The evolution and future of cloud-native security - SD Times

The evolution and future of cloud-native security - SD Times

May 3, 2021

With the acquisition of my company, StackRox, by cloud-native technology vendor Red Hat, it seems like a good time to reflect on the state of cloud-native security.  Security in the cloud has been my life for the past five years, and it’s changed very quickly as new cloud-native platforms have taken over the industry.  We’ve had to create new tools and approaches to meet the new technologies and workflows of today’s cloud and will need to continue evolving them to meet the challenges of tomorrow’s.

Before we get into the future of cloud-native security, though, let’s look at where we started in the distant past of … seven years ago.

Our industry started with a focus on basic security hygiene for containers, which formed the basis for “container security.”  While container-related technologies had existed for over a decade, Docker provided the toolset that popularized the Linux container as a standard distribution format for applications, making it widely accessible and adopted.  While it started out with developers building and running containerized apps on their local machines, Docker containers rapidly found their way into many software environments.

RELATED CONTENT: 4 reasons the future of cloud-native software is open source

Suddenly, with thousands of applications being distributed via Docker Hub, people realized this new, emerging area of the stack created new security problems. One of the most straightforward to address first was preventing obviously vulnerable software from being introduced into production environments. Container image scanning became commonplace, with many different options available, including open-source scanners like Clair and OpenSCAP, paid offerings like Black Duck, and ones proprietary to cloud providers.

“The Clair team built it in 2015 to detect vulnerabilities as soon as images were pushed to a registry. By making your container contents more visible, we helped mitigate the distribution of vulnerable applications across servers and workstations. This may sound historical, but many popular public container images are still vulnerable,” remarked Louis DeLosSantos of the Clair project.

Image scanning was “good enough” for most users since they were still running containers in a limited context, such as for non-sensitive web apps, or strictly in development and testing.  But then organizations started running containers in production and everyone had to think about baseline security best practices for the underlying container infrastructure, which led to the Center For Internet Security (CIS) Benchmark for Docker and other tools and guidelines such as those published by the National Institute of Standards and Techonlogy (NIST).  A few platforms, like OpenShift and CoreOS, extended this approach with security modules to further lock down the operating system on the underlying nodes.

Generally speaking, this combination of...

Read more on sdtimes.com

Our customers and partners trust and hire our IT Team to fulfill their technology needs:

What we do

We stick by your side from day one. And we won't leave.

We design the system architecture and system engineer from scratch working directly with companies to achieve the final goal, to assure everything works perfectly and fulfill your needs at the end.

Programming Languages:

Systems:

    Android

    AndroidTV

    Arduino

    iOS

    Linux

    OS X

    Tizen

    webOS

Other Technologies & Frameworks:

    AWS

    Cordova

    Docker

    Kubernetes

    OpenCV

    Tensor Flow

Contact US

Do you need to hire an IT
Team for your project?

Our team makes your IT project happen.