{"id":3157,"date":"2018-11-12T12:06:49","date_gmt":"2018-11-12T17:06:49","guid":{"rendered":"https:\/\/solutionsreview.com\/cloud-platforms\/?p=3157"},"modified":"2018-11-12T12:08:39","modified_gmt":"2018-11-12T17:08:39","slug":"cloud-native-security-threats","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/","title":{"rendered":"The Top Cloud Native Security Threats to Manage in 2019"},"content":{"rendered":"<p style=\"text-align: justify\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3158\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats.jpg\" alt=\"cloud native security threats\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats.jpg 800w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats-300x150.jpg 300w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats-768x384.jpg 768w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats-540x270.jpg 540w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats-162x81.jpg 162w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>Cloud native security threats have changed in the past few years with new technologies and cyber criminal motivations.\u00a0The vast potential of the cloud has made computational power difficult to manage from a cybersecurity perspective.\u00a0 For example, cloud native applications and environments introduce a variety of new threats requiring a different approach. Many enterprises in 2018 dealt with cryptocurrency mining attacks and more.<\/p>\n<p style=\"text-align: justify\">To get a solution provider&#8217;s perspective on these issues, we spoke with a variety of experts at Twistlock. Twistlock offers container and cloud native application cybersecurity. Be sure to check out the other two articles in our chat with Twistlock, <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/development-security-practices\/\">here <\/a>and <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/serverless-computing-container-development\/\">here<\/a>.<\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"msp-speedbump\" title=\"Download link to Managed Service Providers Buyers Guide\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/managed-service-provider-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/07\/Managed-Service-Providers-Speedbump-1.jpg\" alt=\"Download Link to Managed Service Providers Buyers Guide\" width=\"771\" height=\"170\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<h4 style=\"text-align: justify\"><strong>What are the most common pain points this year regarding securing and deploying applications in the cloud?<\/strong><\/h4>\n<h5 style=\"text-align: justify\"><strong>John Morello, CTO\u00a0<\/strong><\/h5>\n<p style=\"text-align: justify\">Cloud sprawl is real and getting worse as more and more cloud services are introduced.\u00a0 Just as with server sprawl and VM sprawl before it, the challenge with cloud sprawl is governance and knowing what you actually have running as you can\u2019t secure what you don\u2019t know about.\u00a0 Cloud providers make it so easy and seamless to create new services that it\u2019s easy to experiment, move on, and then forget that you\u2019ve deployed a database or app exposed to the world.\u00a0 Organizations should stress operational discipline like using automation for all deployments. This way, there\u2019s clear boundaries, a defined process, and a basic record of the services they\u2019re using.<\/p>\n<h4 style=\"text-align: justify\"><strong>The Equifax data breach was part of the larger security discussion in 2017 and into 2018. How have security teams adapted and do your customers think differently about security following the hack? What changes have occurred this year?\u00a0<\/strong><\/h4>\n<h5 style=\"text-align: justify\"><strong>John Morello, CTO<\/strong><\/h5>\n<p style=\"text-align: justify\">Equifax was a good example of what I often talk to customers about. Most attacks do not involve awe-inspiring skill and 0-day exploits. Since so many well known CVEs exist, organizations fall behind the curve in fixing them. Thus, they\u2019re often the path of least resistance.\u00a0 Similarly, there\u2019s little value in finding the best firewalls and runtime technologies if you ignore the basics and just keep software up to date.\u00a0 The trend of having security embedded earlier in the development process helps with this. But, as an industry, we need to move from a visibility to an enforcement model.\u00a0 Specifically, to ensure vulnerable components can\u2019t be deployed in the first place and to integrate security tooling into the CI\/CD flows to do that automatically, as part of every deployment.<\/p>\n<h5 style=\"text-align: justify\"><strong>Ben Bernstein, CEO<\/strong><\/h5>\n<p style=\"text-align: justify\">The Equifax hack demonstrated how easy it is to hack into organizations who don\u2019t update their software regularly. I believe, that this became a very common datapoint SecOps use to explain why it can\u2019t just be \u201cDevOps\u201d and there needs to be a \u201cDevSecOps\u201d element in the environment.<\/p>\n<h4 style=\"text-align: justify\"><strong>2018 saw cryptomining surpass ransomware as the most popular cybersecurity threat. Anti-mining defenses should be an integral part of any cloud security plan. What can we expect from miners in cloud native environments in the coming year? Is it here to stay in the enterprise? What strategies will be most important?<\/strong><\/h4>\n<h5 style=\"text-align: justify\"><strong>Dima Stopel, VP of R&amp;D and Co-founder of Twistlock<\/strong><\/h5>\n<p style=\"text-align: justify\">Considering the value of major cryptocurrencies, I believe we will continue seeing the trend of using any possible resource to generate crypto coins. It shouldn&#8217;t be covered as part of a general defense mechanism. Major security providers should treat cryptocurrency related attacks as a first class citizen. For example, it is easy to masquerade a crypto mining software to be hard to differentiate from regular software so that it isn&#8217;t detectable by regular security tools. One must develop a specific set of tools to detect such behavior.<\/p>\n<p style=\"text-align: justify\">We&#8217;ve invested in this at Twistlock. Enterprises become notable targets due to environments with high computational potential. These environments often become exposed to the internet because of proprietary applications. In such cases, one must run crypto-threat aware detection and protection tools within the environment to make sure no one exploits company\u2019s computational resources for crypto mining.<\/p>\n<h4 style=\"text-align: justify\"><strong>Where do you see the future of cybersecurity studies\/education heading? What would be a more modern approach to leveling up cybersecurity skill sets?<\/strong><\/h4>\n<h5 style=\"text-align: justify\"><strong>John Morello, CTO\u00a0<\/strong><\/h5>\n<p style=\"text-align: justify\">Cybersecurity education today typically teaches in isolation, as though a separate discipline from IT itself.\u00a0 It\u2019s impossible to secure systems you don\u2019t understand and the focus on scan and attack tools and techniques as the center of many cyber education programs misses the market.\u00a0 In today\u2019s digital world, to be an effective cyber practitioner, you must first be an effective IT practitioner and then layer security skills and analysis on top.<\/p>\n<p style=\"text-align: justify\">Further, you must have a core understanding of risk management concepts. Then, you can connect with business leaders who view cyber as a set of risks to be mitigated or accepted.\u00a0 It\u2019s relatively easy to find someone who can port scan a network. However, finding someone who understands and interprets the results proves difficult.\u00a0 They also must articulate this information to an executive and help them understand their exposure and how to prioritize it.<\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"msp-speedbump\" title=\"Download link to Managed Service Providers Buyers Guide\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/managed-service-provider-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/07\/Managed-Service-Providers-Speedbump-1.jpg\" alt=\"Download Link to Managed Service Providers Buyers Guide\" width=\"771\" height=\"170\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cloud native security threats have changed in the past few years with new technologies and cyber criminal motivations.\u00a0The vast potential of the cloud has made computational power difficult to manage from a cybersecurity perspective.\u00a0 For example, cloud native applications and environments introduce a variety of new threats requiring a different approach. Many enterprises in 2018 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3158,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[2],"tags":[677,115,900,248,215],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Top Cloud Native Security Threats to Manage in 2019<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Doug Atkinson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/\",\"name\":\"The Top Cloud Native Security Threats to Manage in 2019\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats.jpg\",\"datePublished\":\"2018-11-12T17:06:49+00:00\",\"dateModified\":\"2018-11-12T17:08:39+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\"},\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats.jpg\",\"width\":800,\"height\":400,\"caption\":\"cloud native security threats\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Top Cloud Native Security Threats to Manage in 2019\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\",\"name\":\"Cloud Platforms &amp; Infrastructure Services | Solutions Review\",\"description\":\"Evaluating Hyperscale Cloud Providers, Hybrid IaaS, PaaS &amp; Cloud Management Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\",\"name\":\"Doug Atkinson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g\",\"caption\":\"Doug Atkinson\"},\"description\":\"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.\",\"sameAs\":[\"https:\/\/solutionsreview.com\"],\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/author\/doug-atkinson-4\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Top Cloud Native Security Threats to Manage in 2019","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/","twitter_misc":{"Written by":"Doug Atkinson","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/","url":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/","name":"The Top Cloud Native Security Threats to Manage in 2019","isPartOf":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats.jpg","datePublished":"2018-11-12T17:06:49+00:00","dateModified":"2018-11-12T17:08:39+00:00","author":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae"},"breadcrumb":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#primaryimage","url":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats.jpg","contentUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/11\/cloud-native-security-threats.jpg","width":800,"height":400,"caption":"cloud native security threats"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/cloud-native-security-threats\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/cloud-platforms\/"},{"@type":"ListItem","position":2,"name":"The Top Cloud Native Security Threats to Manage in 2019"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website","url":"https:\/\/solutionsreview.com\/cloud-platforms\/","name":"Cloud Platforms &amp; Infrastructure Services | Solutions Review","description":"Evaluating Hyperscale Cloud Providers, Hybrid IaaS, PaaS &amp; Cloud Management Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae","name":"Doug Atkinson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g","caption":"Doug Atkinson"},"description":"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.","sameAs":["https:\/\/solutionsreview.com"],"url":"https:\/\/solutionsreview.com\/cloud-platforms\/author\/doug-atkinson-4\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/3157"}],"collection":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/comments?post=3157"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/3157\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media\/3158"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media?parent=3157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/categories?post=3157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/tags?post=3157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}