Cloud-native adoption has seen an increase over the past couple of years, paralleling the widely reported upswing in cloud computing.
As enterprise-level companies dive into the world of Kubernetes, their IT teams are discovering that DevSecOps initiatives involve more than just vulnerability scanning.
“Real DevSecOps requires breaking down silos between developers, operations and security, including network security teams,” said Kirsten Newcomer (pictured, left), director of cloud and DevSecOps strategy at Red Hat Inc. “And so, the Kubernetes paradigm requires involvement. Actually, in some ways, it forces involvement of developers in things like network policy for the [software-defined network] layer.”
Newcomer and Connor Gorman (pictured, right), senior principal software engineer at Red Hat, spoke with theCUBE industry analysts Keith Townsend and Enrico Signoretti at KubeCon + CloudNativeCon Europe, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Red Hat is helping customers solve Kubernetes security challenges. (* Disclosure below.)
Diving deep into Red Hat’s open-source security portfolio
Red Hat is the undisputed expert in enterprise open source, and the company has been investing in security capabilities and contributing to open-source security projects since Kubernetes 1.0, according to Newcomer.
The complexity of cloud-native computing means that different tools and methods are required for different levels and locations; for example, securing an edge location, public cloud, private cloud, or an on-premises data center requiring different approaches — as does hardware, operating system and application-level security.
Red Hat has a solution, however: “If you’re leveraging the heart of Kubernetes, the declarative nature of Kubernetes, you can do Kubernetes security in a way that can be consistent across these environments,” Newcomer stated.
The exception is the edge, where it is more important to ensure physical security and hardware-based encryption may be needed.
During their discussion with theCUBE analysts, Newcomer and Gorman explained the various solutions Red Hat has developed to combat security and how they interact to provide an “orchestration of orchestrators.” The discussion covered static analysis tool KubeLinter, Open Policy Agent, Red Hat’s contributions to edge mobile services platform Falcon and vulnerability analysis project Clair, along with how the acquisition of StackRox in 2021 has led to open-sourced advanced cluster management.
“We took a Kubernetes-native approach to securing all of this,” said Gorman, describing in-depth the practice of securing an application through policy. The result is that on subsequent deployments, security is already built-in at the Kubernetes level.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon Europe event:
(* Disclosure: TheCUBE is a paid media partner for the KubeCon + CloudNativeCon Europe event. Neither Red Hat Inc., the main sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)