When Architecting a Cloud-Native App, Think about End-to-End Security
- In a cloud-native environment, you can patch a container image and then with the click of a button, automatically test it and immediately spin up hundreds of new instances.
- Building end-to-end security requires looking into the containerized microservices with security in mind, and asking how data is being secured throughout the process and life cycle.
“The only thing you can control is your code. If you have solid security architecture and proactively test the code with your security test cases, that will give you an edge.”
Nuwan Bandara, director of solutions architecture at WSO2, notes that when securing cloud-native applications, one must think differently about implementing security. “When you talk about cloud-native security, it’s not enough to only talk about applying security to cloud-native infrastructure,” he says. Cloud platforms already comes with built-in tools for securing the network and the underline infrastructure. “They provide secure proxies, load balancers, firewalls and VPC/CPNs. But what you have to really think about is application level security,” says Bandara.