RedMonk analyst Fintan Ryan mentions Cohesive Networks in his recent article “Strategic Technology: Security, Digital Transformation & Cloud Native.”
Read the full article on RedMonk on March 20, 2017, by Fintan Ryan
TL; DR – Security will be the most significant vector for enterprise sales of Cloud Native technologies in the medium term. Widespread adoption of Cloud Native will remain driven by developers.
The Cloud Native Security Landscape
Bringing all of this back to cloud native we need to look at several interlinked concepts – with immutable infrastructure, infrastructure as code, vulnerability scanning approaches, container registries, secrets management, network management and scanning, and source code provenance being among the most important.
It is also important to realise that containers play an absolutely key role in all things related to cloud native security. As my colleague, Stephen O’Grady, noted in the past, the atomic unit of computing has shifted – and while serverless and the associated FaaS moniker is a logical conclusion for a significant number of workloads, containers are the de-facto new unit for most organisations.
Network Management and Visibility
Interlinked with vulnerability scanning is the area of network management and visibility. The management side is well understood, and invariably comes down to some form of network based segregation of individual microservices, and a set of policies to allow network traffic between sets of microservices. The key differentiation, versus historic network management approaches, is ensuring all this activity is both dynamic and available in a self-service manner. For cloud native applications this is only possible with a software defined network.
On the visibility side, detecting anomalies in the network, and actively looking for data leakage issues (e.g. sensitive customer data such as credit card details or internal data such as api keys being passed in plain text) are the two most common use cases we hear being discussed.
A variety of vendors get mentioned in our conversations in this area, including Cohesive Networks, WeaveWorks and VMWare.
The gambit of tools and vendors across the cloud native security space is quite large, but in the short to medium term most enterprise sales deals of cloud native offerings will be built, to a significant degree, with security considerations at their core.
We do anticipate some significant consolidation in this space over the medium term, and a growing maturity around solution offerings.
By: Margaret Valtierra