• United States




The modern security landscape is evolving: what you need to know

Nov 29, 20174 mins
Application SecuritySecurity

The emergence of apps, the cloud and other practices require rethinking security.

padlock with circuitry lock in secure
Credit: Thinkstock

The landscape around modern security practices is rapidly evolving and complex. As containers gain mainstream momentum, practices such as continuous delivery, cloud development and DevOps require a reinvention of security. Cloud native development is a vital evolution for security in the enterprise, as it equips organizations with the same tools and processes that modern fast moving organizations rely on.

As we saw yet again in the Equifax breach, basic application security processes are a must. Yet, this is easier said than done in traditional software development. It becomes much easier as organizations move to modern DevOps and invest in cybersecurity coverage for these new environments.

Cloud native and security today: secure the app

I’m speaking at KubeCon + CloudNativeCon North America about how containers enable a fundamentally new approach to security, one better aligned to the way people build and run software today. A few points I’ll cover during the session reference some unique nature of containers and microservices. Three core pillars of containers — the fact that they are declarative, minimal and predictable — make it possible for us to use machine learning to precisely model what they should do and automatically hunt for and prevent anomalies without human involvement, complex rules, or static signatures. This enables a new world approach to security, where protection is automatically aligned with the app and follows it throughout its life cycle and everywhere it runs. You can read more about my take on these three pillars here

By leveraging these three pillars, there’s a powerful opportunity to use whitelisting, for example, to only allow known good processes to run. In combination with application intent analysis, enforcement measures help support the intent-based security model and ensure that the app only does what it was designed to do, without trying to create rules that list every possible malicious scenario that could occur.

That said, the threat environment is always evolving and the tools organizations will be using in the future are different than those today. Organizations need to ensure their security controls are decoupled from their infrastructure and can run wherever their apps might be tomorrow, or two years from now. Containers and microservices are ushering in an entirely new operating pattern for organizations, one in which the infrastructure is even more abstracted and ephemeral than the cloud and virtualization patterns that preceded it. Just as virtualization made knowledge of your physical CPUs and disk layouts a quaint concept, so too are technologies like Docker and Kubernetes making the very notion of a server or virtual machine something of a bygone era.  These modern operational models require new security tooling built for their high levels of scale and rate of change.

The security solutions of tomorrow

Automated deployment

Software, which requires frequent updates and releases to drive business value, is being developed by multiple business units spread throughout the organization. The right approach to security is to make sure there are automated ways of protecting continuous deployment without slowing down developer velocity. Think of this as traffic cameras and guard rails instead of stop lights and speed bumps. Whereas traditional security required manual reviews and approvals, automated security solutions are built into the CI/CD process and show developers security state at every step, and only allow jobs that meet requirements to progress, all via software.

Machine learning 

One of the technologies that will play a critical role in the security solutions of tomorrow is machine learning. The main reason is that software today is divided and packaged into much smaller entities than it was before. This results in two side effects: first, the number of entities software consists of became much larger, and second, that the complexity of each entity was sufficiently reduced. Defending large numbers of relatively simple entities is a classic problem for the machine learning approach. Since the number of entities is large and frequently changing we cannot rely on manual security configuration and must introduce automation. The fact that each entity is simple makes it possible to effectively learn and enforce its behavior. In fact, this creates a better protection than previously possible because protection shifts from look. Much less human interaction results much less human mistakes, and using latest machine learning techniques enables automatically creating tight and customized behavioral protection around each microservice.


John Morello is the Chief Technology Officer at Twistlock. As CTO, John leads the work with strategic customers and partners and drives the product roadmap. Prior to Twistlock, John was the CISO of Albemarle, a Fortune 500 global chemical company. Before that, John spent 14 years at Microsoft, in both Microsoft Consulting Services and product teams. He ran feature teams that shipped security technologies in Windows, Azure, and Office 365 and served as the Lead Architect of the hybrid cloud consulting team for the Americas.

John lives in Louisiana with his wife and two young sons. A passionate fisherman and scuba diver, he also serves as Chairman of the Coalition to Restore Coastal Louisiana.

The opinions expressed in this blog are those of John Morello and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.