Cloud-native applications that are based on new types of infrastructure such as containers and serverless platforms are being rapidly adopted by organizations worldwide. While cloud-native applications deliver compelling benefits such as elastic scalability, unmatched resilience and rapid development velocity, they also raise challenges.
Cloud-native applications have a huge number of moving parts and are based on short-lived infrastructure elements that are here one minute and gone the next. This raises operational and maintenance challenges, but above all, it creates security concerns. Cloud-native security requires new approaches, strategies and tools. In this article, I’ll cover a few tips that can help you improve security for your organization’s cloud-native portfolio.
What Is Cloud Native?
Cloud-native applications are built for the cloud, and oftentimes the entire software development life cycle—development, deployment, testing and updating—happens in a cloud environment. “Cloud” isn’t limited to the public cloud. It can mean a hybrid cloud with remote and local resources or a multi-cloud architecture with more than one cloud provider.
The Cloud Native Computing Foundation (CNCF)’s definition identifies three tools that should be used for cloud-native computing. These are containerization, a microservices architecture and dynamic orchestration. Containerization means that software is bundled with its dependencies, thus making it portable and scalable. Dynamic orchestration involves using tools like Kubernetes to manage containers in the cloud. And the microservices architecture is responsible for optimizing resources. Containers can be substituted by serverless functions, another common flavor of cloud-native computing.
Cloud Native Security Challenges
Cloud-native applications pose major challenges for infrastructure and application security. Here are a few of the key challenges.
Numerous Entities to Secure
DevOps and infrastructure teams leverage microservices to run cloud-native applications. In the past, multiple processes or software functionalities would run on one virtual machine. Now, each process or capability is packaged as (Read more…)