Engineering Trust – Cloud-Native Platforms
The COVID pandemic really forced everyone to sit up and reassess the processes that we were all taking for granted. Despite the consistent growth of cloud solutions leading up to the beginning of 2020, the sudden need for everyone to have cloud-accessible resources made IT teams (and especially data security teams!) all around the world worry – what is going to be accessible and who will it be accessible to?
The main issue is that we have transposed the existing architecture and legacy workloads from the ways of the “Old World” and placed them in the cloud. For anyone who assumed this would be a piece of cake (and I can’t imagine that there were many people thinking that!), this was like taking a square peg and forcing it into a round hole. Legacy systems weren’t designed to exist online, meaning that there are exploitable holes that the adversary is still exploiting. But how do we fix that?
What are cloud-native platforms?
Enter stage left platforms and applications that were built with the cloud in mind. New and emerging demands need new and innovative solutions, which the likes of IBM and Microsoft have already been pushing. And the benefits that building and using applications and platforms in the cloud are potentially massive for businesses that can afford to broach this new frontier.
Cloud platforms need to be more than just legacy tools that have redesigned front-ends. Instead, there are two key technological advances which drive the development of these platforms and bring value to their users:
Core elasticity
A heavily restricted cloud is not worth having – the entire point of using a cloud solution is to gain the ability to rapidly and dynamically allocate resources to meet consumer and employee needs, not just to move storage offsite! With that in mind, all cloud-native platforms need to be designed with elasticity in mind.
Why is this so essential? Because growth is the name of the game when you move into the cloud. The restricting factors of onsite storage and possible bandwidth congestion are dramatically reduced, meaning that worrying about how the essential applications and platforms can access resources is less of a problem. Now the focus is 100% on the application and how it can be used to beef up business and deliver value.
Cloud computing scalability
It seems obvious to say that cloud-native platforms should have the full capability of cloud computing scalability, but it’s necessary to understand how that development aids in driving this innovation.
When you are relying on local alternatives, you are massively restricted in terms of what is possible. Hardware restrictions only allow for a certain amount of innovation because the development team is constantly compromising between the drive to innovate and what the local machines can actually handle. Without the cloud, DevOps and DevSecOps teams are hamstrung by the conditions on the ground.
Neither core elasticity nor cloud computing scalability is especially new, but they are essential for platforms and applications that are moved into the cloud. The point here is that by using these in a way that is central to the development of cloud-native platforms, we are improving the efficiency and speed of these solutions for customers and remote employees alike.
How do cloud-native platforms change the landscape?
Cloud systems are vastly easier to use than their non-cloud equivalents, meaning that it is better for IT teams, security professionals, and data scientists to manage and protect sensitive information. According to the Gartner report, a major Indian bank – that has gone unnamed – is standing at the frontier of cloud-native platforms, having adopted the advance in recent years.
By creating a cloud-native platform, the bank was able to open a new array of digital financial services, including the ability to open an account in only six minutes and instant digital payments. This is only one example of the new types of services that will be available through cloud platforms, especially when mixed with microservices that only improve the customizable nature of the platform and the type of services a business can offer.
How does this help security professionals?
Good question. Although the cloud is freeing for developers, it can be an absolute pain for security-minded workers. But the main struggles that come from using cloud solutions are due to using applications that weren’t explicitly designed for the cloud in the new environment!
Not only will these new platforms have fewer holes by being specifically built to fit the new way of working that we are all getting used to, but the transfer to cloud-native solutions is becoming imperative, according to research by 451 Research. By approaching application and platform development from a cloud-native perspective, we are now building technologies with “how a platform is developed” in mind, not just “where it is deployed”. Remember, focusing less on the resources and deployment means that more time is spent on the application. In essence, the move to cloud-native platforms means that a DevSecOps approach is unavoidable because the new system will require it.