Organizations are increasingly turning to cloud-native applications to gain speed, flexibility and scalability. But this new technology radically changes the way software operates and interacts, which also changes the ways that software needs to be protected.

“Cloud-native,” in this context, does not simply refer to applications that are hosted in the cloud; it means applications are truly native to the cloud. These applications are put together on the fly, built from large numbers of small packages called containers that interact through microservices, Computer Weekly noted.

The Challenges of a Distributed Technology

The same speed and flexibility that make cloud-native applications so powerful also creates the need for new security measures with the same characteristics. A further challenge, as InfoWorld reported, is that containers are not visible to traditional security technologies.

A container resembles a lightweight virtual machine. It is lightweight because it does not have its own independent operating system, but instead uses application program interfaces (APIs) to make operating system service calls. Tools that were built to protect a single operating system or host machine interactions cannot “see” containers or their interactions.

Because cloud-native applications are so fast and flexible, their attack surfaces are constantly changing as containers and microservices come and go. Data flow is distributed, requiring constant monitoring, and the speed and volume of activity means that monitoring must be automated.

Following Security Basics and Protecting the Secrets

The appropriate security response can be divided into two phases: initial build and deployment, and runtime activity. Cloud-native applications still adhere to the basic rule that security should be built in from the outset, not bolted on as an afterthought.

Container images — the executables — should be as simple as possible, scanned for known issues during development and digitally signed to verify their integrity. Access to the operating system must be strictly regulated, and segmentation policies should govern how microservices interact with each other. Microservices often exchange sensitive data such as passwords or keys. Data packets of these types are collectively known as secrets, and some implementation platforms provide integrated tools for managing and protecting secrets.

But build-time protective measures can only go so far, because the constantly changing environments in which containers and their microservices live and operate will always be full of surprises. The application environment must therefore be fully instrumented for visibility, and tools must be in place to track and analyze microservice behavior for indications of abnormalities.

Striking a Secure Balance With Cloud-Native Applications

The specific technologies of containers and microservices are new, but the evolution of cloud-native applications is part of the broad, long-term trend that has taken us from the isolated, stand-alone application environments of the mainframe era toward a distributed computing ecosystem. Throughout this evolution, the combination of building in security and continually monitoring activity has been the key to keeping rich and complex environments as secure as possible.

More from Cloud Security

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

How Posture Management Prevents Catastrophic Cloud Breaches

We've all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration. Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall. Could a proper configuration have prevented that breach?…