Build & maintain complex distributed systems
17–18 October 2017: Training
18–20 October 2017: Tutorials & Conference
London, UK

Cloud native: Security threat or opportunity?

Liz Rice (Aqua Security)
9:309:50 Thursday, 19 October 2017
Location: King's Suite
Average rating: ****.
(4.05, 19 ratings)

Your organization wants to go cloud native, but you don’t want to hit the headlines as the victim of the latest hacking scandal. Liz Rice addresses the questions you need answers to: Will your deployments be less secure or more? How do DevOps processes like CI/CD and cluster orchestration affect your security profile? And what can we all do to minimize the risk of exploits?

Photo of Liz Rice

Liz Rice

Aqua Security

Liz Rice is the technology evangelist at container security specialists Aqua Security. Previously, she cofounded container startup Microscaling Systems, which built a real-time scaling engine and the popular image inspector MicroBadger. Liz has a wealth of software development, team, and product management experience from her years spent working on network protocols and distributed systems and in digital technology sectors such as VOD, music, and VoIP. When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London.

Comments on this page are now closed.


Picture of Liz Rice
22/10/2017 21:53 BST

Hi Mark, thanks for your comment. I think a key factor is the speed of instantiation of containers, which make it completely reasonable to rebuild and redeploy rather than patch (and as a consequence we get an artifact that can be reliably reproduced as it’s described precisely in code). Starting a new container is basically just starting a new process, so would it really be faster to dynamically fix a running container (or for the container to somehow fix itself)?

The argument about microservices is interesting. It’s much easier to scale with a microservices-based architecture, but I wouldn’t be surprised if in a few years’ time monolithic web frameworks come back into fashion, as we remember that a lot of people are building things that don’t need to be particularly scalable.

Mark Bannister
19/10/2017 10:43 BST

Is rebuilding a container image an oversimplification of a larger problem? Are we assuming that cloud containers must be immutable because cloud native is still in its infancy? In cloud utopia, if we fully understood all of the interactions and complexities, would it not be easier in the future to have cloud containers that are self-healing rather than having to destroy and start again every time? If both routes were as easy as each other, would it not be more optimal and faster to be able to dynamically fix a running container rather than throwing it away and starting again?

By forcing application developers to move to microservice architectures we might be building a rod for our own backs. I think while it is valuable to be able to redeploy containers we should have equal focus on how to get code fixes out immediately without interrupting longer running processes and how we make it easier for complex applications to track and resolve interdependencies which grow harder to track year on year.