Alongside the growth in cloud services use, the industry has given rise to the term cloud native. Unfortunately, it's often ambiguous as to what cloud native means and how it applies to security controls and best practices.
No current industry standard definition for cloud native exists that encompasses all use cases and cloud services. It's generally meant to indicate software objects, controls and capabilities offered as a service delivered by a cloud provider and not on premises.
The drivers of cloud-native security
There are several security challenges driving organizations to use cloud-native security services and controls. First, some security tools and products haven't been adapted to cloud environments or haven't been ported adequately. This can be a major driver of cloud-native security adoption, especially when companies must meet compliance and regulation requirements.
Another driver to use cloud-native services is depth of integration with a cloud provider's fabric. For services and tools that require a significant effort to set up, enabling a cloud-native security platform that is already integrated is worth considering. Additional reasons to use cloud-native services include enhanced or unique capabilities that are difficult or impossible to come by elsewhere, and reduced costs versus third-party tools from vendors with expensive licensing models.
When not to use cloud-native security
Cloud-native security tools and services don't make sense in some scenarios, however. First, many types of cloud-native security controls and services offered by cloud providers aren't considered best-in-class offerings. The AWS Inspector vulnerability scanner, for example, offers minimal configuration and far fewer in-depth vulnerability checks compared to leading scanning engines from third-party providers.
Second, cloud-native tools increase vendor lock-in, which can significantly inhibit a centralized and streamlined security operations function for multi-cloud deployments. AWS Security Hub, for example, doesn't apply to Microsoft Azure or Google Cloud Platform, and Azure Security Center doesn't apply to GCP or AWS.
Cloud-native security tools and use cases
Numerous categories of cloud-native security can enhance or improve security programs and capabilities. For most organizations, using some cloud-native tools will make a great deal of sense. Popular cloud-native security use cases include the following:
- identity and access management policy engines;
- cloud-native network security controls, such as firewall rules and flow logs to monitor traffic patterns;
- cloud logging for the controls plane, including AWS CloudTrail and Azure Monitor; and
- encryption and key management services that can easily integrate into cloud storage services and development and deployment pipelines.
Increasingly, organizations also use cloud-native monitoring tools such as AWS CloudWatch, AWS Security Hub, AWS GuardDuty and similar tools in Azure and GCP to act as built-in guardrails for alerts on suspicious behaviors.
Cloud-native controls for completely cloud-centric services, such as serverless functions, also make sense in many cases. These controls are built in, well integrated and often less expensive than third-party tools. Some cloud-native tools and services are also highly advanced in terms of performance, scalability and capabilities for more modern workload deployment methods such as containers and orchestration services such as Kubernetes.
Additionally, an entire new set of cloud-native tools and services are now becoming more commonplace for cloud security posture management, cloud access security brokers, and identity federation and single sign-on. Sometimes called security as a service, these offerings are completely cloud-based, focused toward cloud services and their use. These services will likely continue to add to the cloud-native security space in coming years, as well.