editor’s question
ANDREW SENIOR,
CUSTOMER
SUCCESS
MANAGER,
NUTANIX
C
loud has become
the first choice
for modernised
applications,
which we now
term cloud-native
applications.
These dynamic applications are
designed with high scalability
and elasticity in mind to meet the
requirements of a highly competitive and
digitally transforming world.
With the ever-improving ease of access
to cloud-services and low barrier to entry,
it is easy to deploy your applications and
then overlook their security.
Designing your cloud-native applications
with security in mind is essential, clearly
understanding all of the end-points that
you’re exposing.
Containerisation and the move to
micro-services architectures has
added complexity to the application
security landscape.
30
Having a clear understanding and
visibility into these applications is
vitally important as cloud-native
implies a dispersed and dynamic
application architecture and with that
there is potential for attack on more
fronts. Visibility could be provided
by application monitoring, network
monitoring, Intrusion Detection System
(IDS) and Security Information and Event
Management (SIEM) tools.
The ability to react to and address an
attack is of vital importance too, so
understanding what mechanisms and
contingencies you may activate is vitally
important too.
With the risk that an entire cloud platform
could be compromised, it would be
wise to mitigate this through the use of
multiple clouds, both private and public. A
significant cloud attack could constitute a
disaster and invoke a DR plan.
Cloud providers enable you with a
platform to deliver your applications and
hardening them for security remains
your responsibility.
Each provider has services and features
within their platforms to ensure security
Traditional network
security skills and
understanding
are an absolute
necessity but there
are also security
skills required
and learned in the
application space.
for your applications and there are
several third-party tools which are
able to measure security and policy
compliance for your deployments.
Two examples of these policies are
Sarbanes-Oxley (SOX) and PCI DSS.
While clouds and tools provide this
functionality to you, it’s again your
responsibility to make sense of these
recommendations and then use these
services and features to take action and
implement the required measures to
secure your applications.
Traditional network security skills and
understanding are an absolute necessity
but there are also security skills required
and learned in the application space.
Organisations are not only practising
DevOps now but DevSecOps to ensure
that applications are built with security
as top of mind.
Best practices are documented and
available for all of the well-known
technologies in use by modern cloud-
native applications but making sense
of these along with implementation
and governance will require skills and
expertise which may be in short supply. u
Issue 14
|
www.intelligentciso.com