The cloud native paradigm provides new opportunities for improving security. Technologies like containers and microservices enable a new level of dynamism that not only makes application delivery faster and more efficient, but also more secure.
Of course, running a tight security ship in a cloud native environment doesn’t happen on its own. You need to develop the right strategy for securing your cloud environments and ensuring that you are making the most of the resources available to you for hardening your applications and infrastructure against attack.
Defining Cloud Native
Broadly speaking, cloud native can be defined as the ability to run or deploy any application or service, wherever you need it, without having to take extra steps. Cloud native applications don’t necessarily have to be deployed in the cloud, but if you want to run them in an agile cloud-based environment, you can do so without any special effort.
The ability to deploy your app wherever you want is a major improvement over the old pre cloud native era, when you had to worry about manual infrastructure provisioning and configuration, lack of cross-platform portability, networking limitations, and so on.
Cloud Native Security Challenges
The flexibility that cloud native technology provides does not mean, however, that you can forget about security. On the contrary, cloud-native environments present all of the security challenges of traditional ones, and some more to boot.
This is a problem because security practices and resources at many organizations have not kept pace with the evolution of cloud-native technology. Some organizations still rely only on perimeter-based defenses (like firewalls), which don’t work well in a cloud-native stack because there is no reliable perimeter.
Companies may also be using legacy intrusion detection tools or monitoring systems that are not capable of handling cloud-native infrastructure. Containers and microservices involve many more moving parts and require a new approach to security detection.
Securing Your Cloud Native Environment
So, what’s a security admin to do? How can DevOps teams address the new security challenges they face in the cloud native age? The following strategies can help.
Place Security First
Teams must avoid the mistake of treating security as a process that can get tacked onto the end of the delivery chain. Don’t wait until production, or just before production, to worry about the security of your apps. Instead, shift security to the left by integrating it into all stages of the delivery cycle.
It should go without saying that a secure environment is one that is updated regularly.
The mistake that is easy to make when it comes to updates in a cloud native environment, however, is that, because modern apps are usually updated automatically, organizations often take a hands-off approach to updates.
This isn’t smart. Just because your updates are applied automatically doesn’t mean you should stop reviewing them. Updates can change configurations in ways that lead to vulnerabilities, such as by opening new ports. This is why you should take a hands-on approach to updates.
Ideally, you’ll also apply updates in a pre-production testing environment in order to test them before you apply them in production.
Intrusion Detection and Alerts
I’ll say it: Alerts can be annoying. They often consume lots of space in your email box.
But the fact is that you can’t ignore alerts—though you can modify your security detection systems in order to minimize the number of false positives and noise that you get.
Keep in mind, too, that if you didn’t have a security alerting system, the only other way to stay ahead of threats would be to review logs manually. That would be much more tedious than reviewing alerts from a well-configured intrusion detection system—Plus, manual log analysis just isn’t possible to perform on a large scale.
So, although handling security alerts may not be the most exciting part of your job, it’s a very important one—and it saves you a lot of effort in the long run.
When implementing an application in the cloud, you should take extra precautions to lock down access control. This can be more difficult in the cloud because cloud applications tend to involve multiple services, and their attack surface can be wider because they are often accessible over public networks. But if you don’t implement strong access control, you’re basically asking for your cloud apps to be compromised.
This is why you should take advantage of strong authentication protocols, like OAuth, OpenID, SAML and HTTP Basic Authentication. Implementing and maintaining strict access control may be more work, but it’s essential for effective cloud native security.
Everyone knows that security is important. But in a cloud native world, it’s more important than ever. Responding effectively to cloud-native security threats requires a revamping of traditional security practices and a new generation of security tools (including Twistlock) that were designed from the ground up for the cloud-native, containerized, microservices age.