Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.
The Hidden Importance of Machine Identities in Cloud Native Security
February 05, 2024
A competitive edge in today's on-demand, software-first economy can be quantified in terms of weeks, days, or even hours. Quickness prevails. In order to have a competitive edge, companies today must innovate and move fast, and in high-pressure times, security and developer teams need to work together quickly and efficiently to protect their organizations.
The field of cloud native development is rapidly evolving, but during this shift to modern environments such as Kubernetes, many DevOps teams are putting security on the back burner in a rush to move to cloud native environments. This is opening the door to a wide array of new security risks and numerous opportunities for unscrupulous cybercriminals — and machine identities are a prime example of this. The number of machine identities used by organizations has continued to increase year over year, creating an ever-growing security risk that cybercriminals are looking to exploit.
According to a 2023 Venafi survey, 84% of security and IT leaders anticipate that Kubernetes will soon be the primary platform used to construct all applications as cloud native development is becoming increasingly popular and Kubernetes has become the de facto norm. However, 75% think that the speed and complexity of cloud native development introduce new security blind spots.
The actual move to cloud native environments comes with its own set of challenges and risks, and many development teams fail to take the time to properly and safely transition their data and applications. While 87% of security and IT leaders have started to move legacy applications to the cloud, many did not optimize for cloud native. More than half (53%) simply did a lift and shift to the cloud with most application code remaining the same.
Developers are more likely to prioritize speed above security when given the option, with 68% of security and IT leaders concerned that developers may not always utilize certificates since issuing them causes additional friction in development processes. Since code signing slows down development, over half (47%) of security and IT officials acknowledge they do not require it for artifacts.
So what role does machine identity management play in the rapid corporate transition to a cloud native environment? Machine identities are the cornerstone of cloud native security since they secure all connections and facilitate authentication and authorization for workloads within and across clusters. However, if machine identities are not readily accessible throughout the development process, developers could be tempted to circumvent the proper use of machine identities by taking security shortcuts and creating workarounds. This can often lead to security teams not having the right visibility into how machine identities are fulfilled, potentially risking CA compromise especially when workloads are signed with a CA that is bootstrapped without proper controls and governance.
Among security and IT leaders, 88% believe that machine identity management is key to the success of zero trust models, but 74% of security and IT leaders worry that developers are challenged with several conflicting priorities — meaning security is not always top of mind. To address this challenge, developer teams need to work together with security teams to make security a priority. Key to this is managing all machine identities across their org — which can only be done effectively through the two teams working together.
Machine identities are paramount to securing cloud native resources and sensitive microservices that are accessible from anywhere on the Internet. Organizations must identify a wide array of cloud native machines, such as containers, microservices, DevOps artifacts, API connections, and more, to properly implement the newest technological advancements. All these networked cloud native computers need to be able to quickly authenticate themselves to one another to function securely. Balancing security and the need to keep up with the rapid pace of innovation today is critical to ensuring that organizations do not become vulnerable to a growing number of cybersecurity threats.
Industry News
May 01, 2025
May 01, 2025
Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.
May 01, 2025
Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.
May 01, 2025
Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.
April 30, 2025
Check Point® Software Technologies Ltd.(link is external) launched its inaugural AI Security Report(link is external) at RSA Conference 2025.
April 30, 2025
Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.
April 30, 2025
Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.
April 29, 2025
vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.
April 29, 2025
Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.
April 29, 2025
Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.
April 29, 2025
Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).
April 28, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.
April 28, 2025
SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.
April 28, 2025
Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.
April 24, 2025
Check Point® Software Technologies Ltd.(link is external) and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.
