The Ultimate Cloud Native Security FAQ

Ran Ilany
Ran Ilany

Thursday, May 5th, 2022

Do you have pressing questions about cloud native security that keep you up at night, but that you’re afraid to ask? Or, maybe you’re just curious to learn more about cloud native security, and would love an FAQ that provides the answers to all your cloud native security questions.

Here’s the answers to the most commonly asked cloud native security questions that we’re asked.

What is cloud native security and how does it work?

Cloud native security is the practice of securing cloud native applications, meaning those that run on distributed, loosely coupled architectures. It focuses on addressing the unique security risks of distributed, microservices-based environments.

How is cloud native security different from monolithic security?

The main difference is that cloud native applications are more complex than monolithic applications. This is because cloud native applications are more dynamic than monolithic applications. Cloud native security also differs from monolithic security in that modules work independently of each other, meaning that if there is a security fault in one section it will not affect the entire application, as it would with monolithic architecture.

Another key difference is that cloud native architecture presents an expanded attack surface. This is because securing a containerized application requires managing privileged access at image, container, node, pod, and namespace levels, ensuring encrypted tunneling from ingress to egress and other elements that require baking in security from the beginning.

What is causing the massive growth of cloud native security?

Broad industry adoption of cloud native is one major driving factor. As of late 2021, about two-thirds of businesses said they were already cloud native or were planning to migrate to a cloud native strategy.

At the same time, a surge of cloud native security threats has made the ability to secure cloud native applications even more important. 2021 was a record breaking year for cloud native threats, and that trend does not show signs of slowing down.

What are the main benefits of modern cloud native security?

Modern cloud native security tools are fast evolving. As of 2022, tools have become less segmented; cloud native application protection platforms (CNAPPs) can now secure environments centrally, instead of requiring teams to juggle multiple tools (which increases the probabilities of security issues).

Today’s cloud native security solutions are also more resilient. They can remain online despite infrastructure outages, for example.

They’re more automated, too, which helps DevOps save time and take a more consistent approach to security.

What is a CNAPP?

A cloud native application protection platform, or CNAPP, is a solution that addresses multiple facets of cloud security – including cloud security posture management, cloud infrastructure entitlement management and cloud workload protection – via a single platform. This simplifies the overall security ecosystem.

What are the challenges facing cloud native security?

The top cloud native security risks, according to OWASP include:

  1. Broken access control - Access control ensures that users cannot act outside of their intended permissions.
  2. Cryptographic failures - How is data to be protected in transit and at rest?
  3. Injection - When attackers attempt to send data to an API that will change the commands being sent out
  4. Insecure design
  5. Security misconfiguration - Missing security hardening across parts of the API or improper configured permissions on cloud services
  6. Vulnerable and outdated components
  7. Identification and authentication failures - Ensuring an individual or entity is who they claim to be - Usually through the use of tokens or passwords
  8. Software and data integrity failures
  9. Security and logging failures
  10. Server side request forgery

What are some key areas within cloud native security?

The cloud native security domain can be broken down into subcategories like Kubernetes security, API security, microservices and cloud platform security. While all of these categories are interrelated, they involve different types of risks and require different security strategies.

How can you secure your cloud native applications?

Securing cloud native applications starts with ensuring you have full visibility into your cloud environment, including what is running within it and where risks may lie. You should also continuously monitor for known vulnerabilities or misconfigurations that could enable a breach. And you should take steps to improve your overall security posture on a continuous basis by reducing your attack surface wherever possible. This can be done using a platform such as Cisco Secure Application, which allows you to scan containers and pods for issues, enforce least privileges, enforce authentication and authorization policies, and more.

What are some main cloud native security platforms?

Public cloud vendors like AWS and Azure offer some cloud security tools. However, the most comprehensive solutions come from third-party providers, who offer CNAPP solutions that can work with any cloud and any type of cloud architecture.

What is open source software? And how is it different from enterprise software?

Open source software is software whose source code is publicly available, in contrast to enterprise software, whose source code is only available to the company that created it. From a security perspective, open source is more secure in the sense that the community at large can find and fix bugs. That said, attackers can also more easily discover security flaws in open source code, which is why it’s critical to know where open source is used within your organization and whether your code contains any known vulnerabilities. This can be done through API fuzzing and testing.

What are the main categories of cloud computing?

There are three main types of cloud computing services:

  • SaaS, where applications are hosted on cloud infrastructure and delivered over the Internet.
  • IaaS, which makes infrastructure like servers and storage available via the Internet.
  • PaaS, which combines IaaS services with application development and deployment tools in a single platform.

There are also hybrid cloud services, which combine different types of cloud computing architectures to create unique environments.

What should you consider before investing in cloud native architecture?

The most important considerations to weigh are whether you have the engineering resources and expertise necessary to handle the increased complexity of cloud native environments. This will determine whether you are prepared to address the unique security risks that arise in distributed cloud native environments.

Should you use GitOps for cloud native security?

GitOps, which uses Git to manage complex operations, is one way of simplifying cloud native security because it helps to automate complex workflows. That said, cloud native security requires much more than merely adopting a technique like GitOps. Check out our guide to deploying GitOps for cloud native security.

What is Cisco doing when it comes to cloud native security?

Cisco is investing heavily in integrating cloud native security tools into its networking and firewall products. In addition, Cisco is helping to build next-generation solutions to secure cloud native environments like Kubernetes via platforms such as Cisco Secure Application. Finally, Cisco sponsors initiatives like ET&I, which does cutting-edge research on cloud native security challenges and solutions.

What is the Cloud Native Computing Foundation’s role in cloud native security?

The Cloud Native Computing Foundation, or CNCF, is a major sponsor of open source cloud native application and tool development. It also offers some guidance on best practices for cloud native security. However, the CNCF doesn’t focus on security specifically; its main mission is helping to develop cloud native software in general.

What are the main cloud native security events in 2022?

For an up-to-date list of cloud native security events this year, check out our blog.

Where can I learn more about cloud native security?

A list of free and paid training resources on cloud native security is available from the CNCF.

You can also follow our blog, which covers the latest news and best practices in the realm of cloud native security. Or, read more about how our E&I project is pushing cloud native security to new frontiers.