture. Cloud workload protection alerts you to these risks.

Vulnerability Scanning

Vulnerabilities can arise in any number of places across a cloud environment — within applications, within operating systems, within container images and so on.

Cloud workload protection lets you scan for vulnerabilities across all components and layers of your workloads. Think of it as one-stop shopping for vulnerability discovery and management at the workload level, regardless of which workloads you run or which clouds host them.

Serverless Security

Serverless functions abstract applications from the underlying server environment, which reduces potential attack surfaces. But the functions themselves could still contain vulnerabilities. They could also be configured in ways that increase risks. Cloud workload protection automatically discovers problems like these within serverless functions.

Application Security

Cloud-based applications come in many forms, but they can all contain security risks — such as malware, vulnerable software components and a lack of security controls like encryption. By scanning applications for risks like these, cloud workload protection helps ensure application security across your cloud environment.

Choosing a Cloud Workload Protection Platform 

When integrating cloud workload protection into your cloud security strategy, strive to implement a solution that is:

  • Fully automated, because you can’t feasibly manage workload-level security risks by hand.
  • Cloud-agnostic, so you can deploy to secure any workload on any cloud.

A service such as Torq.io meets both of these requirements. It lets anyone — not just cybersecurity experts, but any member of your organization — define security rules that workloads must meet. Then Torq automatically and continuously scans your cloud workloads for deviation from these rules.

The result is fully secure and automated cloud workload protection, no matter how your cloud environment is configured or what you run on it.

Group Created with Sketch.
Chris Tozzi has worked as a Linux systems administrator and freelance writer. He has more than 10 years of experience covering the tech industry, especially open source, DevOps, cloud native technology and security.
Read more from Chris Tozzi
SHARE THIS STORY
RELATED STORIES
What Is MITRE D3FEND, and How Do You Use It? 5 Questions to Ask When Developing an Automation Strategy What Do Authentication and Authorization Mean in Zero Trust? The Cultural Changes Zero Trust Security Demands How Chatbot Automation Benefits Security Teams 
TNS owner Insight Partners is an investor in: Pragma, Torq.
RELATED STORIES
What Is MITRE D3FEND, and How Do You Use It? 5 Questions to Ask When Developing an Automation Strategy What Do Authentication and Authorization Mean in Zero Trust? The Cultural Changes Zero Trust Security Demands How Chatbot Automation Benefits Security Teams 
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.