Journal of Cybersecurity and Privacy (Oct 2023)

Security in Cloud-Native Services: A Survey

  • Theodoros Theodoropoulos,
  • Luis Rosa,
  • Chafika Benzaid,
  • Peter Gray,
  • Eduard Marin,
  • Antonios Makris,
  • Luis Cordeiro,
  • Ferran Diego,
  • Pavel Sorokin,
  • Marco Di Girolamo,
  • Paolo Barone,
  • Tarik Taleb,
  • Konstantinos Tserpes

DOI
https://doi.org/10.3390/jcp3040034
Journal volume & issue
Vol. 3, no. 4
pp. 758 – 793

Abstract

Read online

Cloud-native services face unique cybersecurity challenges due to their distributed infrastructure. They are susceptible to various threats like malware, DDoS attacks, and Man-in-the-Middle (MITM) attacks. Additionally, these services often process sensitive data that must be protected from unauthorized access. On top of that, the dynamic and scalable nature of cloud-native services makes it difficult to maintain consistent security, as deploying new instances and infrastructure introduces new vulnerabilities. To address these challenges, efficient security solutions are needed to mitigate potential threats while aligning with the characteristics of cloud-native services. Despite the abundance of works focusing on security aspects in the cloud, there has been a notable lack of research that is focused on the security of cloud-native services. To address this gap, this work is the first survey that is dedicated to exploring security in cloud-native services. This work aims to provide a comprehensive investigation of the aspects, features, and solutions that are associated with security in cloud-native services. It serves as a uniquely structured mapping study that maps the key aspects to the corresponding features, and these features to numerous contemporary solutions. Furthermore, it includes the identification of various candidate open-source technologies that are capable of supporting the realization of each explored solution. Finally, it showcases how these solutions can work together in order to establish each corresponding feature. The insights and findings of this work can be used by cybersecurity professionals, such as developers and researchers, to enhance the security of cloud-native services.

Keywords