IDG Contributor Network: Security in a cloud-native environment


In a time where services and their consumers are ubiquitous, security risks to enterprise systems and data are exploding. Security offerings from cloud service providers are promising but still traditional in nature and sometimes soft targets for security attacks.

While enterprise CIOs expect applications, infrastructures, and critical data to shift from behind the firewall to running in the cloud, system architects and designers find themselves juggling between custom security implantation and cloud providers’ offerings.

How strongly do you feel about internet traffic be safe from eavesdropping? Does the third-party fiber optic provider guarantee an intrusion-free pipe? Those are some interesting questions for CIOs, and most of the time the answer is not as expected. But organizations can boost their security systems to make it more and more difficult, expensive and time-consuming for hackers to infiltrate.

While there are many enterprise firewall and VPN appliance options available for data center or cloud environments, it is important that security features including access controls, authentication and authorizations are built into application layer rather than relying solely on network security. Application-level security implementation makes access control scalable, portable, and immutable. Access is governed based on real identity of an app or service or microservice rather than on human provisioning.