UPDATED 13:58 EDT / FEBRUARY 03 2023

SECURITY

Practitioners assess latest risks and enterprise vulnerabilities at inaugural CloudNativeSecurityCon

The tone was set for the opening day of CloudNativeSecurityCon in Seattle this week when Priyanka Sharma, executive director and general manager of the Cloud Native Computing Foundation, told attendees that “practitioners are leading the way, having conversations that you need to have. That’s all of you.”

Sharma’s message highlighted the central role that security practitioners must play in meeting the continued challenge of protecting enterprise information technology.

“If you read between the lines of what she’s saying there it’s: ‘We’re going to fail and we’re going to get better,’” said John Furrier (pictured, center), industry analyst for theCUBE. “The mention of practitioners was very key. Practitioners speaks to the urgency of cloud-native security.”

Furrier spoke with theCUBE industry analysts Dave Vellante (right) and Lisa Martin (left) at CloudNativeSecurityCon, during the keynote analysis in an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed key themes from the keynote presentations and CNCF’s decision to form a dedicated cloud-native security event.

Business impact and urgency

Urgency among practitioners in cloud-native security is being driven by a statistic mentioned during the keynote session. Cloud-native is growing at 27% per year, according to CNCF, which only underscores the challenge as security teams must find ways to protect a rapidly expanding and complex IT infrastructure.

“It’s cloud, cluster, container and code,” Furrier said. “All have levels of security risk and new things that need to be addressed. The business impact is real, and it’s urgent. You’ve got to peddle as fast as you can.”

One of the key dynamics in today’s security space is the culture change brought about by significant adoption of cloud technologies to drive business. This has increased the need for collaboration between developers, security analysts and key stakeholders within an organization.

“The cloud itself has brought a lot to the table. It’s like the first line of defense, but you’ve really got a lot to worry about from a software defined perspective,” Vellante said. “You’ve got a lot more people that have to work together and have to share data. You’ve got to rethink the way in which you approach security, and it starts with culture and with team.”

This new reality has also impacted organizations at the top. As security becomes imperative throughout the business structure, reporting roles have not been as important as they used to be, Vellante noted.

“DevSecOps is being asked to do a lot,” Vellante said. “There was a progression in the last decade about the right regime for security. Should the CISO report to the CIO or the board? We’re way beyond that now.”

Coming wave of automation

CloudNativeSecurityCon comes at a time when the enterprise IT community is adopting new models to deal with a host of new trends and technologies. This includes a coming wave of automation, driven by rapid advances in artificial intelligence and machine learning that will likely change the way business gets done.

“Things like DNS and the Linux kernel, there’s a lot of things in the bowels of tech world protocol levels that just need to be refactored,” Furrier said. “This is stuff that needs to be paid attention to, because if they don’t do it, the train of AI and machine learning is going to run wild with automation that the infrastructure is just not set up for. There’s going to be root level changes and ultimately a new security stack that will be driven by data.”

An example of how changes in the stack are impacting security can be seen in growth at the edge as remote devices either process critical data at the source or send it back to the cloud. This will further increase a need for simplification and streamlined tools for monitoring security.

“Priyanka mentioned exposed edges and nodes, and IoT security is not a ‘one and done’ task,” Vellante said. “There’s a real opportunity to simplify the lives of the DevSecOps teams, and that’s what’s critical in terms of being able to solve or at least keep up with this never-ending problem.”

The analysts noted that this week’s gathering in Seattle was an inaugural event for the Cloud Native Security Foundation.

“Pulling it in as a separate event is a first move for them,” Furrier said. “They are testing the waters a little bit. Does this have legs? This is the beginning of what will probably be a seminal event for the open-source community.”

In SiliconANGLE’s recent forecast for enterprise trends in 2023, there was a prediction that physical events would multiply over the year, but they would become noticeably smaller.

“Events are going to be really targeted, really intimate and focused,” Vellante said. “That’s exactly what this is.”

CloudNativeSecurityCon was previously co-located with the annual KubeCon + CloudNativeCon gathering. By moving the event into its own dedicated conference, the CNCF is recognizing that cloud security is becoming an important topic for enterprises of all sizes.

“Seventy-two sessions are a lot of content for this small event that the practitioners are going to have a lot of opportunity to learn from,” Martin said. “I’m looking forward to seeing, as the months unfold, the impact that this event has on the community and the adoption of cloud-native security.”

Here’s the complete video discussion, part of SiliconANGLE’s and theCUBE’s coverage of CloudNativeSecurityCon:

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU