Light Dark
November 14, 2017 By Rick M Robinson 2 min read
Cloud Security

Organizations are increasingly turning to cloud-native applications to gain speed, flexibility and scalability. But this new technology radically changes the way software operates and interacts, which also changes the ways that software needs to be protected.

“Cloud-native,” in this context, does not simply refer to applications that are hosted in the cloud; it means applications are truly native to the cloud. These applications are put together on the fly, built from large numbers of small packages called containers that interact through microservices, Computer Weekly noted.

The Challenges of a Distributed Technology

The same speed and flexibility that make cloud-native applications so powerful also creates the need for new security measures with the same characteristics. A further challenge, as InfoWorld reported, is that containers are not visible to traditional security technologies.

A container resembles a lightweight virtual machine. It is lightweight because it does not have its own independent operating system, but instead uses application program interfaces (APIs) to make operating system service calls. Tools that were built to protect a single operating system or host machine interactions cannot “see” containers or their interactions.

Because cloud-native applications are so fast and flexible, their attack surfaces are constantly changing as containers and microservices come and go. Data flow is distributed, requiring constant monitoring, and the speed and volume of activity means that monitoring must be automated.

Following Security Basics and Protecting the Secrets

The appropriate security response can be divided into two phases: initial build and deployment, and runtime activity. Cloud-native applications still adhere to the basic rule that security should be built in from the outset, not bolted on as an afterthought.

Container images — the executables — should be as simple as possible, scanned for known issues during development and digitally signed to verify their integrity. Access to the operating system must be strictly regulated, and segmentation policies should govern how microservices interact with each other. Microservices often exchange sensitive data such as passwords or keys. Data packets of these types are collectively known as secrets, and some implementation platforms provide integrated tools for managing and protecting secrets.

But build-time protective measures can only go so far, because the constantly changing environments in which containers and their microservices live and operate will always be full of surprises. The application environment must therefore be fully instrumented for visibility, and tools must be in place to track and analyze microservice behavior for indications of abnormalities.

Striking a Secure Balance With Cloud-Native Applications

The specific technologies of containers and microservices are new, but the evolution of cloud-native applications is part of the broad, long-term trend that has taken us from the isolated, stand-alone application environments of the mainframe era toward a distributed computing ecosystem. Throughout this evolution, the combination of building in security and continually monitoring activity has been the key to keeping rich and complex environments as secure as possible.

 |  |  |  |  | 
Rick M Robinson

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature