Businesses are increasingly reliant on cloud-native applications despite the strong, broad perception that use of the cloud will drive security risks. This page gathers resources about the security gaps of cloud-native applications •and which issues are top of mind.
Table of Contents:
Below we have compiled publicly available sources from around the world that present views on Cloud Native Security.
The Container Security book by Liz Rice Fundamental Technology Concepts that Protect Containerized Applications
With increased adoption comes increased scrutiny. We should expect more attention on container- and serverless-specific security concerns, including software image integrity, secrets management, controlled access to orchestration management, and several considerations around runtime protection and monitoring. This 451 Business Impact Report explains the requirements of cloud native security and why organizations should approach it differently.
Aqua replaces outdated signature-based approaches with modern controls that leverage the cloud-native principles of immutability, microservices and portability. Using machine-learned behavioral whitelisting, integrity controls and nano-segmentation, Aqua makes applications more secure than ever possible before.
Cloud native applications are typically built using a microservices or container-based approach running on Linux. These applications are designed to be lightweight, flexible and focused on single tasks. Being cloud-native leads to a radically different approach to application development, deployment, and to infrastructure management. The same is true for security — a reimagining of security must take place for cloud-native applications, or we risk cannibalizing the benefits of cloud computing. Learn how to handle these security challenges
Running applications in the cloud brings many advantages like scale, ease of management, and lower costs. However, all of these benefits are moot if the applications are not secure. Security is the first concern for cloud-native applications.
Containers on AWS — This page gathers resources about how to choose a container environment on AWS. AWS offers two fully managed control planes to choose between: Amazon ECS and Amazon EKS. In order to run containers on AWS you need an underlying pool of resources that the control plane can use to launch your containers. There are two options for doing this: Amazon ECS Container Instances or AWS Fargate, which is a service for running containers without needing to manage the underlying infrastructure.
Containers on Azure — Azure provides a lot of options to run containers in the cloud, each with their own features, pricing and complexity. You can run containers (such as Docker) on Azure in Azure Container Service, Azure Container Instances, Azure Service Fabric and Web App for Containers. This page gathers resources about all the container services of Azure and how to deploy and manage containers with these services.
Containers on Google Cloud Platform — Google Cloud Platform (GCP) provides multiple ways to run container workloads in the cloud depending on how much infrastructure management is desired. This page gathers resources about the different ways to run a container on Google Cloud Platform.
IBM Cloud Container Service — IBM Cloud Container Service provides a native Kubernetes Guide experience that is secure and easy to use. The service removes the distractions that are related to managing your clusters and extends the power of your apps with IBM Watson and other cloud services by binding them with Kubernetes secrets. It applies pervasive security intelligence to your entire DevOps pipeline by automatically scanning Docker images for vulnerabilities and malware.
Docker on OpenStack — One of the key features of the OpenStack platform is the ability to run applications, and quickly scale them, using containers. OpenStack is an ideal platform for containers because it provides all of the resources and services for containers to run in a distributed, massively scalable cloud infrastructure.
OpenStack vs. Kubernetes — Containers can be aligned with OpenStack, providing infrastructure, allowing them to share networking and storage with other types of computer resources in rich environments. This page gathers resources about the differences of using OpenStack vs. Kubernetes.
Container as a Service — Containers as a service (CaaS) is a cloud service that allows software developers to upload, organize, run, scale, manage and stop containers by using a provider's API calls or a web portal interface. This page gathers resources about the advantages of CaaS over Paas and a comparison of different CaaS providers.
Cloud Workload Protection — A cloud workload is a discrete capability or amount of work you’d like to run on a Cloud instance. It can be a web server or a container. Cloud Workload Protection mitigates container security risks, so you get the full benefit of the business agility and operational efficiencies they offer. This page gathers resources about workload protection in AWS, Azure and other cloud platforms.