NC May-Jun 2022

More documents

Recommendations

Info

FEATURE: CLOUD THE FUTURE OF CLOUD-NATIVE IN A BRAVE NEW WORLD HOW CAN ORGANISATIONS AND THEIR DEVELOPERS CREATING CLOUD NATIVE SOLUTIONS ENSURE THE HIGHEST LEVELS OF SECURITY? EREZ YALON, VP OF SECURITY RESEARCH, CHECKMARX SHARES HIS THOUGHTS Over the last couple of years, the global workforce has experienced a seismic digital shift, forcing many organisations to turn to the cloud to maintain business continuity. According to one report the growth in cloud services has been accelerating, with forecasts that the cloud market could eventually be worth $1 trillion. Part of this shift has been the evolution of cloud-native. A modern approach to building and running applications, cloud-native has gone from a marketing term to a highly desirable and useful architecture choice. Yielding benefits around the design, building, and deployment of applications, it's easy to see why it's become the default approach for many organisations. Although convenient, cloud-native applications have intricate and layered attack surfaces which are widely misunderstood and thus under-secured. As a result, they have introduced a new series of challenges for application security (AppSec), proving that it is now imperative for organisations to learn how to effectively secure their interconnected, cloud-based solutions. With investment in digital technologies underpinned by cloud solutions set to increase, how can organisations and their developers creating cloud native solutions ensure the highest levels of security? 22 NETWORKcomputing MAY/JUNE 2022 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
FEATURE: CLOUD SECURING THE NEW HYBRID ECOSYSTEM We know that in today's modern software era, with the continued explosion of emerging technologies, digital transformation journeys, and the move to cloud-native, demands on developer teams to create secure code have increased. Here are three best practice steps to which developers should adhere to in order to effectively secure their interconnected, cloud-based solutions: 1. Testing code from the first line: No portion of a code base is inherently secure, and every line needs to be inspected from the beginning of development to ensure vulnerabilities are found and addressed. It is also important to remember that, when new features and functionalities are added to the application, the introduced code blocks must be given the same time and attention as all other pieces in the bigger software puzzle. 2. Ensuring each component is secure: It's vital to test everything, including third-party components and APIs, as it's common for vulnerabilities to lurk in their shadows. A 'trust and verify' approach is paramount - meaning organisations trust but make a concentrated effort to also verify and validate - third-party solutions and components before using them. As we continue to build applications from a diverse set of components, blindly trusting that third-party technologies are secure is a recipe for disaster. 3. Test the infrastructure as code (IaC): With the transition to the cloud came new challenges for software developers, namely the abundance of IaC. This is evidenced by our survey, which found that one in six developers aren't performing any security testing when building cloud-native applications, having a major impact on the security of their applications. Therefore, just as you take careful steps to testing and securing applications, the same must be done when it comes to IaC. COMMON PITFALLS WHICH HINDER PROGRESS Time and time again, we have seen examples of software full of exploitable vulnerabilities being released and subsequently abused by malicious actors. Moreover, new applications are being rushed to market every day, further expanding the attack surface at an unprecedented pace. There are a number of pitfalls which developers are falling for that are hindering their progress and allowing attackers easy access into their solutions. These include: 1. Not embedding application security testing (AST) early enough in the application development process: AST solutions do not replace security awareness and common sense but they do deploy a safety net and enable security to become an inherent part of development; however, developers frequently implement security solutions after development is completed. This perspective needs to change as it is cheaper and easier to fix security vulnerabilities earlier in the lifecycle. 2. Not understanding the nuances between traditional AppSec vs. cloudnative security: To properly secure cloud-native apps, these nuances must be understood. Generally, traditional AppSec is more contained; whereas with cloud-native, there are many more components and connections interacting and "speaking" to each other to make it all work. While this makes for more dynamic applications, it also creates an exponentially larger attack surface. Security teams and software developers are now tasked with learning to build applications in a completely new environment while evolving the way they test for security vulnerabilities. 3. Dispersed security responsibilities: The ownership of security has changed hands too. With dispersed code and responsibility for digital transformation projects sitting across multiple teams, comes dispersed security responsibilities. Now, developers, DevOps, and IT teams need to take on this responsibility together. This shared ownership may be complex, but it's necessary given how easy it is for security to be an afterthought. LOOKING AHEAD Cloud-native is the future. Undoubtedly, it is a central part of software development in the brave new world in which we find ourselves living. However, with the additional challenges it brings and the pace at which it's being implemented, organisations must consider the security practices needed to ensure that developers see security as a vital step in software development, rather than an added layer of complexity. With greater awareness of the challenges the new hybrid ecosystem brings, and by adopting the aforementioned best practices to overcome these obstacles, organisations can ensure their teams are utilising the full benefits of cloud native, while significantly lowering the risk. NC WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards MAY/JUNE 2022 NETWORKcomputing 23
Page 1: NETWORKcomputing I N F O R M A T I
Page 4: CONTENTS CONTENTS M A Y / J U N E 2
Page 7 and 8: INDUSTRY NEWS The Council, which ha
Page 9 and 10: PRODUCT REVIEW TREND Networks LanTE
Page 11 and 12: PLEASE VOTE NOW Many thanks to ever
Page 13 and 14: FEATURE: ZERO TRUST important facto
Page 15 and 16: FEATURE: ZERO TRUST A BETTER NETWOR
Page 17 and 18: PRODUCT REVIEW CloudCall - The CRM
Page 19 and 20: FEATURE: PUBLIC SECTOR IoT IoT: THE
Page 21: FEATURE: PUBLIC SECTOR IoT investme
Page 25 and 26: FEATURE: CLOUD So what's going on?
Page 27 and 28: PRODUCT REVIEW Progress WhatsUp Gol
Page 29 and 30: OPINION: CYBER RESILIENCE knowledge
Page 31 and 32: PRODUCT REVIEW Fluke Networks Fiber
Page 33 and 34: OPINION: DATA CENTRES but also allo
Page 36: SUPERMICRO Edge Building Blocks Acc

NC May-Jun 2022

Create successful ePaper yourself

Delete template?

Save as template?