Tricentis unveiled its vision for the future of AI-powered quality engineering, a unified AI workspace and agentic ecosystem that brings together Tricentis’ portfolio of AI agents, Model Context Protocol (MCP) servers and AI platform services, creating a centralized hub for managing quality at the speed and scale of modern innovation.
Cloud-Native Threats, Legacy Defenses: The Hybrid Security Dilemma
September 22, 2025
Not long ago, "security" meant building walls — firewalls, intrusion detection, access control lists. While those tools aren't dead, they're not enough. Cloud-native systems don't care about your perimeter, and one misconfigured API or overly generous IAM role is all it takes. The rules have changed, and if your security game hasn't, you're already behind.
The New Breed of Threats: What "Cloud-Native" Really Means for Security
Gone are the days when a strong network perimeter was sufficient. What catches most teams off guard isn't the attack itself; it's the misalignment between tooling and architecture.
Ephemeral Workloads & Dynamic Architectures
If you've ever watched a serverless function vanish before you could even finish debugging it, you'll know that these workloads challenge the very notion of a secure perimeter. The traditional concept of a fixed "endpoint" or "server" is obsolete.
API-Driven Attacks
Threat actors actively target insecure APIs to exploit OWASP-documented flaws like broken authentication, excessive data exposure, a lack of rate limiting, and schema validation gaps.
Supply Chain Vulnerabilities
Automated CI/CD pipelines and vast ecosystems of open-source components and container images create an optimal foundation for supply chain attacks. Attackers have successfully used techniques like dependency confusion to upload malicious packages to public registries that mimic internal libraries. Or, they can inject code into a popular dependency or compromised build system, spreading vulnerabilities across numerous applications before they even reach production.
Identity as the New Perimeter
IAM misconfigurations, weak authentication, and compromised credentials are now primary attack vectors, enabling lateral movement across cloud resources. It isn't limited to human users; service-to-service IAM (e.g., IAM roles for AWS Lambda functions and Google Cloud's GKE Workload Identity) is an at-risk attack vector.
Misconfigurations as the Primary Risk
Attackers aren't after complex zero-days; they're banking on simple mistakes. The sheer complexity and vast number of configurable services in cloud environments mean implementation errors like publicly exposed storage buckets (e.g., Amazon S3 buckets) and insecure default settings open direct pathways for attackers.
Why Legacy Defenses Are the Outdated Arsenal
While cloud-native architectures have transformed the threat landscape, many organizations still rely on legacy defenses designed for static, perimeter-based environments.
Traditional firewalls, built to monitor "north-south" traffic, are poorly suited to modern "east-west" communication between microservices, containers, and serverless functions. These tools depend on static rules and signature-based detection, approaches that struggle with the ephemeral nature of cloud workloads and zero-day threats.
Manual policy updates can't keep pace with dynamic infrastructure, often resulting in either overly permissive rules that expose systems or overly restrictive ones that block essential workflows. Piling on disconnected tools only exacerbates the problem, leading to tool sprawl and blind spots.
Force-fitting these legacy tools onto cloud-native problems is far from the right path forward. Deploying multiple disconnected security solutions creates a lack of visibility that leaves fatigued security teams struggling.
The Hybrid Security Dilemma: 4 Strategies for Bridging the Gap
Bridging the gap requires a strategic shift from fragmented defenses to an integrated and proactive approach to hybrid cloud security.
1. Adopting Cloud-Native Application Protection Platforms (CNAPP)
CNAPPs consolidate capabilities that often came from historically separate toolsets, like Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP). CSPM tools traditionally focused on identifying configuration risks across your cloud infrastructure. CWPP, on the other hand, specializes in protecting runtime workloads.
This consolidation into one unified platform provides a holistic view of your organization's security posture across your hybrid cloud, from code to runtime. The visibility enables automated remediation and "shift-left" security integration directly into the CI/CD pipeline, catching misconfigurations before deployment.
2. Implementing Zero Trust Principles Across Hybrid Boundaries
The "never trust, always verify" philosophy is about ensuring access controls work across all environments: cloud, on-prem, or otherwise. Identity becomes the primary control plane, guaranteeing authentication and authorization regardless of location or network segment.
Crucially, zero trust is not solely identity-driven. Robust network segmentation, often achieved through microsegmentation or Software-Defined Perimeters (SDP), is vital for isolating workloads and limiting lateral movement. Other best practices include:
■ Enforce least privilege with attribute-based access controls (ABAC).
■ Rotate credentials automatically using secrets managers and automated platforms.
■ Detect anomalies with identity threat detection and response (ITDR) tools.
3. Evolving Firewall Capabilities
Next-Generation Firewalls (NGFWs), especially those that are cloud-native and virtualized, are evolving to inspect east-west traffic within cloud environments. Traditional endpoint agents can't monitor containers that spin up and die in 20 seconds. Instead, modern tools rely on sidecar patterns or daemonsets to monitor runtime behavior.
NGTWs integrate with cloud provider services (like AWS Security Groups or Azure NSGs) and support dynamic, identity-based rules. Web Application Firewalls (WAFs) and are both examples of this, which are crucial for protecting cloud-native applications and their extensive API surface.
4. Automated Detection and Response
Leveraging AI and ML for anomaly detection, coupled with Security Orchestration, Automation, and Response (SOAR) platforms, allows for rapid, automated response actions that can keep hybrid cloud threats in check. From quarantining compromised workloads to updating security policies in real time, automation detects lateral movement and isolates compromised containers in real time.
What Comes Next for Cloud-Native Security?
With the right tools and strategies, security teams can identify the mismatch between legacy defenses and cloud-native threats. Blending old and new challenges conventional security wisdom, but it is the way forward for building resilient, adaptive security frameworks.
Industry News
October 14, 2025
Kong announced new support to help enterprises adopt and scale MCP and agentic AI development.
October 14, 2025
Copado unveiled new updates to its Intelligent DevOps Platform for Salesforce, bringing AI-powered automation, Org Intelligence™, and a new Model Context Protocol (MCP) integration framework that connects enterprise systems and grounds AI agents in live context without silos or duplication.
October 09, 2025
Xray announced the launch of AI-powered testing capabilities, a new suite of human-in-the-loop intelligence features powered by the Sembi IQ platform.
October 09, 2025
Redis announced the acquisition of Featureform, a framework for managing, defining, and orchestrating structured data signals.
October 09, 2025
CleanStart announced the expansion of its Docker Hub community of free vulnerability-free container images, surpassing 50 images, each refreshed daily to give developers access to current container builds.
October 08, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Knative, a serverless, event-driven application layer on top of Kubernetes.
October 08, 2025
Sonatype announced the launch of Nexus Repository available in the cloud, the fully managed SaaS version of its artifact repository manager.
October 08, 2025
Spacelift announced Spacelift Intent, a new agentic, open source deployment model that enables the provisioning of cloud infrastructure through natural language without needing to write or maintain HCL.
October 07, 2025
IBM announced a strategic partnership to accelerate the development of enterprise-ready AI by infusing Anthropic’s Claude, one of the world’s most powerful family of large language models (LLMs), into IBM’s software portfolio to deliver measurable productivity gains, while building security, governance, and cost controls directly into the lifecycle of software development.
October 07, 2025
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced its intent to launch the React Foundation.
October 07, 2025
Appvance announced a new feature in its AIQ platform: automatic generation of API test data and scripts directly from OpenAPI specifications using generative AI.
October 06, 2025
Mirantis announced availability of Mirantis OpenStack for Kubernetes (MOSK) 25.2 that simplifies cloud operations and strengthens support for GPU-intensive AI workloads as well as traditional enterprise applications.
October 06, 2025
Cycloid released a new model context protocol (MCP) compliant server that can undertake a range of platform actions, allowing users to interact with the MCP using natural language via an LLM (Large Language Model).
October 06, 2025
The Adaptavist Group announced the acquisition of D|OPS Digital, a DevSecOps consultancy that increases the efficiency and speed of software delivery.
