Many organizations are able to push the boundaries of software innovation to new levels through cloud native adoption. What used to represent a year’s worth of deliverables for developers is now being met in a matter of months — even weeks. Like an astronaut stepping out into a brave new world, we put our stake in the sand, hold our heads high and embrace this bright new future.
“One small step for man, one giant leap for mankind.” — Neil Armstrong
But security teams are challenged by cloud native. With a growing number of apps running on more platforms in more places than ever before, cloud native is an ever-expanding, omnipresent multiverse. Traditional security methodologies are no longer relevant in this new landscape, as security is being pushed closer to the workloads and “perimeter” is as abstract a concept as the cloud itself.
Because security and development teams have traditionally worked in silos, advancements in application development were often implemented in the absence of advancements in security methodologies to support them. This created significant gaps and left organizations more vulnerable than ever — that is, until DevSecOps entered the universe, bringing hope.
“Beam me up, Scotty.”
DevSecOps is the perfect match for cloud native. It epitomizes everything we love about cloud native by nature: It is integrated, multifaceted and focused on automation and speed. A recent research survey from ESG found automating security via CI/CD integration, i.e. DevSecOps, is becoming the industry standard approach for organizations looking to secure cloud native applications.
Having this gold standard established is a good thing — it gives organizations a crystal-clear goal to work towards. But although the destination has been identified, the path to getting there is still shrouded in mystery.
“Houston, we have a problem.”
The security point tools that have flooded the market in recent years showed promise to secure cloud native applications. Unfortunately, their fragmented nature — each of them only accounting for part of the problem — runs counter to the goal of an integrated DevSecOps culture, which is a requirement for effectively securing cloud native apps. The good news is leveraging a fully integrated Cloud Native Security Platform (CNSP), which weaves consistent security throughout the entire CI/CD pipeline, can actually unite DevOps, infrastructure and security teams alike under one homogenous workflow. This makes DevSecOps a natural evolution rather than a forced deviation.
“To infinity and beyond!”
The surge of cloud native adoption is mirrored by the growth and popularity of KubeCon + CloudNativeCon North America. These modern application workflows bring with them the promise of accelerated technological achievement — however, it is absolutely critical that this is bound by a proper security foundation, or companies will see cloud native as a rocket ship that’s destined to hit the dust.
That’s why we partnered with Cloud Native Computing Foundation (CNCF) for KubeCon 2019 in order to help organizations harness the full potential of cloud native and adopt the right security tools and capabilities in the process.
“May the force be with you, always.”
It’s safe to say the technology industry is transforming to embrace cloud native. The question remains if organizations can adopt effective security controls to keep pace.