Flipping the script to security in the cloud
Gillis said many security strategists are currently addressing cloud security by developing different approaches for private and public clouds. However, his advice is that they should instead consider the different security requirements of traditional and modern applications.
“I’m suggesting you really want to rotate this 90 degrees. Really want to chat about what I’m doing to protect traditional applications that are primarily based on virtual machines? And then what do I do to protect modern applications that are primarily container or Kubernetes based? Because the concepts for protecting both are the same, but the implementation is completely different.”
Gillis cited Log4j as evidence that attackers not only adapt their techniques, but also their targets. Although no major breach has occurred due to the widespread vulnerability, Gillis said, “Attackers have a motivation to intrude and…