Interest and adoption of cloud native is growing enormously, and more businesses are turning to cloud native to accelerate their digital transformation journeys. However, as cloud native tools become more central to the running of these businesses, new security threats are emerging, and security becomes ever more important. It’s a fast-paced environment, and businesses adopting a cloud native approach need to keep on top of these emerging trends.
Increased Risk and More Sophisticated Attacks
As with many technologies, with increased usage comes increased risk. In this case, increased risk of more sophisticated attacks, particularly those aimed at the supply chain.
Bad actors have devised new ways to infiltrate the cloud native supply chain and infect the images, dependencies, and open source components that developers rely on to deliver the fast-paced lifecycle of cloud native applications. Often, developers use third-party base images or images from public repositories as a starting point for their code. While this shortens the development time, the public repositories used to host these images has meant that attackers can corrupt these images by embedding them with malicious code.
To counter these risks, developers should be scanning for both known vulnerabilities, but also implement dynamic threat analysis to help identify malicious behavior that can only be identified once the image has been instantiated. This should be conducted in a secure sandbox environment prior to the image being pushed into production. These measures should help address the broadest range of today’s attacks, including sophisticated evasion techniques and malicious behavior that cannot be identified by static scanning alone.
Supply chain attacks are just one example of where we’re seeing an increase in sophisticated attacks against cloud native environments and, in particular, Kubernetes. Previously, attacks against container environments have focused on exploiting configuration mistakes, for example the attacks against Docker APIs last July. Two particular emerging threats are attacks utilizing malware and rootkits. To keep up with the changing risk landscape, it is important that security tools are reviewed and refreshed regularly.
Team Culture and Organizational Strategies
Over the past few years, we have seen developers integrate with Operations teams into DevOps functions, and in some organizations we see security included as well forming DevSecOps teams. In some leading organizations we are now starting to see the emergence of ‘platform teams’. These teams are dedicated to establishing the company’s cloud native platform strategy across all domains. Once in place, this allows the developers to focus more closely on the company’s core business, knowing that the tools and processes are in place for operations and security to deploy transparently, safely and reliably.
These organizational changes come with multiple benefits for developers who may no longer need to have such in-depth knowledge into the Kubernetes itself, or understand what must be done to secure the workloads at runtime. However, these platform teams will need to be experienced in cloud native security to safeguard their environments against the increasingly sophisticated attack landscape.
At the same time, services such as AWS Outposts, Azure Stack and Google Anthos aim to provide customers the ability to bring the advantages of the public cloud to applications they run on their own infrastructure. While some may view this a way to go back to the traditional perimeter and host-level security models that worked in data center environments of the past, the fundamental methodology in how code is developed for cloud native applications outlined above still apply.
Modern Application Development
Architects have a plethora of options to run a specific application component in the right service. Containers are just one of several cloud native options, alongside serverless functions and VMs. Core processing options will continue to be relevant in the context of headless VMs, but for other serverless functions and DevOps tools we will begin to see cloud architects trialling new approaches.
The cloud native landscape is constantly changing and evolving. For those of us who work in this space it is important that we stay on top of new trends, squeeze every benefit out of our cloud native investments and, most importantly, keep these environments secure.