This post originally appeared in CSO.com.
The landscape around modern security practices is rapidly evolving and complex. As containers gain mainstream momentum, practices such as continuous delivery, cloud development and DevOps require a reinvention of security. Cloud native development is a vital evolution for security in the enterprise, as it equips organizations with the same tools and processes that modern fast moving organizations rely on.
As we saw yet again in the Equifax breach, basic application security processes are a must. Yet, this is easier said than done in traditional software development. It becomes much easier as organizations move to modern DevOps and invest in cybersecurity coverage for these new environments.
Cloud native and security today – Secure the app
I’m speaking at KubeCon + CloudNativeCon North America about how containers enable a fundamentally new approach to security, one better aligned to the way people build and run software today. A few points I’ll cover during the session reference some unique nature of containers and microservices. Three core pillars of containers — the fact that they are declarative, minimal and predictable — make it possible for us to use machine learning to precisely model what they should do and automatically hunt for and prevent anomalies without human involvement, complex rules, or static signatures. This enables a new world approach to security, where protection is automatically aligned with the app and follows it throughout its lifecycle and everywhere it runs. You can read more about my take on these three pillars here.
By leveraging these three pillars, there’s a powerful opportunity to use whitelisting, for example, to only allow known good processes to run. In combination with application intent analysis, enforcement measures help support the intent-based security model and ensure that the app only does what it was designed to do, without trying to create rules that list every possible malicious scenario that could occur.
That said, the threat environment is always evolving and the tools organizations will be using in the future are different than those today. Organizations need to ensure their security controls are decoupled from their infrastructure and can run wherever their apps might be tomorrow, or two years from now. Containers and microservices are ushering in an entirely new operating pattern for organizations, one in which the infrastructure is even more abstracted and ephemeral than the cloud and virtualization patterns that preceded it. Just as virtualization made knowledge of your physical CPUs and disk layouts a quaint concept, so too are technologies like Docker and Kubernetes making the very notion of a server or virtual machine something of a bygone era. These modern operational models require new security tooling built for their high levels of scale and rate of change.
The security solutions of tomorrow
Automated deployment – Software, which requires frequent updates and releases to drive business value, is being developed by multiple business units spread throughout the organization. The right approach to security is to make sure there are automated ways of protecting continuous deployment without slowing down developer velocity. Think of this as traffic cameras and guard rails instead of stop lights and speed bumps. Whereas traditional security required manual reviews and approvals, automated security solutions are build into the CI/CD process and show developers security state at every step, and only allow jobs that meet requirements to progress, all via software.
Machine Learning – One of the technologies that will play a critical role in the security solutions of tomorrow is machine learning. The main reason is that software today is divided and packaged into much smaller entities than it was before. This results in two side effects: first, the number of entities software consists of became much larger, and second, that the complexity of each entity was sufficiently reduced. Defending large numbers of relatively simple entities is a classic problem for the machine learning approach. Since the number of entities is large and frequently changing we cannot rely on manual security configuration and must introduce automation. The fact that each entity is simple makes it possible to effectively learn and enforce its behavior. In fact, this creates a better protection than previously possible because protection shifts from look. Much less human interaction results much less human mistakes, and using latest machine learning techniques enables automatically creating tight and customized behavioral protection around each microservice.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
What Service Meshes Mean for Enterprise Security
Service meshes: Heard of them? By now, you may have. Service meshes ar...
The Business Value of Cloud Native Cybersecurity
“Software is eating the world,” Marc Andreessen wrote in 2011. Fiv...
How To Operationalize DevSecOps Practices
DevSecOps is not as much about the tools as it is about the people and...
Enhanced Visibility: Container Vulnerability Management from Build to Runtime
Earlier this year, I was at a large industry event and ended up speaki...
How Serverless Changes the Security Paradigm
Serverless architectures are quickly becoming a major technology withi...