I caught up with Scott Fulton III on this edition of The New Stack Makers podcast to discuss what makes distributed security ‘Cloud Native’, and why cloud native architectures are inherently more secure.
Check out the full article here and some of the talking points below:
[2:30] Twistlock is Cloud Native Cybersecurity. We chose the term ‘cloud native’ because of the Cloud Native Computing Foundation (CNFC), and the focus that it has. We look to address anything that is a native part of the CNCF stack.
[4:00] Twistlock started with a focus on securing containers, and while containers are still a critical and a foundational part of what we do, Twistlock is ‘cloud native cybersecurity’ because we recognize that customers take a broader approach. We look at the entire stack of modern cloud native architecture.
[6:10] Serverless functions have a lot of advantages, but are not always what you need. We’re seeing that customers are taking an “all of the above” approach and are using the right parts of the stack for the right parts of their problems they want to solve.
[9:20] A lot of the technologies and procedures that devops enable are fundamentally about getting developers closer to the customer, meaning that developers need to be more security conscious today than they may have had to in the past. [11:30] This has guided a lot of what we’ve done with our product in that we’re not only trying to provide a comprehensive security platform that appeals to CISOs, but also a native, integrated experience for developers.
[20:40] Containers are predictable, and that predictability is one of the things that allows us to do security in a more scalable and automated way than traditional systems. We’re taking advantage of the characteristics of containers.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Baking Compliance in your CI/CD PipelineRead the Blog
Serverless Security Suggestions: Tips for Keeping Serverless Functions SecureRead the Blog
Why a Common Security Toolset is Essential for DevSecOpsRead the Blog
Putting the “Ops” in DevSecOps: Why It’s Hard and How to Do ItRead the Blog
Why the Point Solution Mindset for IT Security is DeadRead the Blog