How Cloud Applications Challenge Security

By: Amir Sharif 03.13.2019
How Cloud Applications Challenge Security

Cloud-native workloads in a cloud security chart
We are on a journey from servers to (eventually) serverless technology – with virtual machines (VM) and containers acting as stopping points along the road. On the X-axis, the number of endpoints increases by an order of magnitude. We have ten times as many VMs as we have servers and ten times as many containers as we have VMs.

Servers run for years at a time, typically around 3-5 years. VMs run for months at a time. So this is why the change in frequency increases by an order of magnitude.

Containers are up for days, sometimes hours. Serverless architectures are up for an even briefer time than that. The number of endpoints is increasing tremendously as we move towards more cloud-native infrastructures, and they’re becoming more ephemeral. We use hardware firewalls, SDNs, and a bunch of other techniques to basically limit application access or to secure applications. By creating a set of rules that are enforced by firewalls and SDN overlays, we control what application has access to what resources within the data network security.

On the upper part of the chart above, you will find the cloud-native workloads, an automatic and scalable way of provisioning security which means that you don’t have to worry about creating access control lists and various rules as things come and go.

Under the perimeter agnostic approach, you presume that you are inside a data center as well as inside the cloud, or that you’re both operating on AWS and Azure, and as such, the notion of a perimeter doesn’t matter. Your security policy should be consistent regardless of where your application is running.

Graph that demonstrates tension between past security and cloud security

As with the DevOps / CICD pipeline, your developers can pick up more agile development methods, and you can learn about their intent with the application. Then, using your learning, you can deploy security on a real-time basis, meaning that as a developer makes application changes and changes application intent, you pick that up in development pipeline and you enforce it in the cloud era. Security threats to data and enterprise systems are greater now more than ever. With cloud-native security, the whole idea of security evolves and aligns itself with how software is made today. Security has for the longest time been tied to network constructs, but the adoption of cloud is challenging this practice. Now there is an opportunity to rethink security. For more information on securing cloud-native applications, read our blog here.

Recent Posts Of Ranchers and iPads: How British Columbia Replaced Paperwork with OpenShift and Aporeto The End of the Monolithic Application Simple by design; Automating per-namespace isolation with Aporeto and OpenShift