Developers Need to Learn More about Security
- The fact that the application is containerized is a huge security improvement over conventional apps. It’s very unlikely to get privilege escalations within the container, if the underlying infrastructure is well designed.
- A lot of security testing can be automated in cloud-native app development, but developers need to learn more about security, and security people still need to be involved.
“One major change is that cloud native pushes everyone into a microservices mentality, and microservices are a way of segregating permissions.”
As a cloud-infrastructure architect, Marcelo Grebois sees many security advantages in developing and deploying cloud-native applications. He also emphasizes that even if you need to look at security in new ways, the fundamentals of data security remain the same. “You have to do authentication, authorization, and accounting,” Grebois says. “You have to segregate permissions, and scan everything that is going to production, and disable everything that you are not using to reduce attack surface area. All this is the same as it has been since the beginning of time in IT. What’s new in cloud-native applications is that the measures taken to ensure these good practices are ubiquitous. It’s much easier to embrace security best practices now with cloud-native applications.”