This article originally appeared in Security Boulevard.
For decades, we’ve operated in a “point solution” mindset when it comes to IT security. In other words, we’ve used distinct tools to address distinct security needs.
That approach to security worked well for decades. But the world has moved on. We no longer occupy an IT landscape in which security needs are best served by devoting different solutions to different types of threats.
Instead, we live in a cloud-native age that demands integrated, holistic security strategies and tools. In the cloud, point solutions don’t work. Let me explain…
The Point Solution Approach to Security
When I talk about point solutions, I’m referring to a security strategy in which each security tool or process addresses a specific need and ignores others.
For example, under a point solution strategy, you might have one solution for vulnerability management, another for runtime protection, and another for firewalling. Each tool is deliberately designed and implemented in a way that prevents it from overlapping with the other tools.
In a point-solution world, each tool is supposed to do one thing, and do it well.
Point solutions worked great in static software environments where that could be broken into distinct layers that did not overlap. As long as your firewall configuration doesn’t have to change when a new app process starts running, for example, you can manage the security of your environment using point solutions.
Point solutions are also good and well in situations where resources are not in particularly high demand and you can afford to have a half-dozen different security agents running on each host.
The New Security Demands of Cloud Native Computing
Fast-forward to the present, however, and most software environments have shifted to a cloud-native architecture that looks very different from the environments described above.
Today, your applications run in complex, highly dynamic environments where each component impacts other ones. Firewall needs change dynamically as services spin up and down. The baselines used to establish what constitutes “normal” activity are continuously updated as environments scale up and down. Network and infrastructure boundaries blur together in environments that merge on-premises infrastructure with multiple clouds constructed of software-defined layers of networks and storage.
In a cloud-native environment, a point approach to security fails, for two main reasons.
The first involves simple feasibility. Infrastructure is expensive, and if you devote resources to hosting multiple security processes, you waste money. We all want to reduce our cloud-computing bills, and avoiding unnecessary security agents is one way to help do that.
Second, at a more fundamental level, a point approach to cloud-native security comes up short simply because it’s impossible to set up multiple tools and assign each one to a distinct task in environments where everything blurs together in interdependent ways, and are always in flux.
A security agent that pays attention only to your firewall is not going to do its job very well when changes within other layers of the environment cause the firewall to be updated. A tool that monitors access control policies will be unable to keep up with the needs of the environment if it does not also monitor the ways in which software-defined storage systems change and evolve as data moves between hosts.
A New Approach to Security for Cloud-Native Computing
So what do we do to replace the point approach to security that we’ve known for decades?
The answer is to embrace a new security philosophy that focuses on using a single agent to address all of your environment’s security needs. The agent needs to be aware of all of the interdependent components of your environment and monitor them dynamically so that it can detect vulnerabilities and anomalies, even in environments that lack a static baseline of “normal” operations.
Such a strategy not only saves resources and leads to more effective security coverage of dynamic cloud-native environments—it also delivers a better experience from security admins’ perspectives, because it makes it possible to perform all security operations through a single agent. That agent can be programmatically accessed through RESTful APIs, simplifying administration and deployment.
I know—The idea of a single, comprehensive agent to address all security needs is at odds with the philosophy which is deeply embedded in the minds of those of us who have worked in IT since the elder days—that it’s best to break our software stacks into distinct pieces and let each piece focus on a specific job. But there’s also much to be said for the argument that having too many cooks in the kitchen is a bad thing, and that’s certainly true of security agents.
The simple fact is that software environments are no longer static or simple enough to be effectively managed by a multitude of agents that each focus on one specific role. Today’s security tools instead need to be able to deliver a comprehensive set of capabilities, from firewall and runtime security to vulnerability detection and compliance management.
In short, it’s time to move beyond point solutions for security. They served us well in the past, but cloud-native architectures require a fundamentally new approach.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
5 Questions to Ask When Choosing a Cloud Native Security Platform for DevOpsRead the Blog
CVE-2018-1002105: Critical K8s VulnerabilityRead the Blog
Advanced runc Debugging for Fun and ProfitRead the Blog
Introducing Twistlock Support for AWS Lambda LayersRead the Blog
Cloud Native Security Intelligence: Integrating with AWS Security HubRead the Blog