MMS • Mostafa Radwan
Article originally posted on InfoQ. Visit InfoQ
The Cloud Native SecurityCon North America 2023 kicked off this week in Seattle. The first dedicated event focused on Cloud Native Security with over 800 attendees, 70 sessions, 50 sponsors, and vendors organized by the Cloud Native Computing Foundation (CNCF).
Priyanka Sharma, executive director of the CNCF, kicked off the event and announced a new Kubernetes and Cloud Security Associate (KCSA) certification that will be available later this year. The purpose of this certification is to fill the need for technical expertise when it comes to cloud native security by providing knowledge and skills to practitioners including beginners to be incorporated into organizations’ cloud native infrastructure.
Currently, the certification is being developed by community experts and professionals. Practitioners who want to participate can apply to be considered beta testers after submitting an online form. The certification is expected to be generally available before KubeCon+CloudNativeCon North America 2023 in Chicago, November 6 – 9.
Also, during the keynote Priyanka underscored that security within the cloud native ecosystem is deeply complex due to the nature of cloud native environments with fast deployment cycles, modern infrastructure, and scale. She outlined CNCF’s approach to cloud native security which is a people-powered approach focused on the cloud native community collaborating, educating, learning, and sharing knowledge and expertise.
InfoQ sat with Chris Aniszczyk, CTO of CNCF, at Cloud Native SecurityCon NA 2023 and talked about the event, its relevance to developers, and cloud native security.
InfoQ: Why there is a need for a standalone conference for cloud native security?
Chris Aniszczyk: We talked to many of our members, maintainers, and end-users. The feedback we received about KubeCon is that it’s a great event but it’s so big to focus on one particular area.
We felt this could be a good idea as we looked for similar events that are developer-led, open source, vendor-neutral, and focused on cloud native security. We couldn’t find any.
We will see the feedback after the event. We will probably do this again next year and make it a bigger and better event.
InfoQ: As more organizations go cloud native, we are seeing more containers and Kubernetes vulnerabilities, threats, and ransomware. How can we address those challenges and how can CNCF help?
Aniszczyk: All this crazy stuff that’s happening is going to continue. There’s no way to completely avoid this. What we can do is de-risk this threat to ensure that developers, security teams, and IT leaders have a good idea of what tools to protect and secure their environments. There is no silver bullet here.
The role of CNCF is to provide educational resources and training to the next generation of developers regarding security. As we announced today, the KCSA certification can help with that.
Our role is mostly educational through training and sponsoring promising projects, and partnering with vendors to address those challenges.
InfoQ: What are some of the technologies and/or projects that you think are going to play an important role in cloud native security?
Aniszczyk: There is a couple I could think of that come to mind. First, Cilium and the modern eBPF stack including projects such as Falco and Pixie. I think the future of cloud native security will be based on eBPF technology because it’s a new and powerful way to get visibility into the kernel which was very difficult before.
The other thing that is happening at the intersection of application and infrastructure monitoring, and security monitoring. This can provide a holistic approach for teams to detect, mitigate, and resolve issues faster. For example, SBOMs can help both application developers and security practitioners better understand what their software is made of to detect anomalies in production environments.
Cloud Native SecutityCon used to be a co-located event along KubeCon+CloudNativeCon. Based on the feedback from the community and the focus on cloud native security, CNCF decided Cloud Native SecurityCon to be a standalone event starting this year.
Some of the conference sessions and keynotes are available on the CNCF Youtube channel.
The next CNCF conference is KubeCon+CloudNativeCon EU 2023. It is a hybrid event in Amsterdam, April 18 – 21.