First-ever CloudNativeSecurityCon offers insights into ongoing challenge of protecting vital architectures

After two full days of keynote shows and monitor classes, CloudNativeSecurityCon is formally within the books.

The first-ever event in Seattle represented a little bit of a big gamble by the Cloud Native Computing Basis that it might draw an viewers for devoted classes on safety subjects that had beforehand been wrapped into KubeCon + CloudNativeCon NA through the fall. The gambit appeared to work, in response to theCUBE analysts.

“This occasion was completed very fastidiously and methodically by the CNCF,” mentioned John Furrier (pictured, left), trade analyst for theCUBE, SiliconANGLE Media livestreaming studio. “They didn’t need to overplay their hand relative to breaking out from KubeCon. Folks have been enthusiastic and assured that this has the flexibility to face by itself.”

Furrier spoke with theCUBE trade analyst Lisa Martin (pictured, proper) at CloudNativeSecurityCon, through the present wrap phase in an unique broadcast on theCUBE. They mentioned key insights discovered from two days of protection.

Offense vs. protection

One of many insights from the occasion was that the safety neighborhood has come to comprehend it should focus extra closely on resolving vulnerabilities sooner whereas taking a proactive strategy towards thwarting breaches.

“Hackers are enjoying offense, and the trade is enjoying protection,” Furrier mentioned. “That has to alter. There are much more safety issues nonetheless unresolved, and the emphasis on developer productiveness is in danger right here.”

With cloud-native rising as a driving force in enterprise IT, the necessity to shield essential components of cloud-native platforms is increasing as nicely. Hackers learn the information, and malicious actors are totally conscious of rising cloud-native adoption the place exploits of the software program provide chain and ransomware assaults can notice vital monetary achieve. Can the cloud-native neighborhood pivot towards a mannequin that can disrupt the disruptors?

“This can be a difficult factor as a result of it’s so profitable for hackers,” Martin mentioned. “Having a devoted concentrate on cloud-native safety at this convention is extremely essential. It appears from what we’ve heard within the final couple of days, it is a neighborhood with the correct focus to have the ability to make that pivot.”

Finish-user affect

As a spin-off from KubeCon, the safety gathering in Seattle this month stands to learn from the identical traits that propelled Kubernetes and different cloud-native applied sciences to the enterprise forefront. This can possible end in a higher function for finish customers, in response to Furrier.

“Finish-user participation actually drove the start of Kubernetes,” Furrier mentioned. “You may have a whole lot of use circumstances on the market the place prospects are leaning in, rolling up their sleeves and dealing with open supply. This must be the driving force, so I’m anticipating to see the following degree of CloudNativeSecurityCon to be end-user centered.”

One perception from the convention centered across the Safety Operations Middle, or SOC. Whereas SOCs stay an essential factor in sustaining risk visibility and a functionality to reply shortly to assaults, the analysts expressed shock that SOCs weren’t all the time a given in lots of organizations.

“It’s a fairly excessive proportion of organizations that both don’t have an SOC or have a really primitive SOC,” Martin mentioned. “This type of stunned me. Nowadays, the dangers are there.”

Amid a rising risk panorama, the necessity to take a contemporary take a look at safety practices and generate modern new approaches has turn into extra essential and well timed. The cloud-native neighborhood might present what quantities to a reboot of the safety paradigm.

“If automation and scale proceed to occur, and with the enterprise mannequin of hackers nonetheless booming, safety must be refactored shortly,” Furrier mentioned. “There’s going to be a chance structurally to make use of the cloud to make that occur. There’s a ‘do-over’ alternative for the safety trade with cloud-native driving that.”

Right here’s the entire video dialogue, a part of SiliconANGLE’s and theCUBE’s protection of CloudNativeSecurityCon:

Photograph: SiliconANGLE