Every year, the World Economic Forum, the same organization that assembles world leaders and business leaders in Davos, hand-picks a few dozen companies from all walks of technology (cleantech, medical, mobility, etc.) as Technology Pioneers. This year we are very proud to have been selected as one of only a handful of companies in the cybersecurity category.
In our daily work with customers, partners, and colleagues, we don't dwell much on the big picture. In the Aqua hallways and on conference calls it's more likely you'd hear us talk about a Kubernetes admission controller and its potential use to prevent a specific attack vector, or how a certain customer uses Atomic Registry and is considering switching to Quay. But we never lose sight of the big picture, and, apparently, neither do the people in Davos.
The Big Picture #1: Cloud Native is a BIG Change
Cloud native is the next big change in enterprise computing. If at first we had mainframes, then client-server, then PCs, then the Internet, virtual machines, and the cloud – now we are witnessing another revolution in IT whose impact will be no less than profound. The technologies and methods that enabled Internet giants such as Amazon, Google, and Facebook to grow to mammoth proportions are now being standardized, packaged, and made available to run enterprise applications. Every enterprise, from car manufacturers to insurance companies to movie studios, is now a software company. Agility and scalability are the name of the game.
Cloud native is a fundamental shift because it accelerates software development and delivery by an order of magnitude, sometimes by a lot more. The combination of microservices, DevOps, and cloud portability means that code is updated and shipped a LOT faster, can scale almost infinitely, and must be created in a way that would allow it to run anywhere, with no hard-coding to an OS or network context.
The bottom line from a business perspective is that organizations can become software fiends, digitally transforming their business, emulating the agility and efficiency of Internet giants, applied to achieve their business goals.
The Big Picture #2: Security Moves Inside the Application
What does this shift mean for security? It is quite clear that many of the tools and methods used in enterprise IT today, will no longer be effective, or relevant, or will simply be impossible to implement.
Think you can stop and pen-test every piece of code flowing into your cloud applications? Think again: You can’t do that when that code is updated 1,000 times a day.
Think you can continue to apply the same host-based and network security tools? Think again: Applications are no longer tied to hosts, and you can no longer predict where they'll be running. Networking is also moving into the application, and based on microservices instead of host-based locations. So you can no longer rely on host-based IPS or VM-based firewalls to secure those workloads.
Arjuna Rivera, the i2 Labs Lead at aerospace and defense giant Lockheed Martin said at his recent talk at the Docker Government Summit “…If you think your traditional security services and performance monitoring services are going to work right out of the box in this type of architecture, you know it’s wrong. They didn’t get it. Luckily, through the discovery development process, we were able to educate and show that when we look at modernizing this type of infrastructure and platforms, we also need to modernize our security tools…. A Major change in thinking, as well as in our culture.”
All this is happening while the cybersecurity world is increasingly suffering from a "needle in a haystack" fatigue. Inordinate efforts and funds are invested in identifying threats, trying to guess where the next vulnerability or malware will come from, while we keep reading of ever-growing breaches, ransomware attacks, and zero-day vulnerabilities that have remained undiscovered since (almost) the birth of Linux.
Cloud native applications, broken down into their microservices components, promise to change that.
With simpler, more predictable components, we can adopt a whitelisting approach that creates "zero trust" environments where we are no longer looking for the attacker, and we may not even care what attack vector they would use. Instead we look at the application behavior, detecting and preventing activities that don't match the expected "good behavior". It's an infinitely more effective (and less expensive) approach to protect against the next unknown threat.
Reimagining Security
Cloud native means we can, and must, reimagine security into something that is automated, keeping up with the speed of code delivery, and embedding itself into the application in a way that would provide the same level of security no matter where that application runs.
This, in a nutshell and without getting too technical, is what the WEF panel of experts thought was worthy of recognition and exposure to their audience of world business leaders.
