Discover Why Cloud-Native Security is Crucial to Enhancing Your Cloud Security

This session reveals why cloud-native security is crucial for protecting cloud-based systems from cyber threats.

Brandon Taylor, Digital Editorial Program Manager

July 26, 2024

5 Min View

Cloud native security takes a proactive approach to security, with a shared responsibility paradigm that elevates privacy and security, which is essential for protecting modern cloud environments.

The transition from traditional public clouds and services to microservices-based cloud-native environments can seriously shorten the lifespan of your security controls and strategies in a hurry.

In this archived keynote session, Sherelle Moore, director, IT security of Compass Datacenters, shares tools and processes that enable you to stay ahead of attackers with cloud native security. This segment was part of our live webinar titled, “Enhance Cloud Security with Cloud-Native Security.” The event was presented by InformationWeek on June 25, 2024.

A transcript of the video follows below. Minor edits have been made for clarity.

Sherelle Moore: So, what is cloud-native security? Cloud-native security refers to both platform and infrastructure, as well as continuous application security. Cloud-native security is designed specifically for the cloud.

The security must be built into assets as you're working to secure them, and requires high fidelity, visibility, and context. It offers better scalability, resilience, and increased flexibility.

This applies to multiple layers from the OS to the container of the application and uses or applies a proactive approach that protects or anticipates any cyber threats before they happen. So, let's talk about cloud security versus cloud-native security.

Related:CrowdStrike, Microsoft Outage Causes Global IT Meltdown

What is the difference? Cloud security is designed to protect cloud infrastructure applications and data. It was originally designed specifically for local computers and servers that were then migrated or moved to the cloud later.

Cloud security also ensures user and device authentication data and resource access control along with data and account privacy. Now, unlike cloud security that places the responsibility on the organization, cloud-native security operates on a shared responsibility paradigm.

Cloud-native security focuses on data moving through systems, unlike traditional cybersecurity, which places responsibility on security and the organization.

It means that the cloud-native security is elevating privacy and security altogether, which focuses on payload versus perimeter, meaning it takes a holistic approach from the top down. It also has advanced automation and analytics.

It will also enhance artificial intelligence (AI) and machine learning (ML), ensuring that data moving through the systems has an extra layer of security, and limits exposure to cybersecurity attacks and possible breaches.

Related:Encryption as a Cloud-to-Cloud Network Security Strategy

This is all done through encryption and data access policies in that environment. Lastly, an offering that cloud-native security has that cloud security does not, is the company's ability to invoke business continuity with distributed and automated backups.

This aspect of cloud-native security enables a huge reduction of costs to enable your business continuity planning, in addition to cloud-native security monitoring and management.

Earlier, I mentioned implementing and bringing in information from your cloud-native security platforms over to your technology stack. This is easy to implement and very manageable because of the variety of security measures written in it.

When you apply it to your technologies, you add a third, fourth, and fifth layer of visibility and protection in your environment. It offers data security, cloud security, and posture management, and builds its own security audits and checks in the background.

So, when you do have that audit that comes up, the cloud-native security provider or the application will automatically put the security audits in place. This allows you to make sure that you're logging and storing the correct information and maintaining your retention policy.

Related:Scattered Spider Suspect Nabbed for MGM Ransomware Attack

If you have a risk management framework on a shared responsibility model like I mentioned earlier, you have higher visibility and the control of applications in your cloud-native environment. You'll know who sees it, what's there, and how you can control it.

We also have compliance complications that don't have to worry about with cloud-native security. Threat detection and response, which is my favorite one, comes from a threat hunter, incident responder, and cybersecurity analyst.

When it is time to go on an active hunt, even though I'm at a director level and I'm praying to move up, I want to go in and look and see what I can find. What are other organizations seeing in the environment?

How can we use this to enhance our threat posture, modeling, and response? So, with cloud-native security, it enables everything from the top down, which are layers one through seven.

You have a holistic view of everything that's happening in your environment, and it spits it out nice. Now you don't have to worry about a ton of recursive analysis to get down to the meat and potatoes of what you're looking for.

The biggest threats to cybersecurity, information security, and information assurance are either a lack of talent, understanding, or someone who deployed it incorrectly because of their lack of knowledge.

That's the one small gray area. When you go to move up to a cloud native security model, you want to ensure that whoever is going to deploy and monitor this activity for you has expertise.

Watch the archived “Enhance Cloud Security with Cloud-Native Security” live webinar on-demand today.

About the Author

Brandon Taylor

Digital Editorial Program Manager

Brandon Taylor enables successful delivery of sponsored content programs across Enterprise IT media brands: Data Center Knowledge, InformationWeek, ITPro Today and Network Computing.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights