When it comes to the accelerated advancement of technology implementation like Kubernetes containers, cloud adoption and app modernization — security conversations are at an all-time high as enterprises address complex security issues that mean changing the way its been done in the past.
Red Hat Inc. has been addressing these security issues through a recently announced service called Advanced Cluster Security Cloud Service, which will enable protecting cloud-native applications that require significant changes in how organizations approach IT security.
Doron Caspin (pictured, right), senior principal product manager of security at Red Hat, and Michael Foster (pictured, left), principal product marketing manager at Red Hat, spoke with theCUBE industry analysts John Furrier and Lisa Martin at the recent KubeCon + CloudNativeCon NA 2022, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. (* Disclosure below.)
They discussed the importance of security and the trends they see with Red Hat’s customers, as well as organizations across the industry. [The following content has been condensed for clarity.]
Furrier: You can’t go anywhere without talking about security. Where are the security challenges and opportunities?
Foster: A little bit of it is a new way of thinking. The speed of security … actually does make you secure. We want to keep our images up and fresh and updated, and we also want to make sure that we’re keeping the open source and the different images that we’re bringing in secure.
Crispin: You need to trust your sources. Even … in the open-source world, you don’t want to copy-paste libraries from the web, and most of our customers [are] using third-party vendors and getting images from different location. We need to trust our sources, and … even if you have a really good scanning solution, you [can’t] always trust … it. You need to have a good solution for that.
Furrier: You’re announcing the Red Hat Advanced Cluster Security Cloud Service. Tell us why.
Caspin: So we are not specifically for OpenShift. We also provide support for EKS and AKS, so we provided the capability to secure the whole cloud posture. We are not trying to boil the ocean or solve the whole cloud security pasture. We try to solve the Kubernetes security pasture. It’s very unique. It’s not just added value in our cloud security solution. We think it’s something special for Kubernetes, and this is what Red Hat is aiming to … solve this issue.
Furrier: So what are the key challenges that you have on your roadmap right now? You’ve got the products out there; what’s the current stake?
Foster: One of the biggest challenges is talking with customers with … an older approach to security. You hear things like malware pop up, and … what we should be doing is keeping things into low and medium vulnerabilities, looking at the configuration, managing risk accordingly. Our whole goal is to give you as much security information in a way that’s consumable so that you can evaluate your risk, set policies, and then enforce them early on in the cluster or early on in the development pipeline so that your developers get the security information they need, hopefully, asynchronously.
Caspin: We know that ransomware … [is] a big world for everyone, and we understand the area of the boundaries where we want to protect. And we think it’s about policies and where we enforce it. So … you can scan the image, but we never know what is in it until you really run it. So one of the things that we provide is runtime scanning so you can scan and you can … enforce things in runtime. But even if one image got … to your cluster … we can stop it in Runtimes.
Martin: And then also if you add in DataOps, AIOps, DataOps, SecurityOps, that’s the new IT. It seems to be that the new IT is the stuff that’s scaling. How do you guys view that into the equation?
Foster: You become big generalists. I think there’s a reason why those cloud security or cloud professional certificates are becoming so popular. You have to know a lot about all the different applications, be able to code it, automate it … hopefully everything as code. And then it also makes it easy for security tools to come in and look and examine where the vulnerabilities are when those things are as code. So because you’re going and developing all this automation, you do become … a generalist.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon NA 2022 event:
(* Disclosure: Red Hat Inc. sponsored this segment of theCUBE. Neither Red Hat nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)