Last year, an estimated 82% of all data breaches involved data residing in the cloud. There was a 75% increase in the total number of cloud intrusions between 2022 and 2023. The vast majority - 98% - of businesses have a relationship with a cloud vendor that has experienced a data breach in the last two years.
These statistics help illustrate why cloud native security is such an important topic. You can always rely on threat actors to move with the times. And now that most organisations have at least some of their software, data, or infrastructure in the cloud, it follows that this is the area where bad actors will focus their efforts.
Cloud native security reflects this. It recognises that applications that reside within cloud environments have specific characteristics and vulnerabilities. It assumes - rightly - that threat actors will be ready and willing to exploit this. You need an appropriate, targeted mix of security practices and technologies to secure those apps.
Here’s a closer look at cloud native security, the vulnerabilities it seeks to address, and the principles it puts into practice in order to protect against the threats that prevail in cloud environments.
What Is Cloud Native Security?
Cloud native security refers to security practices and technologies designed to secure applications built and deployed in cloud environments.
This is not about taking the usual tried-and-tested security principles and simply carrying them over to the cloud. Even for decision makers with strong cybersecurity credentials, it can involve something of a mindshift. If you are approaching cloud native security for the first time, here are some key assumptions to be aware of:
Everything in the cloud is software-defined (i.e. managed as code). This makes them highly configurable, but also susceptible to misconfiguration.
Systems are distributed. Instead of being monolithic, cloud apps are distributed (often across containers). A single application may span multiple cloud providers, so security needs to be implemented consistently across diverse environments.
Traditional perimeters do not exist. It’s usual for workloads, users and data to move across networks. Familiar, perimeter-based defences (firewalls, for instance) become moribund. In their place, the focus needs to be on identity-based access and zero-trust principles.
Applications operate at scale. Cloud-native systems are generally designed to grow or shrink rapidly based on user requirements. Likewise, security controls must be capable of scaling automatically, and security checks must be balanced with performance needs.
What Vulnerabilities Does Cloud Native Security Seek to Address?
Here are some of the most common vulnerabilities inherent in cloud environments, and how cloud native security addresses them:
Misconfigurations
Sensitive data or systems can easily be exposed through misconfigured settings in cloud resources, containers, or Kubernetes clusters (the standard tool for organising containers).
Effective native cloud security involves hunting out these issues at the earliest possible stage. This includes use of tools such as Kube-Bench to identify misconfigurations in cluster settings, and tools to scan your code to check configurations prior to app deployment.
Insecure APIs
APIs (Application Programming Interfaces) enable effective communication between different cloud elements. However, vulnerabilities, including weak access controls, lack of input validation, and misconfigured API endpoints can make APIs vulnerable to attack.
Deployed as part of your wider native cloud security strategy, tools such as Postman or ZAP can test APIs for a range of vulnerabilities.
App Code Vulnerabilities
The larger and more complex the cloud application, the greater the chances of vulnerabilities creeping in; for instance through the carrying-over of vulnerabilities from outdated libraries, or new issues arising from custom code.
On the software development side, cloud native security good practice demands that you try and out these vulnerabilities very early in the development lifecycle. A particular approach to testing, static application security testing (SAST) can help you here, as can dedicated vulnerability identification tools, such as Snyk and Dependabot.
Visibility
Cloud native environments can often span multiple cloud providers, while resources such as compute, storage, and networking are able to be automatically provisioned and de-provisioned based on capacity requirements. This results in a dynamic environment; one where it becomes especially hard to monitor potential threats in real time.
Cloud native security demands the ability to maintain visibility across what may be a rapidly changing environment. Dedicated tools such as Sysdig Secure, Elastic Stack and Fluentd help you achieve this.
How to Create a Cloud Native Security Strategy
The right approach to cloud native security depends on the extent and nature of your organisation’s cloud activities. Broadly however, successfully implementing cloud native security best practice requires the following approach:
Discovery Process
Blind spots run the risk of leaving parts of your environment exposed. You should identify all assets (workloads, applications, data, and services) that make up your cloud environment, and map out its design. It is usual for cloud services to operate under a shared responsibility model, which means you need to be clear on which aspects of security are your responsibility, and which are handled by your providers.
Hardwire Cloud Native Security into the Software Development Lifecycle
When it comes to app development, best practice demands that you implement the right security checks at the right time during the development process (not as an afterthought!). Areas to focus on here include training developers to follow secure coding guidelines, and the use of automation to scan code for vulnerabilities.
Identity and Access Management
Traditional notions of ‘perimeters’ do not apply to cloud environments. Instead, any strategy for cloud native security needs to focus strongly on access management. The most appropriate stance to take is commonly referred to as ‘zero trust’; the idea that nothing and no-one across your environment should be automatically trusted.
In practice, this involves implementing a range of measures; e.g. role-based access control (RBAC) to grant the least privilege necessary for users and services, multi-factor authentication (MFA), and centralised identity management.
Monitoring
Aim for a bird’s-eye view of your environment by aggregating logs for all cloud services and infrastructure into a centralized location. Create a playbook for responding to security incidents, test it regularly, and ensure policies are in place so users are clear on how to report incidents.
Developing Your Cloud Native Security Expertise
Because this is an evolving area, and also because there are some significant points of departure from traditional security notions, getting to grips with cloud native security can pose a challenge - even for seasoned technical leaders.
To build and validate your expertise in this area, it may be worth considering formal cloud security certification. A couple of notable examples include the Certified Cloud Security Knowledge certification (CCSK) from the Cloud Security Alliance; a vendor-neutral certification covering security best practice in a range of environments, as well as the Azure Security Engineer Associate and AWS Certified Security certifications (focusing on Azure and AWS environments respectively).
