Contributed"> How to Ensure Cloud Native Architectures Are Resilient and Secure - The New Stack
TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
Open Source Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
AWS Adds Support, Drops Prices, for Redis-Forked Valkey
Oct 10th 2024 1:41pm, by Joab Jackson
OSI Finalizes a ‘Humble’ First Definition of Open Source AI
Oct 10th 2024 12:00pm, by Heather Joslyn
Avoiding a Geopolitical Open Source Apocalypse
Oct 9th 2024 10:00am, by Randy Bias
OSI’s Definition of Open Source AI Raises Critical Legal Concerns for Developers and Businesses
Oct 7th 2024 10:20am, by Luca Antiga
How the Argo Project Is Avoiding WordPress-Type Problems
Oct 4th 2024 11:00am, by Dan Garfield
How to Ensure Cloud Native Architectures Are Resilient and Secure
Oct 12th 2024 10:00am, by Akhil Mittal
Start Securing Decentralized Clouds With Confidential VMs
Oct 10th 2024 10:00am, by Jonathan Schemoul
Tetrate, Bloomberg Collaborate on Envoy-Based AI Gateways
Oct 7th 2024 2:00pm, by Steven J. Vaughan-Nichols
Anyscale: New Optimized Runtime for Ray, Kubernetes Operator
Oct 7th 2024 1:00pm, by Chris J. Preimesberger
NGINX One Console: Not for Experts Only
Oct 4th 2024 12:39pm, by B. Cameron Gain
How Nvidia Scaled Its Cloud Services With KubeVirt
Oct 4th 2024 6:18am, by Jonathan Gershater
Is Kubernetes Green?
Oct 2nd 2024 8:24am, by Anne Currie
Abstracting Cloud SDKs, Starting With the Runtime
Oct 1st 2024 8:42am, by Rak Siva
Microsoft Open Sources OpenHCL, a Linux-Based 'Paravisor'
Sep 24th 2024 11:00am, by Steven J. Vaughan-Nichols
What Is Testcontainers, and Why Should You Care?
Sep 17th 2024 7:53am, by Kevin Wittek
Integration of AI With IoT Brings Agents to Physical World
Oct 8th 2024 7:46am, by Janakiram MSV
From VMs to AI: How Edge Computing Is Evolving
Sep 13th 2024 3:54am, by Ben Cohen
The New 2GB Raspberry Pi 5: Another Option for Linux Sysadmins
Sep 2nd 2024 9:00am, by Damon M. Garn
Golang Pub/Sub: Why It’s Better When Combined With GoFr
Aug 28th 2024 6:00am, by Robert Kimani
With eLxr, Wind River Brings Debian Linux to the Edge
Aug 12th 2024 1:30pm, by Joab Jackson
Configure Microservices in NestJS: A Beginner’s Guide
Oct 11th 2024 12:00pm, by Zziwa Raymond Ian
How To Secure Microservices in a Multicloud Architecture
Oct 7th 2024 12:30pm, by Manas Chowdhury
Binary Provenance, SBOMs and the Software Supply Chain for Humans
Oct 1st 2024 10:00am, by Mike Long
Platform Engineering Reshapes Software Dev at Bechtle
Sep 4th 2024 6:00am, by Todd R. Weiss
Shift Left on a Budget: Cost-Savvy Testing for Microservices
Aug 27th 2024 12:03pm, by Nočnica Mellifera
Internet Architecture Board ISO Future Networking Tech
Sep 29th 2024 8:00am, by Joab Jackson
Git: Set Up a Local Repository Accessible by LAN
Sep 28th 2024 9:00am, by Jack Wallen
Linux: Create and Connect to an NFS Share
Sep 21st 2024 8:00am, by Jack Wallen
AlmaLinux: Deploy a DHCP Server for Your Internal Network
Sep 14th 2024 7:00am, by Jack Wallen
How Meta Is Reinforcing its Global Network for AI Traffic
Sep 12th 2024 11:45am, by Joab Jackson
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by Lily Ma and David Justo
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
WebAssembly and Kubernetes Go Better Together: Matt Butcher
May 22nd 2024 2:00pm, by Raghavan "Rags" Srinivas
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Linux: Create System Backups With rsnapshot
Oct 12th 2024 7:00am, by Jack Wallen
Kubernetes Advances Cloud Native Data Protection: Share Feedback
Oct 9th 2024 7:00am, by Mark Lavi
Redis Users Want a Change
Oct 2nd 2024 9:00am, by Aleksandra Mitroshkina
Linux: Recover Files From a Machine That Won't Boot
Sep 29th 2024 6:00am, by Jack Wallen
Columnar Storage: A Developer’s Key to Real-Time Analytics
Sep 27th 2024 7:00am, by Steph Rogers
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
Deno 2.0, Angular Updates, Anthropic for Devs, and More
Oct 12th 2024 8:00am, by
Atlassian’s New AI Product Gives Developers Access to Agents
Oct 10th 2024 1:00pm, by
OSI Finalizes a ‘Humble’ First Definition of Open Source AI
Oct 10th 2024 12:00pm, by
Agents Shift GenAI From Order Takers to Collaborators
Oct 10th 2024 9:00am, by
How AI Agents Are About To Change Your Digital Life
Oct 10th 2024 6:16am, by
AI Agents and Copilots: SAP Introduces Deeper Integrations
Oct 9th 2024 9:12am, by
PDFs Get an Easier Entry to GenAI via New RAG Architecture
Oct 8th 2024 6:27am, by
Mix Human Expertise With LLM Assistance for Easier Coding
Oct 7th 2024 8:00am, by
Microsoft Sees Devs Embracing a ‘Paradigm Shift’ to GenAIOps
Oct 4th 2024 8:28am, by
Build an AI-Powered Question-Answering Application
Oct 3rd 2024 2:00pm, by
Deno 2.0, Angular Updates, Anthropic for Devs, and More
Oct 12th 2024 8:00am, by
How Microsoft Edge Is Replacing React With Web Components
Oct 11th 2024 11:00am, by
JavaScript Due for New Time, Date and Set Features Next Year
Oct 9th 2024 8:19am, by
OpenAI Launches New ChatGPT Interface, Designed for Coding
Oct 5th 2024 7:00am, by
Introduction to Laravel for Ruby on Rails or Django Fans
Oct 5th 2024 5:00am, by
Working With JSON Data in Python
Oct 12th 2024 4:00am, by
How to Install Python 3.13? Use the Interactive Interpreter
Oct 11th 2024 6:36am, by
Atlassian’s New AI Product Gives Developers Access to Agents
Oct 10th 2024 1:00pm, by
How To Work With Date and Time in Python
Oct 10th 2024 7:14am, by
Rust's Expanding Horizons: Memory Safe and Lightning Fast
Oct 10th 2024 5:00am, by
API Gateway Checklist: How Strong Is Your API's Front Door?
Oct 8th 2024 8:45am, by
AI for APIs: Techniques for AI-Assisted SDK Generation
Oct 6th 2024 5:00am, by
Zen and the Art (and Science) of API Development
Oct 3rd 2024 7:00am, by
How To Strengthen API Security With Zero Trust
Oct 2nd 2024 10:00am, by
OpenAI's Realtime API Takes a Bow
Oct 1st 2024 9:05pm, by
Working With JSON Data in Python
Oct 12th 2024 4:00am, by
How to Install Python 3.13? Use the Interactive Interpreter
Oct 11th 2024 6:36am, by
How To Work With Date and Time in Python
Oct 10th 2024 7:14am, by
Python 3.13: Blazing New Trails in Performance and Scale
Oct 7th 2024 11:21am, by and
Handling Edge Cases and Exceptions in Python
Sep 28th 2024 5:00am, by
Deno 2.0, Angular Updates, Anthropic for Devs, and More
Oct 12th 2024 8:00am, by
How Microsoft Edge Is Replacing React With Web Components
Oct 11th 2024 11:00am, by
JavaScript Due for New Time, Date and Set Features Next Year
Oct 9th 2024 8:19am, by
Mix Human Expertise With LLM Assistance for Easier Coding
Oct 7th 2024 8:00am, by
OpenAI Launches New ChatGPT Interface, Designed for Coding
Oct 5th 2024 7:00am, by
Configure Microservices in NestJS: A Beginner’s Guide
Oct 11th 2024 12:00pm, by
Why ChatGPT Shifted From Next.js To Remix: Some Theories
Sep 14th 2024 8:05am, by
Is React Now a Full Stack Framework? And Other Dev News
Aug 31st 2024 5:00am, by
Implementing IAM in NestJS: The Essential Guide
Aug 30th 2024 6:26am, by
TypeScript 5.5: Faster, Smarter and More Powerful
Jun 25th 2024 6:41am, by
Traefik 3.0 Works Better With WebAssembly and OpenTelemetry
Sep 17th 2024 1:30pm, by
Arcjet Launches: Wasm-Powered Security for Modern Developers
Sep 10th 2024 2:05pm, by
Golang for WebAssembly Can Now Work Like IT Should
Aug 9th 2024 9:00am, by
How To Run WebAssembly on Kubernetes
Jul 28th 2024 10:00am, by
Chicory: Write to WebAssembly, Overcome JVM Shortcomings 
Jul 19th 2024 12:33pm, by
How to Ensure Cloud Native Architectures Are Resilient and Secure
Oct 12th 2024 10:00am, by
AWS Adds Support, Drops Prices, for Redis-Forked Valkey
Oct 10th 2024 1:41pm, by
Start Securing Decentralized Clouds With Confidential VMs
Oct 10th 2024 10:00am, by
3 Key Practices for Perfecting Cloud Native Architecture
Sep 24th 2024 10:00am, by
AWS Transfers OpenSearch to the Linux Foundation
Sep 17th 2024 12:33pm, by
Kubernetes Advances Cloud Native Data Protection: Share Feedback
Oct 9th 2024 7:00am, by
How to Handle Bad Data in Event Streams
Oct 8th 2024 11:00am, by
Unlock GA4 Insights: BigQuery SQL Recipes for Key Metrics
Oct 8th 2024 10:00am, by
With WarpStream, Confluent Got a New Type of Kafka Platform
Oct 1st 2024 7:11am, by
OpenAI Structured Outputs: How-To Guide for Developers
Sep 27th 2024 9:00am, by
How to Ensure Cloud Native Architectures Are Resilient and Secure
Oct 12th 2024 10:00am, by
Ubuntu Linux: Install the Suricata Intrusion Detection System
Oct 12th 2024 9:00am, by
Runtime Context: Missing Piece in Kubernetes Security
Oct 11th 2024 7:30am, by
Start Securing Decentralized Clouds With Confidential VMs
Oct 10th 2024 10:00am, by
API Gateway Checklist: How Strong Is Your API's Front Door?
Oct 8th 2024 8:45am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
Building an Internal Developer Platform: 4 Essential Pillars
Oct 7th 2024 6:21am, by Ritesh Patel
Microsoft Taking Up the Mantra of Platform Engineering
Oct 4th 2024 7:23am, by Todd R. Weiss
How to Build an Internal Developer Platform Like a Product
Sep 23rd 2024 10:57am, by Jennifer Riggins
Platform Engineering Reshapes Software Dev at Bechtle
Sep 4th 2024 6:00am, by Todd R. Weiss
Build Platform Engineering as a Product for Dev Adoption
Sep 2nd 2024 6:00am, by Todd R. Weiss
Linux: Create System Backups With rsnapshot
Oct 12th 2024 7:00am, by Jack Wallen
eBPF Is Coming for Windows
Oct 11th 2024 9:00am, by Joab Jackson
Buildkite Expands Scale-Out Continuous Delivery Platform
Oct 9th 2024 1:22pm, by Joab Jackson
NGINX One Console: Not for Experts Only
Oct 4th 2024 12:39pm, by B. Cameron Gain
SSHamble: Test Your Servers for Potential SSH Issues
Oct 4th 2024 9:00am, by Jack Wallen
How the Argo Project Is Avoiding WordPress-Type Problems
Oct 4th 2024 11:00am, by Dan Garfield
Implement Third-Party Authentication With Google in Next.js
Oct 4th 2024 9:00am, by Vinod Pal
End of the Road for JavaFX in JDK 8: Keeping Your Apps Alive
Oct 3rd 2024 1:00pm, by Frank Delporte
How Generative AI Is Revolutionizing Debugging
Sep 25th 2024 8:30am, by Eran Kinsbruner
Stop Blaming Regulation for Poor Software Delivery Performance
Sep 24th 2024 12:00pm, by Steve Fenton
It's Critical To Resolve the DevOps Tax on Central Teams
Oct 6th 2024 10:00am, by Travis McPeak
Developer Relations Relies on Authenticity and Trust
Oct 5th 2024 10:00am, by Sarah Guthals
Developer Relations Foundation Aims to Clarify Role
Oct 2nd 2024 12:00pm, by Loraine Lawson
What a CTO Learned at Nvidia About Managing Engineers
Sep 26th 2024 9:20am, by Heather Joslyn
Kelsey Hightower on What’s Next for Developers After GenAI
Sep 17th 2024 11:30am, by Joe Fay
Zorin OS: The Perfect Linux Distro for Migrating From Windows
Oct 5th 2024 8:00am, by Jack Wallen
Lost 1983 Programming Language Resurrected by Retro Compute YouTube Channel
Oct 5th 2024 6:00am, by David Cassel
Developer Relations Foundation Aims to Clarify Role
Oct 2nd 2024 12:00pm, by Loraine Lawson
Social Web Foundation Launched — How In Is W3C on Fediverse?
Sep 24th 2024 6:00am, by Richard MacManus
How To Find Success With Code Reviews
Sep 19th 2024 5:00am, by Loraine Lawson
Building an Internal Developer Platform: 4 Essential Pillars
Oct 7th 2024 6:21am, by Ritesh Patel
It's Critical To Resolve the DevOps Tax on Central Teams
Oct 6th 2024 10:00am, by Travis McPeak
Developer Relations Relies on Authenticity and Trust
Oct 5th 2024 10:00am, by Sarah Guthals
Open Source Supply Chains Can Fix Your Dependency Headaches
Oct 3rd 2024 10:00am, by Sam Snyder
The 4 Evolutions of Your Observability Journey
Oct 3rd 2024 9:00am, by Hazel Weakly
Deploy Kubernetes Behind Firewalls Using These Techniques
Oct 11th 2024 10:00am, by Mohan Sitaram
Runtime Context: Missing Piece in Kubernetes Security
Oct 11th 2024 7:30am, by Oshrat Nir
Kubernetes Advances Cloud Native Data Protection: Share Feedback
Oct 9th 2024 7:00am, by Mark Lavi
How Nvidia Scaled Its Cloud Services With KubeVirt
Oct 4th 2024 6:18am, by Jonathan Gershater
Is Kubernetes Green?
Oct 2nd 2024 8:24am, by Anne Currie
OpenTelemetry Challenges: Handling Long-Running Spans
Oct 10th 2024 11:00am, by Hazel Weakly
Unlock GA4 Insights: BigQuery SQL Recipes for Key Metrics
Oct 8th 2024 10:00am, by Kevin Leary
Key Trends Shaping the Observability Market
Oct 4th 2024 8:00am, by Krishna Yadappanavar
The 4 Evolutions of Your Observability Journey
Oct 3rd 2024 9:00am, by Hazel Weakly
Why Grafana Offers $100,000 to Startups for Observability
Sep 28th 2024 4:00am, by B. Cameron Gain
Tetrate, Bloomberg Collaborate on Envoy-Based AI Gateways
Oct 7th 2024 2:00pm, by Steven J. Vaughan-Nichols
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Can Cilium Be a Control Plane Beyond Kubernetes?
Jul 28th 2024 6:00am, by Alex Williams
6 Tips to Integrate Container Orchestration and APM Tools
May 20th 2024 11:03am, by Chris Cooney
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Cloud Native Ecosystem / Cloud Services / Security

How to Ensure Cloud Native Architectures Are Resilient and Secure

The rush to prioritize agility and scalability often leaves security as an afterthought.
Oct 12th, 2024 10:00am by
Featued image for: How to Ensure Cloud Native Architectures Are Resilient and Secure
Photo by Collin on Unsplash.

Organizations are racing to innovate and scale with cloud native technologies in today’s fast-paced digital landscape. But in my experience, this rush often comes at a cost — especially regarding security. In a recent project with a financial services company, I saw firsthand how prioritizing speed over security exposed critical vulnerabilities.

At first glance, the company I worked with seemed like a cloud native success story: microservices spread across multiple regions, fully automated pipelines, and frequent feature releases. However, during a security audit, we discovered a severe vulnerability in how their APIs communicated, which put the entire system at risk. The team implemented broad API access controls to simplify scaling, which unintentionally created a significant security gap. With just one service compromised, an attacker could move laterally through the system, potentially accessing sensitive financial data.

In my experience, API vulnerabilities are becoming a common entry point for attackers, leading to many of the data breaches we see today. A 2023 Salt Labs report showed that 94% of organizations faced API security issues last year, mainly due to misconfigurations and poor visibility. These statistics underscore the significant risks that insecure APIs pose to businesses. Gartner predicts that by 2025, nearly half of enterprise APIs could go unmanaged, creating significant security gaps. As companies focus on speed and growth, security often gets left behind.

Microservices: Added Flexibility, Added Risk

Microservices offer flexibility and faster updates but also introduce complexity — and more risk. In this case, the company had split its platform into dozens of microservices, handling everything from user authentication to transaction processing. While this made scaling more accessible, it also increased the potential for security vulnerabilities. With so many moving parts, monitoring API traffic became a significant challenge, and critical vulnerabilities went unnoticed.

Without proper oversight, these blind spots could quickly become significant entry points for attackers.

Unmanaged APIs could create serious vulnerabilities in the future. If these gaps aren’t addressed, companies could face major threats within a few years.

Why Automation Alone Won’t Secure Your APIs

Automation helped the company release features quickly by scanning code and dependencies for security issues. Although automation worked initially, it overlooked more significant problems, such as overly broad API settings. Overreliance on automation led the team to overlook more profound design flaws. Although the automated tools caught more minor code issues, they failed to detect system-wide vulnerabilities.

I’ve noticed this issue increasing in cloud native setups. Teams often lean too much on automation without realizing these tools can miss subtle but critical issues, like overly broad API permissions or configuration shifts. While automation is crucial for speed, it’s not enough. Manual reviews and regular audits are essential to catching architectural flaws that automation might miss.

How We Fixed the Problem: Building for Resilience

Once we identified the vulnerabilities, it was clear the architecture needed more than a quick fix — it required a complete overhaul. Here’s how we addressed the issues:

  • Enforced Least Privilege for APIs: We reviewed all API interactions and reconfigured access controls to follow the least privilege principle. Each microservice was granted only the needed access, significantly reducing the attack surface.
  • Hardened Access Control Policies: Wide access controls were tightened, ensuring each service had only the necessary permissions. This reduced internal and external threats and created a more transparent audit trail.
  • Combined Automation with Manual Audits: While automation remained an essential tool, we added manual audits during critical points in development and deployment. These manual checks helped us uncover misconfigurations and design weaknesses that automation had missed.
  • Implemented a Service Mesh: To tighten up security between services, we implemented a service mesh, which gave us much better control over how APIs interact and, crucially, helped us keep a closer eye on communication patterns. Even if one service was compromised, the service mesh prevented lateral movement, minimizing damage.
  • Adopted Chaos Engineering: We used chaos engineering principles to stress-test the architecture, simulating failures and attacks. This helped us identify and fix weak points before they could be exploited.

Key Takeaways for Cloud Native Teams

The lessons from this project apply broadly to any organization using cloud native architectures. Here’s what you can do to protect your infrastructure:

  • Regularly Audit APIs: Ensure all API interactions follow the least privilege principle. Broad permissions create serious vulnerabilities, especially in microservice environments.
  • Harden Access Control Policies: Review and tighten access controls frequently to reduce risks. Regular audits are essential for catching overly broad permissions.
  • Combine Automation with Manual Audits: Automation is vital for speed, but manual reviews can catch more profound architectural flaws. Schedule regular audits to uncover misconfigurations and design issues.
  • Leverage a Service Mesh for API Security: A service mesh allows for tighter control over service-to-service communication and better visibility into API interactions.
  • Embrace Chaos Engineering: Stress-test your architecture by simulating failures and attacks to find weaknesses before they become critical.

Conclusion: Speed Without Security Is a Recipe for Disaster

As companies increasingly embrace cloud native technologies, the rush to prioritize agility and scalability often leaves security as an afterthought. But that trade-off isn’t sustainable. By 2025, unmanaged APIs could expose organizations to significant breaches unless proper controls are implemented today.

Your choices will determine whether your systems can withstand tomorrow’s threats. Don’t let the drive for speed and innovation become a security disaster. Resilience and security are just as important as agility.

TRENDING STORIES
Group Created with Sketch.
Akhil Mittal is a cybersecurity thought leader with extensive experience in application security, cloud security, AI, and DevSecOps. Certified in CISSP and CCSP, he is known for driving strategic security initiatives and contributing to industry best practices as an IEEE...
Read more from Akhil Mittal
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Control.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.