Security has become very important for cloud-native applications. This article elaborates on the cloud-native security principles and how to implement them.
Join the DZone community and get the full member experience. On the road to embracing DevOps, many IT organizations still depend on traditional security practices, policies, and tools that were not built to withstand the modern cloud-native approaches of scaling and complexity. With less attention paid to security, organizations fail to transform themselves in this rapidly-changing digital world. Recent surveys and researchers have found how important security has become in the software development lifecycle that was may have been ignored for years as the “security team’s problem.” The emergence of DevSecOps has helped organizations to shift security left, but is that enough? Organizations have barely started to understand the complexity and security threats associated with their cloud-native journey. It is highly recommended to use modern cloud-native best practices and tools to tackle vulnerabilities and threats found in the SDLC. Approximately ten years ago, the word cloud-native was coined by businesses like Netflix and Amazon. They leveraged modern cloud practices, tools, and technologies. For many companies, cloud-native means innovating, reinventing, transforming the way we do software development. Cloud-native software applications employ microservices deployed within lightweight containers that use low-overhead orchestration, runtime, and networking services. Cloud-native applications leverage cloud compute frameworks and infrastructures and encourage speeding time-to-market. These applications use modern cloud practices like immutable infrastructure, Infrastructure as Code (IaC), containers and container registries, service meshes, declarative, and APIs. Image source: DZone There are multiple steps a company can take to begin and progress on this journey. Cloud-native’s fundamental principles include scalable apps, resilient architectures, and the ability to make frequent changes. Three phases to mention in the journey. Phase I > Developer Focus > Container Adoption Phase II > DevOps Focus > Application Deployment Phase III > Business Focus (end-to-end)> Intelligent Operations Example of a modern cloud-native application stack Image source: The Linux Foundation Fundamentally at the lower layer, you will have your typical access aspects of it, the load balancers, either your network load balancers or application load balancers. Then you have a large number of subnets where you have deployed all your hosts, on top of which we can actually deploy either managed or self-hosted Kubernetes: The Kubernetes orchestrator for our container deployments. We also need storage, whether it’s databases or cloud storage. So once we have all these artifacts, we deploy our container orchestrators. One of the main avenues through which we can leverage and configure and deploy applications on the orchestrator is using the orchestrator API. The orchestrator exposes the API server and a very rich set of functionalities which the clients then leverage to perform various actions on the orchestrator.
