- Home
- >
- DevOps News
- >
- Shifting Zero Trust Left with Cloud Native Software – InApps Technology 2025
Shifting Zero Trust Left with Cloud Native Software – InApps Technology is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn Shifting Zero Trust Left with Cloud Native Software – InApps Technology in today’s post !
Key Summary
This article from InApps Technology, authored by Phu Nguyen with insights from Gadi Naor, CTO and co-founder of Alcide, discusses the integration of Zero Trust principles into cloud-native software development to secure the software supply chain, particularly given the heavy reliance on open-source components (80–90% of code in cloud-native apps). It emphasizes balancing security with development velocity in DevOps workflows. Key points include:
- Software Supply Chain Risks:
- Open-Source Dominance: 80–90% of cloud-native application code comes from open-source or third-party components, introducing risks due to unknown developer skills or motivations.
- Security Challenges: Potential for inadvertent flaws or deliberate malware injection, requiring protection across the entire supply chain, from code creation to deployment.
- Zero Trust in Cloud-Native Environments:
- Concept: Extend Zero Trust (trust nothing, verify everything) to all software components, particularly in Kubernetes and container environments.
- Approach: Combine Zero Trust with continuous scanning to balance security and development agility without compromising innovation.
- Best Practices for Secure Kubernetes/Container Deployments:
- Initial Configuration:
- Configure clusters for full hygiene using best practices from platforms like Kubernetes and Istio, avoiding default, less-secure settings.
- Apply the latest patches and updates to address container runtime vulnerabilities.
- Access and Runtime Controls:
- Use admission control to enforce policies and block non-compliant resources.
- Reduce runtime privileges, avoiding root access and using AppArmor/seccomp profiles.
- Run workloads with immutable file systems to minimize compromise risks.
- Implement segmentation and isolation policies and network policies to control access.
- Monitor for configuration leaks (e.g., secrets, passwords, keys).
- Restrict network access to worker nodes.
- Initial Configuration:
- Continuous Kubernetes Hygiene:
- Continuous Scanning: Integrate security checks into the CI/CD pipeline to monitor workloads during deployment, catching issues like embedded secrets or misconfigurations before production.
- Dynamic Monitoring: Tracks evolving security states post-deployment, detecting new vulnerabilities and enabling proactive responses.
- Guard Rails: Apply policy-driven checks to balance security for critical components (hardened) and less critical ones (supervised but flexible), maintaining delivery velocity.
- Benefits:
- Security and Agility: Zero Trust and continuous scanning enable secure, rapid development without hindering DevOps performance.
- Proactive Risk Mitigation: Identifies and addresses supply chain risks early, reducing vulnerabilities in production.
- InApps Insight:
- InApps Technology integrates Zero Trust and cloud-native security practices, leveraging React Native, ReactJS, Microsoft’s Power Platform, and Azure, using Power Fx for low-code solutions and Azure Durable Functions for scalable workflows.
- Combines Node.js, Vue.js, GraphQL APIs (e.g., Apollo), and Azure to deliver secure, scalable solutions, targeting startups and enterprises with Millennial-driven expectations.
- Call to Action:
- Contact InApps to implement Zero Trust and continuous scanning solutions for cloud-native software development.
Read more about Shifting Zero Trust Left with Cloud Native Software – InApps Technology at Wikipedia
You can find content about Shifting Zero Trust Left with Cloud Native Software – InApps Technology from the Wikipedia website
Gadi Naor
Gadi Naor brings 15 years of experience in leading the development of cybersecurity products to his role as CTO and co-founder of Alcide. Gadi has blended his management and technological background in various positions. Gadi worked at CheckPoint where he served as business development manager and senior developer, leading the development of CheckPoint’s Firewall core security engine and VPN software. He then served as a senior software engineer at Altor Networks, a pioneer in virtualized data center security that was later acquired by Juniper Networks, where he continued to serve as a senior software engineer. Prior to co-founding Alcide, Gadi was the co-founder and CTO of Fitfully, a microservice-based system.
As companies seek to reduce the time required to deliver new features in cloud native applications, the use of off-the-shelf and third-party code, particularly open source, is altering the scope of cybersecurity for developers. Estimates go as high as 80 to 90 percent of the code in cloud native applications originates from open source components.
This change in the composition of code forces a shift in the territory that today must be protected by DevOps professionals. Rather than focusing solely on the software development lifecycle, DevOps professionals must now expand their perspective on how to secure the entire software supply chain.
“Combining Zero Trust and continuous scanning allows enterprises to balance performance needs with security requirements.”
The software supply chain represents all of the contributed software components (whether the source code or as pre-packaged components) as well as the delivery systems, channels and processes that eventually deploy code into a staging or production environment. The unknown development skills and motivations of third parties create a challenging security risk, which can lead to inadvertent security flaws, or deliberate injection of malware. Security and DevOps teams must now protect against components that were produced, and sometimes integrated into the application code, without supervision or proper security vetting.
Apply Zero Trust to Kubernetes and Container Environments
The natural response to the substantial scope of software supply chain risk is to trust no one and nothing, and to expand the notion of Zero Trust to include other risk vectors. While Zero Trust is an excellent place to establish a baseline of security, it must be done in a way that does not compromise the business’ agility or innovation.
Begin with a foundation of best practices:
- Ensure the start environment for clusters are initially configured for “full hygiene” in accordance with best practices recommended by platforms such as Kubernetes and Istio. The default configuration is sometimes optimized to make the system easily accessible to development teams, but does not necessarily represent a production-ready, hardened and locked-down configuration.
- Make sure the infrastructure software has the latest patches and updates, with the increasing number of vulnerabilities being disclosed around container runtime.
Deploy the cluster and fine-tune access controls:
- Use admission control in production to enforce policies and prevent resources that violate policies and hygiene level from being admitted to the cluster.
- Unless explicitly approved and required, reduce the runtime privileges of your workloads, and avoid running them as root or at any elevated privileges; use AppArmor/seccomp profiles to control the risk surface.
- Run workloads with an immutable file system, to reduce the risk if the system is compromised.
- Apply segmentation and isolation policies based on the workload at runtime.
- Watch the configuration to avoid leaking secrets, passwords and keys.
- Ensure network policies are applied.
- Control network access to worker nodes.
These guidelines will establish a strong initial baseline for the security of our applications, but it’s not all that can be done.
Continuous Kubernetes Hygiene — From Continuous Deployment
Total application of Zero Trust is a process that enterprises may take longer to adopt and implement. Enterprises may want to balance that effort against delivery velocity. The result is that within Kubernetes access controls for less critical components — and sometimes the entire cluster — are loosened. While this creates security gaps from a network and access control perspective, applying guard rails to risks introduces an important mitigation layer. These guard rails can be plugged into the CD part of CI/CD. This extended version of Zero Trust can work in harmony with DevOps, acting as an enabler for velocity and security.
Just as traditional image vulnerability scanning served as a workload pre-flight risk analysis that may be employed at runtime, we can apply similar policy and risk-driven checks for each and every deployment event to achieve a continuous scanning of the workload to see what is running and to understand the levels of integrity and hygiene. Whether the trigger is a single code commit or a batch, we can catch drifts before they end up in production.
For example, we look for embedded secrets or secrets wired into the wrong locations that an astute intruder, internal user or other system component could leverage to access sensitive data. Applying these guard rails on the test cluster can yield immediate results.
Continuous scanning enables DevOps to monitor the evolving security state of the application. Rather than depending on stale knowledge of the security state of the application at deployment time, scanning detects new vulnerabilities that appear after deployment. DevOps monitors the evolving security status and reacts to changes in the security situation.
Balance the Guard Rails and Delivery Velocity
Enterprises must now protect their cloud native applications from security risks introduced by the software supply chain. Combining Zero Trust and continuous scanning allows enterprises to balance performance needs with security requirements. Critical components are hardened and less critical components are freed to perform under careful supervision. In this way, companies can implement a Zero Trust approach to security that addresses the complexities of new, accelerated development models and empower DevOps teams to employ continuous security practices in a balanced way that doesn’t hinder agility or speed.
Feature image via Pixabay.
InApps Technology is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Velocity.
Source: InApps.net
List of Keywords users find our article on Google:
| zero trust security for digital workspace |
| checkpoint vpn client |
| zero trust wikipedia |
| is codeforces down |
| gadi game |
| code forces |
| game gadi |
| gadi gadi gadi |
| checkpoint systems wiki |
| checkpoint vpn |
| pioneer natural resources wiki |
| saas inflight catering management system |
| gadi game gadi game |
| wikipedia zero trust |
| learning in harmony trust |
| juniper networks |
| astute technical recruitment |
| juniper firewall icon |
| saas inflight catering management software |
| astute recruitment |
| design you trust |
| gadi ki game |
| saas inflight catering management solution |
| native background design |
| smart data wikipedia |
Let’s create the next big thing together!
Coming together is a beginning. Keeping together is progress. Working together is success.
