Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

What Does Cloud Native Mean?

“Digital transformation” has been one of the biggest buzzwords of the last decade-- and has come to mean many things to many people. But the biggest manifestation that most workers have come to encounter has been the shift to the cloud. As more organizations move away from purchasing costly on-site servers and locally installed software, a new breed of IT infrastructure has sprung up termed ‘cloud native.’

But what does cloud native actually mean?

What Does Cloud Native Mean?

Cloud native’ refers to an IT environment where most of the organization’s applications and infrastructure are hosted and run in off-site  third-party clouds, and are no longer locally installed on machines or on-premise software. In a cloud native organization, almost all of the business’ functions have shifted to SaaS (Software-as-a-Service) applications for day-to-day operations, and cloud servers and containers for dev-ops, data processing, storage, and more. 

There is some debate about whether cloud native refers only to startups that have never had an on-premises environment and, thus, were “born” natively in the cloud, or if it refers to any organization that now runs exclusively in the cloud. But as support for on-premises software and organization-level investment in CapEx-intensive hardware (like servers) winds down across organizations of all sizes and verticals, most organizations will be cloud native within the next few years .

There’s a few different layers to cloud native, and different ways that members of an organization interact with the cloud. Cloud native can refer to everything from applications like GSuite or Office 365 to virtual servers and container environments. Below, we’ll take a look at the different layers of cloud native environments.

1. Productivity

The most familiar type of cloud native for most people is the productivity software they interact with everyday. Not too long ago, this software was purchased and installed as an app on your local machine, and all files were saved locally on the endpoint’s hard drive or shared to an on-premises server. But in a cloud native organization, that same software has shifted to the cloud. Most organizations now use SaaS apps with an organization-specific instance or managed through a subscription. These applications are accessed through a web browser, and files are stored in the cloud. This makes it easy for employees to work anywhere, theoretically from any machine, and makes sharing documents across the organization easy.

2. Server(less)

Back in the day, corporations ran on endless racks of servers. If they really had a lot of computing requirements, they, perhaps, invested in some “big iron” — massive mainframe computers housed in secure locations. The on-premises servers were used for developer environments, web app hosting, and a range of other applications. The issue for most companies, however, is that as the pace of innovation has accelerated, the ability of on-prem hardware and software to scale with the business quickly becomes a losing proposition. A far more sustainable solution is to shift operations to the cloud.

3. Containers

Containers are lightweight, executable packages of software that allow for code to run reliably between different operating environments. A container isolates software from its environment and ensures that it will always run the same, regardless of where it is running. Containers basically make working in the cloud possible, since it minimizes the resources needed to run applications, and allows for flexibility across Linux and Windows environments. 

While technically part of the server infrastructure, the increasingly widespread use of Docker and Kubernetes in dev-ops means that they are an essential part of a cloud native environment. 

Cloud Native Advantages And Disadvantages

Advantages of Cloud Native

There are plenty of advantages of transitioning to a cloud native infrastructure. Transitioning to the cloud makes sense for most organizations, since it lowers the capital investment they must make in technology, decreases demands on IT to implement and maintain software, and enhances collaboration between teams anywhere in the world.

  1. Lower capital expenditure for servers and software
  2. Maintenance of software and responsibility for patches, updates and more may be shifted from the organization to the vendor 
  3. Resources like data storage, data processing, server capacity and more can be easily and rapidly scaled up or down to meet the needs of the business
  4. The development process can become more efficient and scalable since resources, code, and more can be easily shared anywhere in the world facilitating collaboration
  5. Employees are empowered to work from anywhere, theoretically on any endpoint
  6. Organizations retain greater control over the work their employees produce

Disadvantages of Cloud Native

There’s no such thing as a free lunch in this world, and while the cloud offers plenty of benefits to organizations that make the switch, it can also create plenty of headaches for cybersecurity teams.

Most of the disadvantages of cloud native revolve around account access, managing security in the cloud, and vendor risk exposure.

  1. Since users can theoretically access their accounts from anywhere, security teams need to make sure accounts and end points are properly protected with multi-factor authentication, SSO, Identify Access Management and other solutions
  2. Security teams must fully understand the Shared Responsibility model many cloud providers use, and ensure they have correctly secured the data and apps they have running in the cloud
  3. Cloud native organizations must by definition work with a large array of vendors who may have access to code repositories, sensitive customer data, and more. This introduces increased risk since third-party breach is one of the most common ways that companies are compromised
  4. Compliance may be an issue in heavily regulated industries like finance, healthcare, legal or utilities
  5. Since all business processes have shifted to the web, if Wi-Fi goes down in the office or an employee has a local outage at home, they may be unable to access the apps and resources they need to get work done
  6. If a vendor goes down or is subject to a cyberattack, even if no data is compromised, critical business systems may be offline until the vendor resolves the issue
  7. Many cybersecurity tools and solutions are not set up for cloud native organizations, but are instead adapted from EDR or endpoint management tools, originally built for on-prem environments

Conclusion

What does cloud native mean? It means that the organization has taken a modern approach to business operations that shifts most of their IT infrastructure to the cloud, working through a handful of data and SaaS vendors. Whether it’s the user-layer infrastructure of productivity and communication software, or the deeper dev-ops and data management layer, in a cloud native organization, it has all shifted to the cloud. While the business benefits are many, cloud native infrastructure is not without its security challenges.

To learn more about the fundamentals of securing a cloud native organization, check out our new guide.

Cloud Fundamentals eBook Download