This post originally appeared on The New Stack.
You’ve decided to update your security tools and strategy to address modern cloud native threats. Now, you need to figure out what to look for in a security platform.
That can be a tough quandary to solve. As more and more vendors roll out security tools tailored for containers and the cloud, there are an increasingly wide range of next-generation security tools solutions to choose from. But some are a better fit than others for achieving a holistic cloud-native security strategy.
Let’s take a look at the main features that a cloud native security platform should provide for your team.
What Is Cloud-Native?
But suffice to say for this post, when we say cloud-native, we’re not just referring solely to workloads that run in the cloud — we’re also thinking of technologies that were designed first and foremost for cloud-centric infrastructures.
Cloud-native environments include technologies like containers and serverless functions. Neither of these technologies has to run in the cloud (yes, you can do serverless on-premise if you want). But they tend to be important building-blocks for infrastructures that are based mostly or completely in the cloud.
With that clarification out of the way, let’s explore some of the specific features necessary to secure cloud-native workloads, whichever form they take.
Perhaps the biggest differentiator between many of the cloud-focused security tools available today is their breadth.
Some tools are designed to support only specific types of infrastructure (containers tend to be the most common). Other platforms, however, take a broader and more holistic approach by delivering security monitoring and threat remediation not just for containers, but for all of the components that are part of cloud-native infrastructures — from serverless functions to plain-old virtual machines.
Even if you only use one type of infrastructure technology today, you don’t know what your needs will be tomorrow. That is why a cloud native security platform that offers broad coverage of different technologies will deliver the greatest value.
Whitelist-Based Access Control
There are two approaches to controlling access and securing resources.
One is blacklisting, which entails letting everyone in by default,while it blocks access from certain parties.
The other is whitelisting. Under this approach, you block everyone by default and grant access only to parties whom you identify as legitimate and trustworthy.
The blacklisting approach is the traditional one. It came from an age when network configurations and infrastructures were static and threats were predictable.
However, for today’s dynamic cloud native environments, whitelisting delivers a higher degree of security. It’s better to err on the side of restricting access as much as possible than to assume that you know where all of your threats are before they strike and know whom to blacklist.
If there’s one thing that has become clear in the cloud-native age, it’s that no one knows which technologies will emerge in a meaningful way in the future.
In 2013, when Docker debuted, containers were the latest-and-greatest way to deploy applications. Then serverless started to go mainstream with the launch of AWS Lambda in 2014. Today, you have people talking about unikernels as the wave of the future. Meanwhile, cloud vendors are vying with one another to create newer and easier ways to manage containers (which is why we’ve seen the debut of solutions like Fargate on AWS).
What this all means is that you don’t know which types of environments you’ll need to secure in the future. For that reason, it’s best to choose a security platform that is designed with future needs in mind, and that has a history of evolving to accommodate new types of technologies. Tools that are still focused mostly on containers are not going to do much to keep you prepared for the future.
We hear all day long about how important automation is. But the fact remains that when it comes to security, automation is still not the rule in all cases. Because of the complexity of interpreting and responding to security threats, some teams still take a mostly manual approach to security.
Yet the reality is that manual security doesn’t work in the cloud-native age. Environments move too fast, and configurations change too quickly for your engineers to be able to interpret security threats manually and react in a timely fashion. You therefore need tools that can make informed data-based decisions about threats for you, then take action to stop them before they cause damage.
Keeping your cloud-native environments secure is not necessarily enough. You also need to be able to prove that they’re secure — and demonstrate what went wrong and how you reacted when a breach does occur. That’s the only way to keep auditors happy and avoid regulatory fines.
For this reason, you want a cloud-native security platform that integrates reporting and compliance. Otherwise, compliance has to be a separate process, which not only increases complexity but also makes it easy to overlook important compliance-related obligations.
Selecting the right security solution is an absolute requirement for any successful cloud native deployments. While many vendors will likely claim they can offer what you need, only consider those that can provide future proofing, whitelisting, compliance and automation. Finding the right solution is no easy task, of course, but once in place, you will have taken control over defending your infrastructure and data against one of cloud native’s most daunting potential threats.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
2019 Gartner Market Guide for CWPP: What You Need to KnowRead the Blog
Key Differences in Security, Management for Serverless vs. ContainersRead the Blog
Docker vs. KubernetesRead the Blog
How Cloud Workload Protection is Different than Application SecurityRead the Blog
Zero-Trust Security: What It Means and How to Achieve ItRead the Blog