Data security is the big issue facing enterprise today. Forget fancy social media campaigns, customer loyalty, and sales figures. One data breach can damage brand reputation in minutes, and trust takes years to rebuild.

Cloud computing and open-source development have made traditionally security measures, such as firewalls and gateways, obsolete. And the multitudes of connected devices have created a potential attack surface that grows larger by the minute.

“Security is super critical, and more so now as folks are deploying more and more mission-critical applications on the Kubernetes-based platform,” said Amit Gupta (pictured, center), vice president of business development and product management at Tigera Inc.

Gupta; Loris Degioanni (pictured, right), founder and chief technology officer of Sysdig Inc.; and Knox Anderson (pictured, left), director of product management at Sysdig, spoke with Stu Miniman (@stu), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the KubeCon + CloudNativeCon event in San Diego, California. They discussed how security is different in an open-source, cloud-native environment. (* Disclosure below.)

Cloud-native security requires distributed architecture

As monolithic architectures disappear, software is also changing. Instead of singular large applications, cloud-native applications are architected from hundreds of microservices operating in a dynamic and distributed fashion. This is more efficient, but “this also means that, securing, monitoring, troubleshooting infrastructures becomes much different,” Degioanni said.

As legacy security tools become obsolete, new security approaches, such as those provided by open-source projects Calico and Falco, are the way forward, Degioanni added.

Sysdig is the original creator of Falco, which Degioanni described as an open-source Cloud Native Computing Foundation phased anomaly detection system that’s based on collecting high granular data from a running Kubernetes environment.

“The big challenge in the Kubernetes space is around incident response and audit,” Anderson said.

Tigera and Sysdig have collaborated to manage security within Kubernetes workflows, creating products that provide security across the entire container lifecycle. “So, at build time, making sure your images are properly configured, free of vulnerabilities at run time, looking at all the activity that’s happening,” Anderson stated.

So as enterprise architecture is designed, organizations must think about how to design security across the entire infrastructure “in a distributed fashion or done in the early stages of your projects,” Gupta pointed out. “Just like your applications are being deployed in an automated fashion, your security has to be done in that fashion. So, policy as code, infrastructure as code, and the security is just baked in as part of that process. It’s critical you design that way to get the best outcomes.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon event. (* Disclosure: Sysdig Inc. sponsored this segment of theCUBE. Neither Sysdig nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE