Software developers and malicious actors both love cloud-native applications, but for very different reasons.
Developers understand the many benefits of using cloud-native applications, including architecture, agility, flexibility and scalability.
Nefarious actors are increasingly exploiting the fact that traditional security solutions aren’t equipped to manage the growing threat landscape in cloud-native environments, especially with technologies such as containers, Kubernetes, functions and pipelines.
Attack services are increasing, said Benjy Portnoy, Vice President, Global Solution Architects at Aqua Security, which specializes in cloud-native security. “We see not just a significant increase in the volume of attacks that are specifically targeting cloud-native technologies like Kubernetes, Docker, etc., but also in the sophistication of these attacks, such as the evasion techniques being used,” he said.
To provide robust security of cloud-native applications, Portnoy said, federal government agencies must address three key areas: people, processes and technology.
Fill the Knowledge Gap
Agencies need their security teams to have both the knowledge and the tools to secure cloud-native applications, said Portnoy. For example, what are serverless functions, and what are the ramifications for application security? What are common causes of Kubernetes misconfigurations, and how can they be exploited by malicious actors?
But agencies also need their developers to understand the risks involved and how to mitigate them during the development process. “How do we foster that collaboration between security teams and the developers to ensure that the entire application lifecycle has the relevant processes and security controls in place?” he said.
Revisit Traditional Processes
Many core cyber defense processes built with traditional technologies in mind don’t address the risks with associated cloud-native applications. One challenge is that cloud-native applications typically are built using containers, providing a specific function that can scale as needed. This can pose a problem when it comes to a process such as incident response, said Portnoy.
“Typically, containers are ephemeral by definition, sometimes around for just minutes or hours,” he said. “By the time a breach has been discovered, it’s likely that the particular container that was used in this breach will no longer exist, making incident response and containing the attack a challenge.”
Use Cloud-Native Tools
Automation is essential. One of the main reasons organizations adopt cloud-native methodologies is the speed with which they can develop, deploy and scale applications. Without automation, security risks will not be addressed, or mitigation efforts will gum up the works.
To address the complexity of this environment, Aqua created a Cloud Native Application and Protection Platform (CNAPP). Aqua’s platform stops cloud-native attacks from code to cloud and back, identifying risks early in the application lifecycle while protecting production workloads from attack.
“Our platform was built to help organizations address the risks and gain visibility into the threats they face throughout the entire application lifecycle, ensuring that security teams understand the context of an attack so they can prioritize and remediate the highest risks to the business,” Portnoy said.
This article appeared in our guide, “A New Cyber Game Plan Takes Shape.” To learn more about how respond to — and head off — the latest threats, download the guide: