The CNCF Security Special Interest Group (SIG) has just released a new Cloud Native Security Whitepaper to help educate the community about best practices for securing cloud native deployments. The whitepaper intends to provide organizations and their technical leadership with a clear understanding of cloud native security, its incorporation in lifecycle processes, and considerations for determining the most appropriate application thereof. 

“Cloud native security is a multi-objective and multi-constrained problem space spanning many areas of expertise and practice. Developers, operators, and security teams must collaborate to continue to move the field and industry forward. As with any technical innovation, it is the people, their passion, and the journey that genuinely make the community and cloud native security possible, and a solid understanding of the concepts provides a basis for this,” said Emily Fox of SIG Security. 

The whitepaper also introduces new security guidance and controls for cloud native architectures. While security-specific guidance and controls may not yet exist for most innovations we see today and coming in the future, core security concepts in cloud native architectures can be consistently applied while designing, developing, and deploying new capabilities.These core security concepts are:

  • Protection from unauthorized access (person and non-person entities). Ephemerality reduces asset exposure to unauthorized entities by consistently rebasing from a known good state.
  • Immutability to preserve the integrity of content and code.
  • Availability of services, tooling, and content. Distribution provides resilience and redundancy.
  • Auditing and Accountability provide a mechanism to ensure that no irregularities have occurred and to keep track of authorized changes.

The Security SIG aims to facilitate collaboration to discover and produce resources that enable secure access, policy control, and safety for operators, administrators, developers, and end-users across the cloud native ecosystem. If you are interested in participating in the Security SIG, check out the Charter for more information about ways to get involved.

The whitepaper is available on GitHub.