Ayal Yogev, CEO and Cofounder of Ajuna, says that confidential cloud is all part of the shift left movement to provide better security for apps in the cloud. This is desperately needed in the cloud infrastructure to give organizations assurances that their data is safe, even while it’s being processed.Īnjuna Security is one of the startups involved in this market. This concept is referred to as a “secure enclave.” Picture the cloud processing power being encrypted and locked down at the memory level so that clients can segment and secure their data. Confidential cloud seeks to encrypt data and application data at the memory and hardware level of cloud infrastructure, while in turn giving control over this security to the organizations operating applications. One of the challenges of the cloud operations model is that customers aren’t sure what’s happening with data or applications security inside the various cloud services they are using, and they want more assurances that it’s all secure. Confidential cloud addresses an even deeper need in cloud security – the processing in the chips themselves. “You put the capability into the application code to generate a secure, by-design overlay, specific to its session,” said Zino.Īnother emerging area is being referred to as confidential computing, or confidential cloud as we are calling it at Futuriom. NetFoundry’s Zino believes in zero trust, which is the principle behind his company’s networking-as-code approach. This includes verifying a signed identity of the users, the network, a device, or an application. Instead, it should assume that everything is hostile and verify the connection and the identity of the users (whether human or machine) across multiple vectors. The idea is that an applications, a network or a service should not trust any person, connection, or device. Zero trust is a principle more than a technology, but it is being applied in many different areas of cybersecurity. Both of these can benefit from a shift left. Specific cybersecurity approaches that we think will gain traction in 2022 include zero trust and confidential cloud. It’s clear to me that two of the areas that need to shift left include networking functionality as well as cybersecurity, which were discussed on our Trends for 2022 panel. With almost everybody pervasively using the cloud and/or the Internet, there are no gates or doors to defend – the attackers can be in the code itself. The idea is especially powerful because the cloud has broken down the idea that there is a security “perimeter” of an organization. This approach is sorely needed in a world that is constantly hyping accelerated software development processes, especially in the cloud – an approach referred to as continuous integration and delivery services, or CI/CD.īy shifting left, the idea is to test code and look for vulnerabilities as its being developed as part of the DevOps process. The idea of shift left is that security code and policy can be implemented earlier in the development process, such as a zero-trust policy approach that verifies code and changes from several vectors to stop threats before they are plugged in. Many security tools are designed to detect breaches or threats after the fact – when are the bad guys are already in.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |