CloudNative SecurityCon is the first Vendour-neutral practitioners-driven conference on Security where we get to know how to enable software security and teach others to do the good work in the community.
With Cloud Native Security Con taking place soon in June 26-27 this year in 2024 which can contribute high in uplifting your carrier through Security, it's important to take a glimpse how does the CloudNative SecurityCon took place in 2023 and which contributions it produced through all the developers and folks through collaborations, talks, personnel experiences of their success, failures and learnings.
Cloud Native SecurityCon is first event with a global community of developers and security experts to tackle issues of security together and share our own experiences of success, failures and learnings with the helps of collected information, understanding and then solving them with other practitioners in the domain.
Cloud Native is now one of the most important part of software development processes where according to the report by /Data contribution growth increased from 20,000 in 2016 to over 180,000 by 2022 with over 7.1 Million developers contributing in Cloud Native and thus Cloud Native Security posture needs to be levelled up to support security of these contributions.
Security within Cloud Native is deeply complex due to the inclusion & collaboration of a lot of sub-parts and components which needs to orchestrate together in order to continue the development process within Cloud Native with rapid development and deployment, thus creating a lot of business and opportunities. More exposed edges and nodes results in greater attack surfaces and ultimately lesser control.
Security status
Security is an ongoing process and requires a continuous monitoring, observability and exercise of having a choice to build up a better infrastructure to solve up the security issues. Security requires a collective efforts and collaboration across various roles and developments within an organization. It is a multifaced concern that encompasses aspects such as secure coding practices, vulnerability assessments, threats modelling, access control and more. Thus it required collaboration between developers, security professionals, quality assurance testers, system administrators and other stake holders.
Security is one of the major factor in cloud as according to the IBM report on Security 2022 about 45% of breaches were cloud based with about 83% organization experienced more than one data breach, with 19% of breaches decreased because of a compromise at business partner decreasing the trust for organization with it's users and partners as 79% critical infrastructure organization didn't deployed a Zero trust architecture resulting in huge loss for users as 60% organization breaches led to increase in prices passed on to customers.
Average Cost of a Data Breach
Average cost of Data Breach for a Hybrid cloud stood at $3.8 Million USD, $4.2 Million USD for a Private cloud and $5 Million USD for public cloud. It is predicted that organization spend over $188.3 Billion USD in 2023 on information security and risk management and cloud security increased at approximately 27 percent.
It was estimated in cloud security that approximately 77% of organization said per training and lack of collaboration were major challenges engaging with different organization managing services for users in different languages and tool-policy framework at various time lines across the globe.
Cloud Native environment interacts with various entities throw in a lack of security policies. Cloud Native Computing Foundation (CNCF) focuses on collaborating together as a knowledgeable vendor neutral contributing together to develop tools and processing. Conversations and assets that CNCF create are publicly accessible and they endure between jobs to keep up the knowledge of security and collaboration accessible to every engineer or student who have just started in the domain.
CNCF Tag Security
TAG Security champions collaborative initiatives to discover and produce resources that bolster security protocols, access management, and policy enforcement, thereby catering to security practioners ranging from open source project maintainers to end user organization personnel, such as operators, administrators, and developers within the cloud native ecosystem.
The TAG produces guidance for and gathers feedback from security engineering and developers and provides guidance and coordination to CNCF projects in the TAG’s technical domains. It is a group of 165 person with contributors developers and evolves Cloud Native security through education, partnership and engaging project & communities with really impactful effect with super useful feedback.
Importance in CNCF Landscape Projects
For any project to become CNCF incubating project, they have to go through a TAG security audits as this group is famous for their numerous research pieces of content such as Cloud Native white paper.
As they send this paper, the Cloud Native Paradigm dictates the need for new security mechanism. TAG security brings a lot of functionalities to the landscape which can boost up the partners' and users' trust for the projects in these way:
By conducting TAG security audits, CNCF ensures that projects adhere to best practices and meet industry standards, thus maintaining trust among users and contributors.
TAG security audits provide valuable insights and guidance to project maintainers and contributors during the development process. By highlighting security requirements and best practices early on, developers can integrate security measures into the design and implementation phases, reducing the likelihood of security issues later in the project lifecycle.
TAG security audits help in identifying vulnerabilities and potential security threats within CNCF projects through assessments by security experts, who can pinpoint areas of weakness and provide recommendations for improving security measures, thereby enhancing the overall robustness of the projects.
A strong focus on security enhances the adoption of CNCF projects. Organizations and developers are more likely to embrace technologies that have undergone rigorous security assessments and adhere to established security standards.
TAG security group produces research content such as the Cloud Native white paper, which contributes to the collective knowledge and understanding of security challenges and solutions in cloud-native environments. This research not only benefits CNCF projects but also serves as a valuable resource for the broader tech community.
Industry collaboration
sigstore is the industry collaboration of this multi-vendor open source industry, users adopted by Kubernetes in May 2022 which helps users to identify and verify the distributions what it claimed to be, to the users and partners.
sigstore stands with the collaboration with Open SSH, cisco, GitHub, Google, Hewlett-Packard (HP), Red Hat and VMware. it is a direct result of open, multi-vendor collaboration with transparent digital signature across open source and customer environment as well to ensure we are building a modular, inter operable solution which can provide security benefits to entire software supply chain.
For more information, visit the CloudNative SecurityCon North America playlist to get to solve up your doubts about the Security in Cloud and infrastructure:
Youtube Channel: https://www.youtube.com/@cncf
Playlist: https://www.youtube.com/playlist?list=PLj6h78yzYM2NQ-Zi_k5qVmZyxSmLBzM6V
Get your tickets booked for the CloudNatiev SecurityCon 2024 through: https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/
Soon, I will be publishing blogs explaining how to secure supply lines and zero trust Architecture at Production level in the next blogs and how to Navigate in the CNCF Landscape with different projects in the same section of it's functionalities offering same mechanisms with different approaches with new addition of tools and extensions to bring up a better security posture infrastructure for your application and platforms.
If you like my Article then please react to it and connect with me on Twitter if you are also a tech enthusiast. I would love to collaborate with people and share the experience of tech😄😄.
My Twitter Profile: