OWASP Cloud-Native Security Project

What is Cloud-Native?

According to the Linux Foundation:

“Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.”

Although there is no consensus of its definition, we can outline that Cloud Native is a development and deployment methodology, in which applications are built as microservices and orchestrated as containers to take advantage of the cloud computing model. The term Cloud can be confusing as some may assume the strict necessity to deploy this type of software in a Cloud Provider, but as a matter of fact, the where question is not the most relevant, although many organizations will aim to do so. If the applications are designed as loosely coupled systems, optimized for scalability and performance, and managed through container orchestration, they are cloud-native.

The OWASP Cloud-Native Security Projects

Purpose

Since the idea of Cloud-Native is relatively new, there are not enough knowledge sources about its security aspects. The size and width of this topic just make the knowledge gap even greater. This project will try to bridge that gap by aggregating new and existing initiatives, under the same Cloud-Native Security roof.

Roadmap

The roadmap will be clearer as more initiatives will be added. The first steps would be to create a Cloud-Native FAQ, and a sample Cloud-Native application skeleton, in order to create a baseline of common language and knowledge.

Licensing

The OWASP API Security Project documents are free to use! The OWASP API Security Project is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.