- The viral Air Purifier Table is my smart home's MVP (and it's on sale for $179)
- Grab the Galaxy S25 Edge for $170 off and get a free Amazon gift card - but act fast
- How I learned to stop worrying and love my health tracker
- I found a free iPhone 16 deal that doesn't require a trade-in (and applies to Pro models, too)
- This 77-piece Milwaukee wrench set is still $200 off at The Home Depot
#Infosec2025 Cloud-Native Technology Prompts New Security Approaches
A move to cloud-native technologies is changing the way enterprises develop their applications and manage their security.
According to speakers at Infosecurity Europe 2025, modern architectures are allowing businesses to operate without physical infrastructure and with smaller IT and security teams. At the same time, cloud-native technology has made the businesses more flexible and better able to attract and retain skilled developers.
Jonathan Leigh is engineering director at Moneybox, a UK-based fintech providing savings and investment services via an app. Moneybox has 1.5m customers, and runs its own bespoke investment platform, Sycamore.
No Servers, All Cloud
Moneybox has, according to Leigh, “no servers”. The business runs entirely on cloud infrastructure, primarily Microsoft Azure with Cloudflare for connectivity and security.
“The goal has been to outsource the complexities of infrastructure to the best in the business,” he told attendees.
“Those are the people who built the technology.”
This has allowed Moneybox to start and stay lean.
“We have world-class technology that is always secure and reliable. We’ve managed to do that with a very small infrastructure team,” Leigh said.
“For the first six years of business, Moneybox had no infrastructure engineers at all, with developers able to call up the IT assets they need directly from the cloud.”
“The third benefit has been to eliminate a massive source of risk,” he continued.
“It eliminates risk and cost, and there is a whole host of tooling that doesn’t apply to us.”
Being cloud-only also supports flexibility for the workforce. This extends to using Cloudflare’s WARP to provide consistent, secure connectivity in the office, and for home and mobile working.
“We’re hybrid, we have people working from home in the UK and Europe,” said Leigh.
“We take the same approach to connection if you are at home or in the office.”
Automation as a Core Principle
At Vodafone, cloud-native operations allow the telecom provider’s development team to focus on delivering services for customers, rather than on managing infrastructure.
Alfie Dienn, chief cloud product officer, describes this as an internal “telecoms-as-a-service” that can run the full stack of telecoms applications. This includes servers, gateways and even Kubernetes clusters.
The goal, he says, is to be as automated as possible.
“Automation is a core principle,” Dienn said.
“We wanted to shift everything left, away from manual configuration and integration, and towards cloud deployment.”
Vodafone uses infrastructure-as-code (IaC) to run its technology platform, using Terraform as the management tool. This has advantages, not just in productivity but also in security.
“We create a standard template, and that creates a golden path from a security and policy standpoint,” Dienn said.
This ensures that any new infrastructure deployed in the Vodafone environment meets the company’s standards.
“You have to use code to deploy into the environment,” he added.
There are some limited exceptions for lower-level architecture, but standardization though IaC eases developer workloads and standardizes security-critical functions such as web application firewalls, as well as databases and content delivery networks.
Sustained Attack Targets
As well as using cloud-native technologies to build in security, the panelists set out how they are using cloud resources to protect their day-to-day operations.
According to Christian Reilly, EMEA field CTO at Cloudflare, the company handles 20% of global internet traffic and some 70m HTTP requests per second. This provides valuable insights and intelligence into how the internet is operating, and potential threats.
“Over half that traffic is now destined for APIs, not traditional web services,” Reilly said.
“We see a lot of interesting information about threats, and financial services is the most attacked industry globally.”
Moneybox’s Leigh admitted that his operations had come under “sustained attack,” including password stuffing.
“As we’ve become more popular with customers, we’ve also become more popular with attackers,” he said.
The business faced “hundreds of millions of attacks” from botnets, all operating with different IP addresses. This stretched conventional defensive measures, such as rate limiting.
The company was able to combat the threat by moving to technology from Cloudflare that “fingerprints” the attackers at source, rather than relying on IP addresses.
“Once you have that fingerprint, you can rate limit it,” Leigh explained.
“It’s like flipping a switch, overnight it went from a massive problem to nothing at all.”
Read more from #Infosec2025: #Infosec2025: Concern Grows Over Agentic AI Security Risks
The panel agreed, though, that security threats will continue to evolve, not least because of AI. This brings advantages, but also its own problems.
“With AI, it’s how we apply that to products and services, and enable AI features on our platform,” said Vodafone’s Dienn.
“We are using AI to fight AI. We are building the capability to integrate with LLMs so developers can automate at scale.”
Deinn added that Vodafone will continue to select technology vendors, including in security, based on the maturity of their automation.
