{"id":37246,"date":"2026-04-07T10:56:56","date_gmt":"2026-04-07T14:56:56","guid":{"rendered":"https:\/\/www.lpi.org\/articles\/\/"},"modified":"2026-04-07T10:56:56","modified_gmt":"2026-04-07T14:56:56","slug":"devops-tools-introduction-12-cloud-native-security","status":"publish","type":"post","link":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/","title":{"rendered":"DevOps Tools Introduction #12: Cloud Native Security"},"content":{"rendered":"<p>While previous articles in this series have explored application deployment from multiple angles\u2014covering infrastructure, pipelines, and operational practices\u2014security must be understood as a foundational layer that permeates every stage of the lifecycle. This perspective is reflected in the DevOps Tools Engineer exam, which addresses <a href=\"https:\/\/wiki.lpi.org\/wiki\/DevOps_Tools_Engineer_Objectives_V2.0#704.1_Cloud_Native_Security_(weight:_4)\">Cloud Native Security in objective 704.1<\/a>.<\/p>\n<p>This objective focuses on the principles, risks, and mitigation strategies specific to cloud-native environments, including securing containerized applications, managing identities and access in distributed systems, protecting APIs, and understanding the implications of third-party dependencies. The shift toward cloud-native architectures introduces new attack surfaces, dynamic workloads, and complex dependency chains that require a different security mindset.<\/p>\n<p>Rather than treating security as a separate discipline, cloud-native practices emphasize integrating security directly into development and operations workflows\u2014a discipline often referred to as <em><a href=\"https:\/\/www.redhat.com\/en\/topics\/devops\/what-is-devsecops\">DevSecOps<\/a><\/em>. This includes automating security checks in CI\/CD pipelines, continuously scanning for vulnerabilities, enforcing least-privilege access, and ensuring that communication between services is encrypted and authenticated.<\/p>\n<p>Core IT infrastructure components are not only responsible for enabling application deployment, but also play a central role in enforcing security across the entire environment. In modern architectures, security must be embedded into each layer of infrastructure, ensuring that systems are protected by design rather than relying on reactive measures.<\/p>\n<h2>Compute Resources<\/h2>\n<p>Compute resources, such as virtual machines, containers, and serverless functions, represent the execution layer of applications and are therefore a primary target for attacks. Securing these environments involves hardening operating systems, minimizing installed packages, running processes with least privilege, and applying continuous security updates. In containerized environments, additional controls such as runtime isolation and security profiles help prevent privilege escalation and unauthorized access between workloads.<\/p>\n<h2>Networking Components<\/h2>\n<p>Networking components define how systems communicate and are essential for controlling exposure. By implementing network segmentation through virtual private clouds (VPCs) and subnets, organizations can isolate sensitive resources from public access. Firewalls and packet filtering mechanisms enforce strict rules on inbound and outbound traffic, reducing the risk of unauthorized connections. A well-designed network limits lateral movement within the environment and ensures that only explicitly allowed communication paths are possible.<\/p>\n<p>Load balancers and application gateways serve as controlled entry points into the infrastructure. From a security perspective, they are critical for enforcing transport encryption using TLS, protecting against denial of service attacks through rate limiting, and filtering malicious traffic. These components also help abstract internal services, preventing direct exposure of backend systems and reducing the attack surface.<\/p>\n<h2>Storage Systems<\/h2>\n<p>Storage systems, including databases and object storage, must ensure the confidentiality and integrity of data. This is achieved through encryption at rest, strict access control policies, and continuous monitoring of access patterns. Preventing direct public exposure of storage services and implementing fine-grained permissions are key practices to avoid data breaches and unauthorized modifications.<\/p>\n<h2>IAM<\/h2>\n<p>Identity and Access Management (IAM) is one of the most critical components in a secure infrastructure. It governs authentication and authorization, ensuring that users and services have access only to the resources they need. By applying principles such as least privilege and role-based access control, IAM reduces the risk of credential misuse and limits the impact of compromised accounts.<\/p>\n<h2>Security Risks<\/h2>\n<p>Common IT infrastructure security risks arise from the exposure, complexity, and interconnected architectures of modern systems. As environments grow more distributed\u2014spanning cloud providers, containers, APIs, and third-party services\u2014the attack surface expands significantly. Understanding these risks is essential to designing effective mitigation strategies that protect availability, integrity, and confidentiality.<\/p>\n<h3>Exploits of Vulnerabilities in the Environment<\/h3>\n<p>One of the most frequent risks involves service exploits, where attackers take advantage of known vulnerabilities in operating systems, applications, or exposed services. These vulnerabilities are often <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">catalogued<\/a> with <a href=\"https:\/\/www.cve.org\">CVE IDs and scores<\/a>, which help prioritize remediation efforts. The most effective mitigation strategy is to maintain a strong patch management process, ensuring that security updates are applied promptly. Regular vulnerability scanning and continuous monitoring further reduce the window of exposure.<\/p>\n<p>Another common threat is <a href=\"https:\/\/owasp.org\/www-community\/attacks\/Brute_force_attack\">brute force attacks<\/a>, where attackers attempt to guess credentials through repeated login attempts. These attacks can compromise user accounts and lead to broader system access. Mitigation strategies include enforcing strong password policies, implementing rate limits, and adopting<a href=\"https:\/\/en.wikipedia.org\/wiki\/Multi-factor_authentication\"> multi-factor authentication (MFA)<\/a>. Account lockout mechanisms and monitoring login anomalies also play an important role in reducing the effectiveness of these attacks.<\/p>\n<p><a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/glossary\/denial-of-service\/\">Denial of Service (DoS)<\/a> and Distributed Denial of Service (DDoS) attacks aim to overwhelm systems, making services unavailable to legitimate users. These attacks target infrastructure resources such as compute, networking, and application layers. Mitigation involves using load balancers, auto-scaling mechanisms, and traffic filtering solutions such as web application firewalls and application gateways. Rate limiting and traffic shaping help absorb and control malicious spikes in traffic.<\/p>\n<p>Misconfigured network controls are another significant risk. Overly permissive firewall rules or exposed services can allow unauthorized access to internal systems. Proper use of packet filtering, network segmentation, and least-privilege access rules is essential. Designing secure network architectures with isolated subnets and restricted communication paths helps prevent lateral movement within the environment.<\/p>\n<h3>Application-Layer Attacks<\/h3>\n<p>Unsecured APIs also represent a major attack vector. Without proper API authentication, authorization, and rate limiting, attackers can exploit endpoints to access sensitive data or abuse services. Mitigation includes enforcing strong authentication mechanisms, validating input, limiting response verbosity, and applying strict permission controls. Additional protections such as CORS headers and CSRF tokens help prevent cross-origin and request forgery attacks.<\/p>\n<p>Infrastructure is also vulnerable to software-level issues such as buffer overflows, which can lead to arbitrary code execution, and improper handling of errors, such as verbose error reports that expose internal system details. Secure coding practices, input validation, and controlled error handling are essential to mitigate these risks. Regular code reviews and security testing further strengthen defenses.<\/p>\n<p>Application security risks arise from how software is designed, implemented, and exposed to users. Because applications are the primary interface between users and infrastructure, they are among the layers most targeted by attackers. Understanding these risks\u2014and how to mitigate them\u2014is essential for building secure, reliable systems.<\/p>\n<p>One of the most common vulnerabilities in applications is <a href=\"https:\/\/www.w3schools.com\/sql\/sql_injection.asp\">SQL injection<\/a>, where attackers manipulate input fields to execute unintended database queries. This can lead to unauthorized data access, modification, or deletion. The most effective mitigation is the use of parameterized queries or prepared statements, combined with strict input validation. Avoiding dynamic query construction and using ORM frameworks also reduce exposure to this type of attack.<\/p>\n<p>Another widespread issue is <a href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\">cross-site scripting (XSS)<\/a>, where malicious scripts are injected into web pages and executed in the user\u2019s browser. This can compromise user sessions, steal data, or redirect users to malicious sites. Mitigation involves proper output encoding, input sanitization, and the use of security headers such as Content Security Policy (CSP). Ensuring that user-generated content is never directly rendered without validation is critical.<\/p>\n<h3>Supply-Chain Vulnerabilities<\/h3>\n<p>Dependency and supply chain risks have become increasingly relevant. Applications often rely on external libraries and components that may contain vulnerabilities or malicious code.<br \/>\nMonitoring known issues through CVE databases, validating dependencies, and controlling updates are critical practices. Organizations should adopt a proactive approach to dependency management, ensuring that only trusted and verified components are used in production.<\/p>\n<p>Combining these mitigation strategies\u2014patching, access control, network segmentation, monitoring, and secure development practices\u2014organizations can build a defense-in-depth approach. This layered security model ensures that even if one control fails, others remain in place to protect the infrastructure and maintain system resilience.<\/p>\n<h2>Cryptography, Identity, and Access: Foundations of Secure Authentication and Authorization<\/h2>\n<p>Asymmetric cryptography is a foundational concept in modern security, based on the use of a pair of keys: a public key and a private key. The public key can be freely distributed, while the private key must be kept secret. Data encrypted with one key can be decrypted only with the other, enabling secure communication over untrusted networks. This model supports essential security properties such as confidentiality, integrity, and authentication. In practice, asymmetric cryptography is widely used in protocols like TLS, where it helps establish secure connections between clients and servers.<\/p>\n<p>Digital certificates build on asymmetric cryptography by binding a public key to an identity. The most common format is the <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc5280\">X.509 certificate<\/a>, which includes information about the entity (such as a domain or organization) and is signed by a trusted <em>certificate authority<\/em> (CA). This signature allows clients to verify that the public key truly belongs to the claimed identity. When a user accesses a secure website, the browser validates the certificate chain to ensure trust, enabling encrypted and authenticated communication. Without digital certificates, there would be no reliable way to confirm the authenticity of remote systems.<\/p>\n<p>Authentication and authorization are distinct but closely related concepts. <em>Authentication<\/em> is the process of verifying identity\u2014confirming that a user or system is who they claim to be. <em>Authorization<\/em>, on the other hand, determines what that authenticated entity is allowed to do. Modern systems rely on standardized protocols to implement these processes in a scalable and secure way.<\/p>\n<p><a href=\"https:\/\/oauth.net\/2\/\">OAuth2<\/a> is widely used for delegated authorization, allowing applications access to resources on behalf of a user without exposing the user credentials. OpenID Connect (OIDC) extends OAuth2 by adding an identity layer for authentication, while SAML is commonly used in enterprise environments for federated identity and single sign-on (SSO). These standards enable seamless and secure access across multiple systems.<\/p>\n<p>Managing user credentials is a critical aspect of security. Passwords should never be stored in plain text; instead, they must be protected using <em>hashing<\/em> and <em>salting<\/em>, which make it significantly harder for attackers to recover original values even if the database is compromised. Strong password policies, credential rotation, and secure storage mechanisms (such as secrets managers) are essential practices. However, passwords alone are no longer sufficient for robust security.<\/p>\n<p>Advanced authentication technologies enhance protection by introducing additional verification factors. Two-factor authentication (2FA) and multi-factor authentication (MFA) require users to provide more than one form of evidence, typically combining something they know (a password), something they have (a device), or something they are (biometrics). Common implementations include <em>one-time passwords<\/em> (OTP) and <em>time-based one-time passwords<\/em> (TOTP) generated by authenticator applications. These mechanisms significantly reduce the risk of account compromise, even if credentials are leaked.<\/p>\n<p>Together, these concepts form the backbone of secure identity and communication systems. By combining strong cryptographic foundations, standardized authentication protocols, and modern credential management practices, organizations can protect user identities and ensure secure access to applications and services in increasingly complex environments.<\/p>\n<p>And don\u2019t forget that the LPI provides official Learning Materials for the <a href=\"https:\/\/learning.lpi.org\/en\/learning-materials\/701-200\/\">DevOps Tools Engineer version 2.0 exam<\/a>. These resources are comprehensive, freely available, and fully aligned with the exam objectives, making them an excellent primary reference throughout your preparation.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.lpi.org\/blog\/2026\/03\/31\/devops-tools-introduction-11-kubernetes-package-management\/\">&lt;&lt; Read the previous article of this series<\/a> | <a href=\"https:\/\/www.lpi.org\/blog\/2026\/01\/20\/devops-tools-introduction-01-getting-getting-started-started\/\">Start the series from the beginning &gt;&gt;<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While previous articles in this series have explored application deployment from multiple angles\u2014covering infrastructure, pipelines, and operational practices\u2014security must be understood as a foundational layer that permeates every stage of the lifecycle. This perspective is reflected in the DevOps Tools &#8230; <a href=\"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/\" class=\"button-link\">Read more<\/a><\/p>\n","protected":false},"author":66,"featured_media":37247,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"country":[],"language":[304],"ppma_author":[540,571],"class_list":["post-37246","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-none","language-english"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DevOps Tools Introduction #12: Cloud Native Security - Linux Professional Institute (LPI)<\/title>\n<meta name=\"description\" content=\"Cloud-native security: protect containers, APIs &amp; identities with DevSecOps, IAM, encryption &amp; strong defenses across modern infra.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/\" \/>\n<meta property=\"og:locale\" content=\"vi_VN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DevOps Tools Introduction #12: Cloud Native Security\" \/>\n<meta property=\"og:description\" content=\"Cloud-native security: protect containers, APIs &amp; identities with DevSecOps, IAM, encryption &amp; strong defenses across modern infra.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Professional Institute (LPI)\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LPIConnect\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-07T14:56:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/04\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"994\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fabian Thorns, Uir\u00e1 Ribeiro\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@lpiconnect\" \/>\n<meta name=\"twitter:site\" content=\"@lpiconnect\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fabian Thorns\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/\"},\"author\":{\"name\":\"Fabian Thorns\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#\\\/schema\\\/person\\\/87a340eca845e18d801667fd11e6937c\"},\"headline\":\"DevOps Tools Introduction #12: Cloud Native Security\",\"datePublished\":\"2026-04-07T14:56:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/\"},\"wordCount\":1787,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg\",\"articleSection\":[\"- None -\"],\"inLanguage\":\"vi-VN\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/\",\"url\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/\",\"name\":\"DevOps Tools Introduction #12: Cloud Native Security - Linux Professional Institute (LPI)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg\",\"datePublished\":\"2026-04-07T14:56:56+00:00\",\"description\":\"Cloud-native security: protect containers, APIs & identities with DevSecOps, IAM, encryption & strong defenses across modern infra.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/#breadcrumb\"},\"inLanguage\":\"vi-VN\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"vi-VN\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg\",\"contentUrl\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg\",\"width\":1440,\"height\":994,\"caption\":\"DevOps Tools Introduction #12: Cloud Native Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/blog\\\/2026\\\/04\\\/07\\\/devops-tools-introduction-12-cloud-native-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DevOps Tools Introduction #12: Cloud Native Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#website\",\"url\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/\",\"name\":\"Linux Professional Institute (LPI)\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"vi-VN\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#organization\",\"name\":\"Linux Professional Institute (LPI)\",\"url\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"vi-VN\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/logo.png\",\"contentUrl\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/logo.png\",\"width\":496,\"height\":175,\"caption\":\"Linux Professional Institute (LPI)\"},\"image\":{\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/LPIConnect\",\"https:\\\/\\\/x.com\\\/lpiconnect\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/35136\",\"https:\\\/\\\/www.instagram.com\\\/lpi_org\\\/\",\"https:\\\/\\\/fosstodon.org\\\/@LPI\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/vi\\\/#\\\/schema\\\/person\\\/87a340eca845e18d801667fd11e6937c\",\"name\":\"Fabian Thorns\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"vi-VN\",\"@id\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/cropped-fabian-thorns-1920px-96x96.jpg583c90110e404d4e42f0be7307753074\",\"url\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/cropped-fabian-thorns-1920px-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.lpi.org\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/cropped-fabian-thorns-1920px-96x96.jpg\",\"caption\":\"Fabian Thorns\"},\"description\":\"Fabian Thorns is the Director of Product Development at Linux Professional Institute, LPI. He is M.Sc. Business Information Systems, a regular speaker at open source events and the author of numerous articles and books. Fabian has been part of the exam development team since 2010. Connect with him on LinkedIn, XING\u00a0or via email (fthorns\u00a0at\u00a0www.lpi.org).\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DevOps Tools Introduction #12: Cloud Native Security - Linux Professional Institute (LPI)","description":"Cloud-native security: protect containers, APIs & identities with DevSecOps, IAM, encryption & strong defenses across modern infra.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/","og_locale":"vi_VN","og_type":"article","og_title":"DevOps Tools Introduction #12: Cloud Native Security","og_description":"Cloud-native security: protect containers, APIs & identities with DevSecOps, IAM, encryption & strong defenses across modern infra.","og_url":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/","og_site_name":"Linux Professional Institute (LPI)","article_publisher":"https:\/\/www.facebook.com\/LPIConnect","article_published_time":"2026-04-07T14:56:56+00:00","og_image":[{"width":1440,"height":994,"url":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/04\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg","type":"image\/jpeg"}],"author":"Fabian Thorns, Uir\u00e1 Ribeiro","twitter_card":"summary_large_image","twitter_creator":"@lpiconnect","twitter_site":"@lpiconnect","twitter_misc":{"Written by":"Fabian Thorns","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/#article","isPartOf":{"@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/"},"author":{"name":"Fabian Thorns","@id":"https:\/\/www.lpi.org\/vi\/#\/schema\/person\/87a340eca845e18d801667fd11e6937c"},"headline":"DevOps Tools Introduction #12: Cloud Native Security","datePublished":"2026-04-07T14:56:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/"},"wordCount":1787,"commentCount":0,"publisher":{"@id":"https:\/\/www.lpi.org\/vi\/#organization"},"image":{"@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/04\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg","articleSection":["- None -"],"inLanguage":"vi-VN","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/","url":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/","name":"DevOps Tools Introduction #12: Cloud Native Security - Linux Professional Institute (LPI)","isPartOf":{"@id":"https:\/\/www.lpi.org\/vi\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/#primaryimage"},"image":{"@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/04\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg","datePublished":"2026-04-07T14:56:56+00:00","description":"Cloud-native security: protect containers, APIs & identities with DevSecOps, IAM, encryption & strong defenses across modern infra.","breadcrumb":{"@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/#breadcrumb"},"inLanguage":"vi-VN","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/"]}]},{"@type":"ImageObject","inLanguage":"vi-VN","@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/#primaryimage","url":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/04\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg","contentUrl":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/04\/article-DevOps-Tools-Engineer-v2-Introduction-02-12.jpg","width":1440,"height":994,"caption":"DevOps Tools Introduction #12: Cloud Native Security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.lpi.org\/vi\/blog\/2026\/04\/07\/devops-tools-introduction-12-cloud-native-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.lpi.org\/vi\/"},{"@type":"ListItem","position":2,"name":"DevOps Tools Introduction #12: Cloud Native Security"}]},{"@type":"WebSite","@id":"https:\/\/www.lpi.org\/vi\/#website","url":"https:\/\/www.lpi.org\/vi\/","name":"Linux Professional Institute (LPI)","description":"","publisher":{"@id":"https:\/\/www.lpi.org\/vi\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.lpi.org\/vi\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"vi-VN"},{"@type":"Organization","@id":"https:\/\/www.lpi.org\/vi\/#organization","name":"Linux Professional Institute (LPI)","url":"https:\/\/www.lpi.org\/vi\/","logo":{"@type":"ImageObject","inLanguage":"vi-VN","@id":"https:\/\/www.lpi.org\/vi\/#\/schema\/logo\/image\/","url":"https:\/\/www.lpi.org\/wp-content\/uploads\/2023\/04\/logo.png","contentUrl":"https:\/\/www.lpi.org\/wp-content\/uploads\/2023\/04\/logo.png","width":496,"height":175,"caption":"Linux Professional Institute (LPI)"},"image":{"@id":"https:\/\/www.lpi.org\/vi\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/LPIConnect","https:\/\/x.com\/lpiconnect","https:\/\/www.linkedin.com\/company\/35136","https:\/\/www.instagram.com\/lpi_org\/","https:\/\/fosstodon.org\/@LPI"]},{"@type":"Person","@id":"https:\/\/www.lpi.org\/vi\/#\/schema\/person\/87a340eca845e18d801667fd11e6937c","name":"Fabian Thorns","image":{"@type":"ImageObject","inLanguage":"vi-VN","@id":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/01\/cropped-fabian-thorns-1920px-96x96.jpg583c90110e404d4e42f0be7307753074","url":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/01\/cropped-fabian-thorns-1920px-96x96.jpg","contentUrl":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/01\/cropped-fabian-thorns-1920px-96x96.jpg","caption":"Fabian Thorns"},"description":"Fabian Thorns is the Director of Product Development at Linux Professional Institute, LPI. He is M.Sc. Business Information Systems, a regular speaker at open source events and the author of numerous articles and books. Fabian has been part of the exam development team since 2010. Connect with him on LinkedIn, XING\u00a0or via email (fthorns\u00a0at\u00a0www.lpi.org)."}]}},"views":12,"authors":[{"term_id":540,"user_id":66,"is_guest":0,"slug":"fthornslpi-org","display_name":"Fabian Thorns","avatar_url":"https:\/\/www.lpi.org\/wp-content\/uploads\/2026\/01\/cropped-fabian-thorns-1920px-96x96.jpg","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""},{"term_id":571,"user_id":109,"is_guest":0,"slug":"uira-ribeiro","display_name":"Uir\u00e1 Ribeiro","avatar_url":"https:\/\/www.lpi.org\/wp-content\/uploads\/2024\/07\/cropped-cropped-uria-ribeiro-220x220-1-96x96.jpg","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/posts\/37246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/users\/66"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/comments?post=37246"}],"version-history":[{"count":1,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/posts\/37246\/revisions"}],"predecessor-version":[{"id":37257,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/posts\/37246\/revisions\/37257"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/media\/37247"}],"wp:attachment":[{"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/media?parent=37246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/categories?post=37246"},{"taxonomy":"country","embeddable":true,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/country?post=37246"},{"taxonomy":"language","embeddable":true,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/language?post=37246"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.lpi.org\/vi\/wp-json\/wp\/v2\/ppma_author?post=37246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}