2 years ago

Category: Software, Security, Kubernetes

Cloud Native Computing Foundation sponsored this post. As production environments have gained multiple layers of protection and much of the attention of security teams, malicious actors have set their sights on “poisoning the well,” that is, targeting where applications are developed or their building block components. This is done under the (mostly correct) assumptions that dev environments are not scrutinized as closely as product environments, and that targeting the right components, for example, those that are very widely used can ultimately give the attack access to many production environments once it is deployed undetected.

There are several characteristics of cloud native application development environments that make them a lucrative target for attackers looking to embed malicious code into the supply chain.

There are inherent characteristics of cloud native applications that make them more resilient to attack and enable them to limit the damage of an attack: Eliminating the risk of supply chain attacks is virtually impossible, but there are measures that DevOps and security teams can take to reduce that risk: Supply chain attacks are here to stay and will evolve, and organizations should adjust their security practices to detect, identify and mitigate them.