Why Zero Trust Needs To Cover More Than The Network
There is a new software development paradigm, and it’s called cloud-native, the recently emerged way to develop applications leveraging containers and microservice architectures, among others. Before you waive cloud-native as just the latest from cloud-born companies like Amazon and Google, consider this: 92% of companies anticipate going cloud-native by 2021 .
Cloud-native enables software development to move at breakneck speed, as evidenced by Amazon, which is documented to release new code every 11.7 seconds; Etsy, which releases to production 50 times per day; and Netflix, which pushes software updates live multiple times per day.
Enterprises building cloud-native applications are embracing technologies and platforms that support accelerated and agile development, as well as fast, continuous delivery to production. DevOps, being at the forefront of this evolution, drives these systems to meet the responsiveness and scalability demands required in today’s always-on software market.
While this innovation velocity is being celebrated, security remains a top concern. The inherent risks for cloud-native application platforms such as Kubernetes and Istio are growing, increasingly turning them into targets for sophisticated hackers hunting for application weaknesses and infrastructure holes. These security concerns are well-founded — the average total cost of security breaches in 2018 ranged from $2.2 million for smaller-scale breaches to $6.9 million for slightly larger incidents (more than 50,000 compromised records).
The Rise Of The Zero Trust Movement For Cloud-Native Security
In response to the ever-elusive security in cloud-native (and hybrid) environments, one approach, called Zero Trust, has been gaining momentum. Initially coined by former Forrester analyst John Kindervag in 2010 and popularized by Google’s BeyondCorp, Zero Trust aims to put a stop to the breach madness by assuming that no asset, user or resource can be trusted no matter where they sit (inside or outside of the firewall).
Initially applied to the network, Zero Trust now needs to be extended to all aspects of cloud-native development and production to achieve its intended goal: Stop attacks before they can have detrimental consequences for your application availability, the protection of your data and, ultimately, your business.