Seven Cloud Native Security Trends to Watch in 2021
Cloud native security is a vibrant, fast-moving space. As enterprises across industries continue to accelerate digital initiatives with cloud native tools, security is becoming more critical than ever, and new trends are bound to emerge. To keep you ahead of the curve, here are the top seven developing trends that will shape cloud native security in 2021.
More sophisticated attacks
Concerted and targeted efforts to exploit Kubernetes will go above and beyond what we have seen to date. Toward the end of 2020, we began to see attacks that specifically targeted configuration weaknesses in Kubernetes clusters, such as vulnerabilities in the API server, pods, kubelet API, Docker API, and Docker.sock.
This year, as the use of Kubernetes becomes ever more widespread, we expect to see more sophisticated attacks that use more advanced tools such as rootkits and malware, rather than just taking advantage of configuration mistakes. In 2021, it will be more important than ever to keep developing effective security practices as attackers continue to up their game.
High risk of supply chain attacks
Developers often use public libraries or third party base images to help them develop faster. But attackers have been found to embed their own malicious code into these freely available resources, oftentimes posing as popular projects. The risk that one of those third-party components is infected by a hidden backdoor or invasive malware will continue to rise in 2021.
Solutions like Aqua’s Dynamic Threat Analysis allow protection against these kinds of threats, running images in a sandbox to inspect runtime behavior before production.
Widespread adoption of eBPF
Look for eBPF to become the standard basis for cloud native security monitoring. eBPF is a technology that makes the Linux kernel programmable, so you can run fast, customizable instrumentation and checks within the kernel itself.
Aqua’s open-source Tracee project uses eBPF to detect system events, and sequences of events, that signify that a workload is behaving in an unexpected — and possibly malicious — way.
Adaptation to multi-cloud strategies
Cloud platform providers will continue to adapt to a world in which multi-cloud strategies are becoming increasingly popular for a variety of security and cost reasons.
Cloud providers are trying to differentiate themselves in terms of specialty services, regional availability, and price. This means that each cloud is very much its own world, with a lot of differentiation across such things as the management console, scripting languages, APIs, command line syntax and even terminology. So although multi-cloud is a strong force, dealing with multiple providers comes at a cost.
Recognizing that IT personnel know more about cloud management than standalone computing, cloud providers are adapting by giving up a portion of the compute revenue to keep customers from leaving altogether. Services such as AWS Outposts, Azure Stack and Google Anthos are designed to give customers more choice in where to run their infrastructure, as long as it’s managed by the cloud provider, which bills for use of the platform.
Focused platform teams
Teams that are fully focused on an enterprise’s cloud native platform strategy will become more common. Because of the complexity of attacks against cloud native environments, these platform teams will comprise experienced practitioners under the CISO or SOC.
The establishment of platform teams will create an environment in which developers can devote their attention to the core business-app logic that drives a company’s unique value proposition. App developers won’t need as much knowledge of the underlying Kubernetes platform and might not even need to write YAML.
A move away from ‘lift and shift’
2021 will see cloud architects move away from “lift and shift” in favor of modern application development that can take advantage of the many options that cloud has to offer.
Lift and shift practice — taking an application directly from the server it was running on, copying it into an image, and running it in a container — was meant to achieve the benefits of a cloud native application without rewriting the application.
Architects today have a menu of options to run the right application component in the right service. Now, containers are just one of several cloud native options, along with serverless functions and VMs managed using DevOps tools. Heavy duty core processing might stay in a headless VM, and other modules will go into containers or even functions.
Increased pace of investment and acquisitions
More and more companies are using cloud native methodologies for business-critical applications, while others are just getting started or thinking about it. This makes cloud native security providers and open-source security technologies obvious targets for investments and acquisitions.
"For 2021, choose your cloud native security partner wisely, be prepared for some level of uncertainty, and take the time necessary for your teams to separate best practice from hype along the way."
In a space characterized by early adopters, fast-moving trends and evolving security challenges, expect to encounter a certain level of “noise” in the market. Enterprises should take the time to separate best practices from hype, choose their cloud native security partners with care, and be prepared for some level of uncertainty.
The only constants in the cloud native security landscape are going to be continued change and evolving roles as more application development teams move in the direction of speed and agility. Security for these applications is bound to change at the same pace. Stay on top of these upcoming trends and more by subscribing to our blog and newsletter.