Chapter 3. Securing the Entire Cloud Native App
Alongside DevOps, which drove the need for the dev-first security approach just discussed, we’ve seen the evolution of the cloud and the era of cloud native applications. As I mentioned in Chapter 1, cloud native apps have a broader scope than their predecessors, growing to include more elements of the underlying stack.
This change in application scope requires a change in the scope of application security too. This chapter discusses a new and expanded scope for AppSec called Cloud Native Application Security (CNAS).
Before we dig into the details, let’s take a moment to understand this transition and what the new scope holds.
From IT Security to Cloud Security
Before the cloud, applications were typically made up of code and libraries and ran on a large central stack managed by the IT department. If a developer wanted a server to run the app or needed a port opened, they opened a ticket with their justification, and IT processed the request. Even after the resource was supplied, the responsibility for ongoing patching of this server or monitoring the opened ports sat with IT, who would reach back to dev only if necessary.
Most of the IT/ops and security industry focused on this reality. IT teams are, by and large, quite security minded and would balance an incoming functional request with their responsibility to keep the data center secure. To serve these teams’ needs, a rich set of solutions came to be, helping them manage and ...
Get Cloud Native Application Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
