CYBERSECURITY
Common misconceptions around
cloud-native security
The most crucial part of any cloud native journey is learning about cloud native security early on in the process. BY RANI OSNAT, VP STRATEGY AT AQUA SECURITY ADOPTION RATES for cloud native application architectures are rising quickly within enterprises, and for good reason. Portability, scalability and efficient resource utilisation are commonly cited benefits, but the greatest boon is the significantly reduced deployment times enabled through a cloud native approach. A cloud native approach gives organisations far more flexibility and control over the infrastructure they use, enabling faster workflows and deployment processes. This goes some way to explaining why the number of containers in production has jumped 300% since 2016. However, don’t let these numbers fool you. Although cloud native is gaining a
foothold within businesses, there is still a lack of cloud native experience within many development teams, and a lot of common misconceptions, particularly regarding security. Misconception #1 – We don’t need a specific cloud native security strategy The separation of discrete computing components in containers, alongside concepts like immutability, provide the impression (at least at first glance) that cloud native applications are, by their very nature, secure. This is one of the most common misconceptions we see, and quite a dangerous one at that. It is, of course, convenient to assume that containers ‘contain’ and are segregated from other containers and the OS they’re running on. But the truth is not so simple. If one runs a container with root privileges, that container could potentially access all the resources on the host, opening up the possibility for an attacker to take over that host. Privileged access must be controlled before the container is deployed and re-checked using cloud native runtime enforcement capabilities. Embedding cloud native security into cloud native initiatives can make applications and infrastructure more secure, and microservices running in containers or as serverless functions, provide ways to limit exposure. However, a cloud native deployment without a security strategy does not necessarily enjoy full protection, and security teams must still set policies across the build, cloud infrastructure and running workloads.
22
WWW.DIGITALISATIONWORLD.COM
l
ISSUE VII 2021
l
COPYRIGHT DIGITALISATION WORLD