By Pujun Xie (p-se@edu.hse.ru)

Cloud native [1] is a concept of application architecture that emphasizes the close integration of application design, deployment, and management with the cloud computing environment. It is not just about simply migrating applications to the cloud, but about rethinking and designing applications with the advantages of cloud computing to adapt to the dynamic, elastic and distributed cloud environment.

Cloud native representative technologies include container, serverless, service mesh, microservices, immutable infrastructure, and declarative API, which can build software systems that are loosely coupled, automation, fault-tolerant, easy to observe, easy to manage, and easy to expand. However, while cloud native changing the design, development, and operation mode of cloud applications, it also brings new security requirements and risks. Containerization technology becomes a main source of risks input in cloud native environment, microservices lead to exponential growth of interactive ports between applications, serverless and service mesh bring high flexibility but also huge hidden dangers to safety management.

As cloud native environments are dynamic, containerization, and microservices-based, traditional perimeter security strategies are no longer fully adaptable. Zero trust security [2,3] is a security strategy that is different from the previous perimeter security. It does not trust any behaviors in the network and always verifies and continuously monitors it. This more granular and flexible security policy is better suited to complexity and scalability of cloud native environments.

This survey will firstly introduce security critical areas and risks in cloud native. Then we will summarize some common security strategies in cloud native architecture. At last, we will introduce zero trust model and its application on cloud native architecture.

In this section, we will briefly summarize the common security risks in cloud native. These security risks of cloud-native architecture are different from the risks of traditional software architecture. So they bring many new risks to cloud-native architecture [4,5]. The main risks in the cloud native environment are folllowing:

• Untrusted image source: The image source used may contain malicious code or vulnerabilities. The reliability of the image source must be ensured.
• Unverified image content: The software packages in the image may contain known security vulnerabilities. The image content must be verified using security scanning tools.
• Image contain sensitive information: The image may contain sensitive information (passwords, keys, etc.). It is necessary to ensure that the information is properly removed when building the image.

• Excessive container permissions: The container may have excessive permissions. It may allow applications in the container to access and modify resources of other containers or the host, such as container escape and privilege escalation.
• Insufficient container resource restrictions: The container may not have sufficient resource restrictions. This will cause the application in the container to be attacked by denial of service and exhaust host resources.
• Insufficient container network isolation: There may be unauthorized network access between containers. This will result in data leakage or attacks.

• Unencrypted communication between services: Communication between services may not be encrypted. This will result in data stolen or data tampered during transmission.
• Insufficient authentication and authorization between services: Unauthenticated or unauthorized access may exist between services. This will result in data leakage or service attacks.
• Insecurity service discovery process: The service discovery process may not be encrypted or authenticated. This will allow attackers to hijack the service discovery process and attack the service.

• Data plane proxy vulnerabilities: Data plane proxy may have security vulnerabilities. This will allow attackers to hijack or tamper with data in inter service communication.
• Control plane vulnerabilities: The control plane may have security vulnerabilities. This will allow attackers to access or tamper with the configuration and management functions of the service mesh.
• Traffic hijacking and tampering: Service mesh may have the risk of traffic hijacking and tampering. This will result in the theft or tampering of data in inter service communication.

• Virtual machine vulnerabilities: Virtual machines may have security vulnerabilities. This will allow attackers to perform high risk operations such as escape and privilege escalation.
• Storage vulnerabilities: Storage may have security vulnerabilities. This will result in data leakage or tampering.
• Network vulnerabilities: The network may have security vulnerabilities. This will allow attackers to hijack or tamper with the network traffic of the cloud infrastructure.

In this section, we introduce the security strategies to deal with the risks above. These security strategies can effectively improve the security of the cloud native architecture. The security strategies are following:

• Image scanning: Before deploying the container, perform security scans on the container image to detect potential vulnerabilities.
• Runtime security: Ensure the security of the container runtime environment, such as limiting the resources that the container can access, using kernel security features, etc.
• Container network isolation: Use network policies to limit communication between containers to prevent unauthorized access and data leakage.
• Container log monitoring: Collect and analyze container logs to detect potential security issues and abnormal behaviors.

• Authentication and authorization: Ensure that only authenticated and authorized services can access other services.
• API gateway: Use API gateway to protect microservice interfaces and provide access control, current limiting, circuit breaking and other functions.
• Communication encryption: Use TLS or other encryption protocols to protect data in inter service communication.
• Service monitoring and log analysis: Collect and analyze service logs and performance indicators to detect potential security issues and abnormal behaviors.

• Data plane security: Use data plane proxies to enforce security policies such as access control, traffic limiting, TLS encryption, etc.
• Control plane security: Protect the control plane of the service mesh, such as limiting access to management APIs, using authentication and authorization, etc.
• Security monitoring and alerting: Collect and analyze service mesh logs and performance metrics to detect potential security issues and abnormal behaviors.

• Virtual machine security: Ensure that the operating system and application patches of the virtual machine are updated in time. Use firewalls and other security tools to protect the virtual machine.
• Storage security: Use encryption and access control to protect the security of stored data.
• Network security: Use VPC, subnets, security groups to isolate cloud resources and implement access control policies.

Zero trust [2,3] is an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users and resources. It assumes no implicit trust granted to user accounts or endpoints based solely on their physical or network location or ownership. Instead, it emphasizes a set of security primitives that require continuous verification and authorization. Besides, it operates on the principle of “Never trust, always verify.” It means that every attempt to access the network, regardless of its source, must undergo identity verification and context authentication. This model is particularly suited to the dynamic and distributed nature of cloud-native architectures, which require detailed and flexible security.

The zero trust has the following principles:

Identity verification: Verification of identity is the fundamental prerequisite for a zero trust model. It ensures that each user, device, or application possesses a verified identity and is granted access to resources solely on that basis.

Least privilege access: This principle guarantees that entities are granted only the minimal level of access necessary for them to function effectively. Thereby, reduce potential opportunities for abuse of access privileges.

Micro segmentation: Isolation divides a network into distinct segments to prevent the propagation of malicious programs across different parts. Each segment is isolated from the others. It ensures that if one segment is compromised by attackers, they can not transfer to other segments.

Continuous monitoring: Different from relying on traditional periodic audits of users, networks, and systems, zero trust implements continuous monitoring of user activities and system health. This dynamic assessments can enable the timely detection of anomalies before they escalate.

Device access control: Zero trust not only controls user access but also enforces strict device access controls. It monitors access attempts from various devices, ensures authorization, and assesses their security to prevent compromises. So zero trust reduces the attack surface of the network.

In this section, we will introduce some best practice for zero trust model in cloud native architecture. These practices are a good way to implement the principles in the last section. By combining the best practice for zero trust model in cloud native architecture and security strategies in cloud native architecture, we can ensure the security of cloud native architecture to the greatest extent.

Define policies and principles: Develop and obtain comprehensive support for a zero trust security policy, enforce the principle of least privilege, and precisely control access permissions.

Identification of sensitive data and assets: Identify the locations of critical data and assets, and clarify the resources that need to interact with users and devices.

Micro segmentation of networks: Divide the network into segments to reduce the impact scope of potential threats, and customize access policies for each segment.

Strengthen multi factor authentication: Ensure stricter identity verification to increase the difficulty of attacks.

Dynamic access control: Real time adjustment of access permissions based on user behavior, device status, and other contextual information.

Monitoring and logging: Continuously monitor abnormal behaviors and maintain complete log records for subsequent analysis and auditing.

Continuous verification and optimization: Regularly update access control and security settings, and continuously conduct security training and awareness-raising activities.

In this paper, we conduct a survey about network security and zero trust model in cloud native architecture which includes critical areas and risks in cloud native architecture, security strategies in cloud native architecture, and zero trust model for cloud native architecture. This will give readers new understandings to the security risks in the cloud native structure and guide them to ensure the security of the cloud native architecture.

1. Gannon, Dennis, Roger Barga, and Neel Sundaresan. “Cloud-native applications.” IEEE Cloud Computing 4.5 (2017): 16-21.

2. Stafford, V. “Zero trust architecture.” NIST special publication 800 (2020): 207.

3. Chandramouli, Ramaswamy, and Zack Butcher. A zero trust architecture model for access control in cloud-native applications in multi-cloud environments. No. NIST Special Publication (SP) 800-207A. National Institute of Standards and Technology, 2023.

4. Theodoropoulos, Theodoros, et al. “Security in Cloud-Native Services: A Survey.” Journal of Cybersecurity and Privacy 3.4 (2023): 758-793.

5. Basu, Srijita, et al. “Cloud computing security challenges & solutions-A survey.” 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 2018.