Today’s enterprises have more compute options than ever before across the cloud native continuum. This continuum, spanning VMs, containers, managed Kubernetes, PaaS and serverless, provides users trade-offs and advantages when it comes to building and running their modern workloads and applications.
Recently, Enterprise Strategy Group conducted a survey titled “Leveraging DevSecOps to Secure Cloud Native Applications.” This research, covers the latest adoption numbers, trends and security concerns across all of the categories in the cloud native continuum—with insights into how organizations are successfully building and securing these technologies.
Join ESG, Senior Analyst and Group Practice Director Doug Cahill and Palo Alto Networks VP of Product John Morello to unpack the latest survey findings and discuss how security plays a vital role in securing cloud native applications.
25. Software is eating the world
Every org is becoming a software org
Software orgs need modern tools
DevOps, containers, and cloud native are those tools
The world is dangerous
‘Democratization’ of sophisticated attacks
Security teams and SOCs overloaded
Your own software is the softest target
26. Think about your cloud native infrastructure… it’s
abstraction on top of abstraction, especially from a
networking standpoint
Everything is ephemeral and everything is constantly
changing — many more entities to secure
Security is largely in the hands of the developer
Security needs to be as portable as the applications
Cloud Native Makes It Harder...
27. The nature of cloud native applications allows for
a new approach to security
Apply machine learning to understand actual
runtime behavior
Build models of what applications should do to
detect and prevent what they shouldn’t
…But Also Easier
28. Defining the Cloud Native Continuum
Isolation
Compatibility
Control
Density
Agility
Simplicity
29. Virtual Machines
• Greatest levels of isolation, compatibility and
control
• Full control of the OS, full control of the
platform
• Can be operated in stateful or stateless
fashion
• Suitable (but not always optimized) for any
type of workload
30. Containers
• Increased agility, with decreased control
• User still responsible for underlying
infrastructure - but you lose the OS control of
VMs
• Can be complex due to broad configurability
• Control can be shared between Developers
and traditional operations
31. Containers-as-a-Service
• Less control than containers with roll-your-
own orchestration, but simpler to operate
• More platform lock-in vs. containers or VMs
• CaaS bundles runtime, management and
orchestration - along with small levels of host
control
• Developer led infrastructure
32. Serverless
• The simplest, most agile technology on the
continuum
• No control (or often visibility) into the
underlying host environment
• Devs just build - push functions to the
platform
• Optimized for on-demand, highly scalable
tasks
33. Enabling Better Defense
The nature of cloud native technologies
allows for a new approach to security
Machine learning and automation take
manual configuration out of the picture
Whitelist what applications should do to
detect and prevent what they shouldn’t
33
34. New World Security
Shift security left – modeling integrated
into CI/CD
Policy custom tailored for each
application, each build
Security that automatically scales with the
environment
34
35. In Conclusion
• The cloud-first lens: Broad adoption of cloud services has created a cloud
security readiness gap, imperative to retool
• The cloud-native lens: The rise of microservices is adding complexity
and heterogeneity
• The DevSecOps lens: A secure DevOps program starts with a cultural shift to
treating security a as team sport en route to a full lifecycle approach
• The security-as-code lens: Scaling across projects requires repeatability
36. Get Started
Take a test
drive
Prisma Cloud
30-day Free Trial
https://marketplace.paloaltonetworks.com/s/product-rdl