Nothing is the same after digital transformation. The changes that people thought were purely technical caused a ripple effect out across people and processes as well. Unfortunately, security is only now realizing that creating a fixed blueprint of rules for everyone to follow doesn’t work in the rapidly moving, complex world of cloud computing.

Playing security catchup has left companies exposed to attack as criminals take advantage of vulnerabilities laid open across the expanded attack surface. The “2022 Black Hat USA Attendee Survey” found that 72% of cybersecurity professionals expect to experience a major cybersecurity incident in their organization in the coming year.

“The developers are all about dynamic change and rapid change, and operations and security tend to like stability and considered change in advance. And the business needs that needle to be threaded,” said Mark Nunnikhoven (pictured, left), distinguished cloud strategist at Lacework Inc. “I think it’s acknowledged now that you’re not going to have complete security. We’ve gotten past that. It’s not a yes or no binary thing; it’s let’s find that balance in risk.”

Nunnikhoven and Liz Rice (pictured, right), chief open-source officer at Isovalent Inc., spoke with theCUBE industry analyst John Furrier for the AWS Heroes Panel at the “Cybersecurity — Detect and Protect Against Threats” event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the evolution of security in the cloud era. (* Disclosure below.)

There’s no winning the security war

The security arms race is a constant battle, where criminals take new security measures introduced by organizations as a challenge to up their game in response. Thinking this is a winnable war is a mistake, according to Rice.

“Everything that we do to defend cloud workloads, it becomes a new target for the bad guys, so this is never going to end,” she stated.

As leaders become aware of the existential threat a major ransomware attack could cause to the company, the knee-jerk reaction is to buy security tools and roll them out, according to Nunnikhoven. But, as Rice succinctly points out: “You can’t just throw money at the problem, you’re going to actually have to throw people and technology at the problem and take security really seriously.”

Organizations must ensure they are getting the most value out of their people, not their tooling, according to Nunnikhoven.

“You will need to roll out tools, but they’re not the answer. The answer is the people to get the value out of the tools,” he said.

Companies can manage their security spend by taking advantage of some of the performant open-source tools that are available. This allows teams to experiment and build a custom security tooling configuration that works for their situation without having to “pay a giant sum to get a black box,” according to Rice.

“The rise of open-source tools means that you can start with something pretty powerful that you can grow with,” she said.

This has flipped the paradigm for vendors. Instead of top-down decision-making, when it comes time to invest in enterprise features to extend the functionality of the open-source tooling, the engineers using the tools are telling executives what to buy.

“That cultural change makes it much easier for people to work security in from the get-go and really do that shift left that we’ve been talking about for the last few years,” Rice stated.

Open-source innovation creates confidence

There are many active open-source security projects in the cloud-native ecosystem, with a new generation of tooling emerging that can observe when security issues are happening and prevent malicious activities. Rice is particularly excited about the potential of eBPF, which has grown far beyond its packet filtering origins.

“What eBPF allows you to do now is to run custom programs inside the kernel. So, we can use that to change the way that the kernel behaves,” Rice explained, calling it a “step change in the capabilities of security tooling.”

The kernel is the central control point of any operating system, with visibility over every process that’s running on the machine, which can be either a virtual machine or bare metal. Security tooling and observability tooling written using eBPF can be placed inside the kernel, enabling it to observe and secure what’s happening across the entire machine.

It also removes the vulnerability point created by kernel modules, which can cause the machine to halt if they have a bug in them. This can not happen with eBPF, according to Rice. All eBPF programs go through a dynamic verification process that ensures they’re safe to run, that the program cannot crash, and that the memory access is safe.

“It gives us this very reassuring platform to use for building these kernel-based tools,” Rice added.

Technological shifts such as eBPF, driven by open-source innovation, are having a positive effect on the market, according to Nunnikhoven.

“People are not only deploying this new level of tooling, but they’re confident that it’s actually providing the security it promised,” he stated.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity — Detect and Protect Against Threats” event:

(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for the “Cybersecurity Detect and Protect Against Threats” event. Amazon Web Services Inc. and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE