Cloud Native Implications For Security And Twistlock 18.11
0:00 -:--
Cloud native architectures require a new approach to security. The cloud native stack doesn’t communicate in the predictable and tightly coupled way that stratified frontend, middleware and backend layers provide. Applications composed of microservices and serverless functions are loosely coupled pieces of code talking to each other in unique, asynchronous ways — and there are exponentially more of them. “It’s an explosion of complexity,” said Sonya Koptyev, director of evangelism at Twistlock, in this podcast interview at KubeCon and CloudNativeCon last month in Seattle. When managing such complex environments, it can be difficult for operations and security teams to even know which services developers have running on various cloud providers, let alone to identify and remediate a critical vulnerability such as the recent, major privilege escalation vulnerability in Kubernetes that, if left unpatched, allows attackers to take over entire compute nodes. “Once [companies] get past that couple of hundred…