Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Microservices Architecture Patterns: Working Together to Secure the Cloud
Published: 12/27/2021

Written by the CSA Application Containers and Microservices Working GroupThe secure development of microservices relies on architecture patterns. In the following blog, review these microservices architecture patterns and note how many are able to work together to form a secure cloud system. The ...

The Complete Guide of Kubernetes Role-Based Access Control (RBAC)
Published: 12/02/2021

This blog was originally published by ARMO here. Written by Amir Kaushansky, ARMO. What Is Kubernetes RBAC? First, let’s recap quickly what RBAC is in the context of a Kubernetes cluster. RBAC determines whether a certain entity (whether a user or a pod already running inside the cluster) is allo...

What is a Cloud-Native Application Protection Platform (CNAPP)?
Published: 10/25/2021

This blog was originally published by Wiz here. Written by Josh Dreyfuss, Wiz. The security space is rife with acronyms and it can be difficult to keep track of everything. There is a new acronym emerging, however, that is worth diving into: CNAPP. CNAPP, or Cloud-Native Application Protection Pl...

How Security Changes With Cloud Networking
Published: 09/08/2021

Common on-premises network practices work differently for the cloud user and provider due to the lack of direct management of the underlying physical network. The most commonly used network security patterns rely on control of the physical communication paths and insertion of security appliances....

Kubernetes 1.22 – What’s new?
Published: 09/06/2021

This blog was originally published by Sysdig here. Written by Víctor Jiménez Cerrada, Sysdig. Kubernetes 1.22 was released in early August, and it comes packed with novelties! Where do we begin? This release brings 56 enhancements, an increase from 50 in Kubernetes 1.21 and 43 in Kubernet...

The Microservices Architecture Pattern: Expanding Security Assurance Ideas in Containers and Microservices
Published: 09/02/2021

After 137 rolling discussions on Circle and growing a library of input material to 42 unique documents, 2 co-chairs and 343 Application Containers and Microservices (ACM) working group members spanning 5 continents created a third installment further expanding the ideas of CSA security assurance ...

Five Recommendations for Securing Cloud Containers
Published: 08/19/2021

Written by the members of the Security Guidance Working Group. This blog came from Domain 8 of the CSA Security Guidance for Cloud Computing v4.Understanding the impacts of virtualization on security is fundamental to properly architecting and implementing cloud security. In this blog, we will be...

Secure Containers and Microservices Series
Published: 08/18/2021
Author: Megan Theimer

Last updated: September 1, 2021CSA Application Containers and Microservices Working Group’s Secure Containers and Microservices SeriesApplication containers and a microservices architecture, as defined in NIST SP 800-180, are being used to design, develop and deploy applications leveraging agile ...

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass
Published: 06/22/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, SysdigThe CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates.The kube-apiserver affected are:kube-a...

Application Container Security: Risks and Countermeasures
Published: 05/05/2021

Written by Suria VenkataramanVirtualizations enable isolated, virtualized views of the operating systems (OS) to each application. Today’s OS virtualization technologies are primarily focused on providing a portable, reusable, and automatable way to package and run applications as containers-base...

How to Secure Cloud Non-Native Workloads
Published: 04/26/2021

This blog was originally published by Intezer here.Not All Applications are Cloud-NativeCompanies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional applications are simply “lifted and shifted” to the cloud as a first step in the cloud transformat...

Cloud-Native Security 101
Published: 04/19/2021

This blog was originally published by Intezer.The arrival of the cloud has changed the application development process. Agile cloud-native applications have replaced traditional monolithic application architectures, and components are no longer bundled into a single server. This transformation ha...

Do You Really Need Kubernetes?
Published: 03/10/2021

This article was originally published on Intezer's blog. Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing built-in solutions to common problems. Although Kubernetes can be a solution f...

Tokenization vs. Encryption: Which is Better for Your Business?
Published: 01/06/2021

Written by TokenExFinding the right security technology for your company's data can be difficult. There are myriad options and a lot of industry terms and jargon thrown around without much reliable information with which to make a smart business decision. To assist with this process, we're going ...

Are Containers More Secure Than VMs?
Published: 12/11/2020

Contributed by IntezerStop and think for a moment. How many virtual machines (VMs) do you have running in your production cloud environment? How many containers? Can you easily formulate the percentage split for your workload mix? 50/50? 80/20?Here’s a better question: How secure do you think you...

Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
Published: 09/28/2020

By Nicole Fishbein, Malware Analyst and Reverse Engineer at IntezerTeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using several tools including crypto-miners and Amazon Web Services (AWS) credential...

The Service Mesh Wars: Why Istio might not be favorite after all
Published: 09/03/2020

By Gadi Naor, CTO and Co-Founder, AlcideThese days, more organizations are shifting to cloud-native applications, which are designed to run in the cloud and take advantage of the cloud’s dynamic, scalable and readily-available nature. Typically, cloud-native application architectures are made up ...

3 Technical Benefits of Service Mesh, and Security Best Practices
Published: 11/04/2019

By Ran Ilany, co-founder and CEO for PortshiftOrganizations that implement containers often ask about using a service mesh layer. While this isn’t obligatory by any means, there are many benefits to running a service mesh that makes it the sensible choice for organizations seeking security, effic...

Challenges & Best Practices in Securing Application Containers and Microservices
Published: 08/08/2019

By Anil Karmel, Co-Chair, CSA Application Containers and Microservices (ACM) Working GroupApplication Containers have a long and storied history, dating back to the early 1960s with virtualization on mainframes up to the 2000s with the release of Solaris and Linux Containers (LXC). The rise of Do...

Better Vulnerability Management: How to Master Container Security in Three Steps
Published: 03/21/2019

By Nate Dyer, Product Marketing Director, TenableApplication containers like Docker have exploded in popularity among IT and development teams across the world. Since its inception in 2013, Docker software has been downloaded 80 billion times and more than 3.5 million applications have been “dock...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.