Gain more IT knowledge!

The cloud-native development model offers the opportunity to realize the benefits of application security that cybersecurity advocates have been championing for more than a decade, but the transition to cloud-native security requires new tools and applications and a different mindset for security operations that will take many cybersecurity professionals out of their comfort zone.

Here are some insights from developers, application security experts and cloud-native technologists on how cloud-native cybersecurity differs from traditional approaches.

Everything as Code Makes Application Security Critical

In cloud-native architectures, microservices and API-led interactions exist not only between application components but also between the underlying infrastructure, meaning everything becomes an application security issue, said Scott Piper, principal security researcher at Wiz, an Israeli cloud-native security provider.

Larger cyber attack surface

Kristen Bell, director of application security engineering at GuidePoint Security, said that with the increase in microservices and APIs, data flows have become more complex. There is more integration between applications and systems, all of which leads to a larger cyber attack surface and more complexity to consider from a security perspective. Combined with these changes, we are seeing more and more new privacy laws requiring the geolocation of data.

New architectures require new specialized security tools

While there are traditional application security scanning tools such as static application security testing, dynamic application security testing and software portfolio analysis that are still applicable to cloud-native environments, developers and cybersecurity teams now need a plethora of new features and niche security products, said Rebecca Deck, principal application security engineer at Avalara.

On-premise security tools can come at a significant cost

Deck also warns that while traditional tools can still play an important role in cloud-native security, development and security teams must understand how they are architected and what it takes to run them. If they are not on-premise tools designed for a cloud-first containerized model, it can be costly to run them in those environments.

Change is constant

The dynamic and ephemeral nature of cloud-native infrastructure and development models means that change is the only constant.

This constant state of change in the environment presents a huge challenge for security professionals tasked with maintaining a consistent security posture, said Juan Orlandini, chief technology officer for North America at Insight Enterprises. Because cloud-native environments are dynamically orchestrated, he said, "there are constant changes, including scaling up and down and upgrading software."

Threat Modeling Imperative

Orlandini of Insight Enterprises said threat modeling is becoming an increasingly important part of managing software risk given the expanding cyber attack surface and the dynamic conditions of cloud-native environments. Tools need to evolve to support threat modeling as a core component of cloud-native security," he explained. This means providing tools to identify potential vulnerabilities and attack surfaces and automate assessments to identify misconfigurations and other issues."

Developer-Centric Security Tools Become Critical

Keeping up with the speed and flexibility of development workflows means manual reviews and handoffs are no longer as effective, says Jeff Talon, director of software delivery at Liberty Mutual. Security needs to be streamlined in the development workflow, he says, and security teams must find a way to create developer-centric tools and processes to review code and maintain security status.

Security should strive for standardization

The emerging state of cloud-native environments breeds a "Wild West" atmosphere that can pose serious challenges to rule-oriented security personnel. Security teams can help developers modernize cloud computing by proposing standards and security-focused guidelines.

Security-as-code helps application security keep pace with cloud-native

Talon said automating requirements through policy-as-code in a developer-centric tool is the ultimate goal of cloud-native security. Security requirements are automated through the use of policy-as-code in the continuous integration/continuous deployment pipeline and cloud runtime, providing a consistent development experience and ensuring security and compliance requirements are met throughout the development process," he said. With this, developers can get security feedback earlier in the process and in an environment that enables them to self-correct and move on."

Continuous monitoring made easier

Orlandini said the best approach to cloud-native security will include continuous monitoring, which may differ from traditional application security approaches that focus more on periodic scanning than real-time monitoring.

The good news is that the "everything-is-code" approach to cloud-native infrastructure makes it easier to set up telemetry where it wasn't previously possible, as long as security professionals can adapt to the fact that legacy network monitoring mechanisms may no longer work for them.

Most Popular

Gartner's Latest Forecast: Global Cloud Revenue to Surpass Non-Cloud Revenue

Understanding the principles of blockchain cross-border payments

What is the reason for the computer card? How to deal with the computer card?

Which one to choose for mobile power? Analysis of the three major types of battery cells

What is IMEI code

Mobile phone battery is not durable? 14 tips to extend battery life

What is the difference between power adapter and charger

What does the server mean

GPT-4 will allow users to customize the "personality" of the AI, making the avatar a real "person"

What industries ChatGPT may disrupt in the future

Gender equality issues plague the enterprise, and this SaaS company intends to use AI to solve them

The "Dirty Work" Artificial Intelligence Cannot Do - Commercial Content Auditing

What are the young people interacting with Japan's "Buddhist AI" seeking and escaping from?

Gartner: Data Analytics Helps Build a New Equation of Business Value

How to Improve Big Data Performance with Low Latency Analytics?

What are the tips for storing big data in a Hadoop environment?

Cloudera Extends Open Lake Warehouse All-in-One to Enable Trusted Enterprise AI

Gartner Releases Top 10 Data and Analytics Trends for 2023

What is the relationship between cloud computing and cloud storage? The 3 major disadvantages of cloud computing explained!

Cloud computing and data science, five steps to break through the flood of information

What are the difficulties of cloud computing operations and maintenance?

Big Model + Big Computing Power Convergence What Cloud Computing Can Do for AIGC

Google Cloud: a 15-year race to the cloud

CO2 reductions won't happen without digital technology

4 Effective Ways the Internet of Things Can Help with Disaster Management

6 Ways the Internet of Things Can Improve the Lives of Animals

Las Vegas "weaves" the city of the future

Three ways of Internet of Things changing e-commerce

What is the connection between blockchain and Web 3.0?

Canon Launches Ethernet Photo NFT Marketplace Cadabra

The future development of blockchain technology, what are the main advantages?

Can blockchain really last? How can it avoid becoming a slogan?

Explanation of the consensus mechanism of blockchain

What are the difficulties of cloud computing operations and maintenance?

How to Reduce the Risk of Cloud Native Applications?

Last-generation firewalls won't meet cloud demands

Gartner's Latest Forecast: Global Cloud Revenue to Surpass Non-Cloud Revenue

Understanding the principles of blockchain cross-border payments

What is the reason for the computer card? How to deal with the computer card?

Most Popular

Ten Ways Cloud-Native Development is Changing Cybersecurity

Related Articles