#Cloud-Native Technology Drives Evolution of Security Strategies

A transition to cloud-native technologies is significantly transforming how enterprises develop applications and manage security. Insights shared at a recent conference reveal that modern architectures enable organizations to operate with minimal physical infrastructure and streamlined IT and security teams. The adoption of cloud-native technology enhances organizational agility, facilitating the acquisition and retention of skilled developers.

Jonathan Leigh, Engineering Director at Moneybox—a UK-based fintech providing savings and investment services—highlighted that his company operates entirely on cloud infrastructure, primarily utilizing Microsoft Azure with Cloudflare for connectivity and security. By outsourcing infrastructure complexities to industry-leading providers, Moneybox remains agile and minimizes risk and cost, which has eliminated the need for extensive infrastructure teams. Remarkably, during its first six years, the company functioned without infrastructure engineers, allowing developers to access necessary IT assets directly from the cloud.

This cloud-only approach not only fosters flexibility within the workforce but also ensures consistent, secure connectivity—whether employees are in the office or working remotely across the UK and Europe.

Automation emerges as a foundational principle in this new environment. At Vodafone, for instance, cloud-native operations enable the development team to concentrate on delivering customer services instead of infrastructure management. Chief Cloud Product Officer Alfie Dienn describes their setup as a comprehensive “telecoms-as-a-service,” incorporating everything from servers to Kubernetes clusters. This initiative prioritizes automation by shifting configurations from manual processes to cloud deployments.

Vodafone adopts infrastructure-as-code (IaC) techniques, using Terraform as the management instrument, which not only boosts productivity but also reinforces security protocols. By establishing standard templates, Vodafone ensures that any new infrastructure adheres to company-wide security and policy standards, minimizing discrepancies while integrating security-critical functions like web application firewalls and databases.

In addition to embedding security within their architectures, panelists discussed leveraging cloud resources to safeguard their daily operations. Christian Reilly, EMEA Field CTO at Cloudflare, pointed out that the company manages approximately 20% of global internet traffic, providing valuable insights into internet operation and threat detection. Notably, the financial sector remains the most attacked industry globally.

Leigh from Moneybox acknowledged facing “sustained attacks,” including incidents of password stuffing, especially as customer popularity grew. To mitigate these threats, Moneybox adopted technology from Cloudflare that analyzes and identifies attackers based on fingerprints rather than relying solely on IP addresses. Implementing this solution greatly improved their defense mechanisms overnight.

However, the panel agreed that security threats will continue to evolve, particularly due to advancements in artificial intelligence. Dienn noted the application of AI within their platforms, emphasizing the need to generate capabilities that integrate with large language models, thereby automating processes at scale.

Looking ahead, organizations like Vodafone plan to select security and technology vendors based on the maturity of their automation practices, ensuring they remain responsive and resilient in the face of an ever-changing threat landscape.