Challenge of securing cloud-native apps

As increasingly more of our figuring moves to the cloud, safeguarding data and applications hurls another arrangement of difficulties for endeavors.

To learn more about the security implications of going cloud native and how to deal with them, we spoke with president and CEO of Tigera, a provider of cloud-native app protection.

DevOps and security teams face what obstacles the new breed of cloud-native apps, particularly those based on containers and Kubernetes, pose?

Security teams must be aware of the various approaches required to secure their environments as an increasing number of businesses adopt cloud-native architectures, particularly those based on containers and Kubernetes. Cloud-native applications, on the other hand, are too dispersed and ephemeral to be protected in this manner, whereas legacy architectures could be reasonably secured at the perimeter. With an active security platform that automatically scans container images on demand and implements policies that set criteria under which images can be deployed, security teams must bring security controls down into the workloads themselves to address these issues. Further, DevOps and security groups ought to adjust their endeavors to guarantee security is viewed as all through the advancement lifecycle.

Why do infrastructure and security teams require a more comprehensive strategy that shifts the emphasis away from alerting and detection and toward risk reduction and prevention?

You won’t be able to keep up if your sole focus is on identifying known threats. Because of this strategy, application teams have to work hard to fix vulnerabilities from last year while new ones keep coming up. Active security must be implemented rather than imposing this legacy mentality.

Security for cloud-native applications is a team effort between infrastructure and security teams, not a stand-alone issue. The development and security teams that work on cloud-native architectures will need to adopt a new method for creating and protecting workloads. In practice, this indicates that security measures should be incorporated early into the architecture to reduce the attack surface. In the event of a security breach, security teams should also work to implement mitigating controls and take into account the sheer volume of threats that could occur during runtime. Teams can use this to combine threat detection with risk reduction and prevention.

How is zero trust an essential component of this holistic strategy?

A security strategy that only focuses on vulnerability and threat detection is not only impractical but also inefficient in light of the size of the attack surface that cloud-native applications present. Instead, implementing zero-trust principles to reduce the attack surface contributes to both actively preventing breaches and minimizing their impact after they do occur.

Cloud-local applications running on Kubernetes are especially defenseless against the spread of malware due to the open idea of bunch organizing; Pods can connect to each other, even across namespaces, by design. Without implementing a security model like zero trust, it is difficult to detect malware or its spread within a Kubernetes cluster. By allowing communication between pods only when absolutely necessary, zero-trust teams can reduce the blast radius of any potential intrusion.

What are the current issues with cloud-native security and how can this new holistic approach address them?

New procedures, policies, and fundamentals for existing application development and deployment were introduced by the speed of the CI/CD pipeline and the rise of cloud-native apps, containers, and Kubernetes.

Before cloud-local applications in holders and Kubernetes, DevOps groups would construct an application, make a picture, executable or installer and hand it off to the security group. After that, the code would be checked for vulnerabilities, the servers would be chosen, and perimeters would be set up around the environment. The application would be launched once manual permissions were established. The security team’s role, on the other hand, has evolved as a result of the CI/CD pipeline’s automation.

Active collaboration between security and DevOps teams is encouraged by a holistic approach to achieving optimal security and observability in cloud-native environments. Security and DevOps teams must collaborate to ensure that security is built into the build process from the beginning rather than being added later. Security and DevOps work together to improve workload security, implement compensating controls, and track images all the way through execution. Security teams will be able to find any vulnerabilities before it’s too late by working together on this, and DevOps teams will be able to adjust future developments based on security teams’ feedback.

How will cloud-native application adoption and increased innovation affect security? How can businesses close the security gap that has emerged as a result of increased innovation?

The open nature of cluster networking is both a benefit that has led to its adoption and a vulnerability that the CI/CD process must take into account. Since many businesses did not fully understand the inherent differences between cloud-native and traditional architectures—one cannot be simply ported to another without significant changes in design, process, and policies—the rapid adoption of cloud-native architectures led to an increase in breaches. It is by and large comprehended that expanded development presents a more prominent number of unanticipated difficulties. If rushing and breaking things doesn’t sound appealing, I have good news for you: Being proactive is the best way to guarantee the security of cloud-native architectures.

All kinds of vulnerabilities are increasing at an exponential rate. Even if a company hired the best security team they could find, they would still be vulnerable if they didn’t address problems as soon as they surfaced. Security teams, on the other hand, must design their architectures with the understanding that they will be hacked. With this knowledge, teams can begin planning ways to reduce the impact of the breach. To limit the spread from any vulnerable entry point and reduce the blast radius, a zero-trust strategy must be implemented. It likewise implies that security and improvement groups should team up to focus on weaknesses that would have the best effect and acquaint responsibility level remunerating controls with tide over the weaknesses that present just a minor danger. Security teams can focus their efforts where they will have the greatest impact, and businesses can accomplish more with less with these methods.

What is it? What is Task Calico and how has it created?

Project Calico, an open-source networking and security project with a thriving developer and user community, marked the beginning of Tigera’s history six years ago. Calico Open Source emerged from this project and has since grown to become the most widely used networking and security solution for containers and Kubernetes, supporting more than 2 million nodes per day in 166 nations.

Organizations began to encounter more sophisticated requirements for observability and security as adoption of containers and Kubernetes increased. The industry’s only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability, available as a fully managed SaaS (Calico Cloud) or self-managed service (Calico Enterprise), was developed by Tigera by building upon Calico Open Source.

The original Project Calico engineering team established Tigera. We are committed to preserving Calico Open Source as the industry standard for container and Kubernetes networking and security. Additionally, we are providing Kubernetes-native, full-stack security and observability capabilities to business customers looking for a self-managed, on-premises platform or a pay-as-you-go managed cloud service.