Boundary Bay Regional Park Delta BC - Lawrence Manickam

Red Hat Advanced Cluster Security for Kubernetes

Microservices deployment in Kubernetes demands higher-level security needs and perception. The non-functional requirements of Microservices are unfolding in a complex manner. The two least focused areas in a Software Development Life Cycle are ‘Security’ and ‘Performance’.

Consider Development is on the ‘left’ and Operations is at the ‘right’. It is important to shift the security to the left; Therefore, organizations can enjoy the speed to market practice of DevOps to release their applications securely and stay competitive.

DevSecOps is the practice to enable the ‘shift security to the left’ concept. It is a collaborated automation framework that integrates Development, Operations and Security by adding security practices to the software development lifecycle at the development stage itself.

Red Hat and StackRox

Red Hat is the leader in DevOps and DevSecOps. They recently acquired StackRox, a California-based Kubernetes security company that concentrates on runtime security for Containers and Kubernetes. The acquisition strengthened Red Hat security portfolio in the Container market and complements Red Hat OpenShift by bringing critical security capabilities.

Paul Cormier, CEO of Red Hat said, ‘Securing Kubernetes workloads and infrastructure cannot be done in a piecemeal manner; security must be an integrated part of every deployment, not an afterthought.’

Advantages of StackRox Acquisition

The integrated DevOps and DevSecOps product model (Red Hat OpenShift + StackRox) provide the following benefits to the customers.

Technical support for Kubernetes and Security products

For those looking to secure complex environments, a customer needs a stable technical support from product vendors. With the StackRox acquisition, Red Hat will be able to further expand its Hybrid Cloud security leadership and reinforce their commitment to deliver a single, comprehensive platform for users to build, and deploy applications more securely across the Hybrid Cloud.

The Modern Shift-Left Security Strategy

A shift-left approach shifts initial security responsibilities to developers. A developer can catch vulnerabilities and misconfigurations before they are exploited to reduce the risk of breaches in production.

Integrated Orchestration

Integrated OpenShift Orchestration and StackRox Security platform to enable the application to utilize the best of the breed security practices. Detects and contain attacks and orchestrate Containers efficiently.

Hybrid Cloud Security

Several organizations choose one security platform and strategy for their private cloud and a different one for their public cloud, with the two often not being compatible with each other. Ideally, security and development teams need a unified platform that can simultaneously secure both environments while still providing an unfettered look at all traffic, and addressing the above-mentioned items. Red Hat bridges the gap.

Out of the box vulnerability and security scanning capabilities

With the StackRox acquisition and its complementary capabilities to strengthen integrated security across Red Hat Open Hybrid Cloud portfolio with greater simplicity and consistency, combined with the above-described advantages, Red Hat will further expand its ‘Security Leadership’.

StackRox is Red Hat Advanced Cluster Security for Kubernetes.

Red Hat Advanced Cluster Security for Kubernetes

Red Hat Advanced Cluster Security for Kubernetes (StackRox) protects your essential applications across building, deployment, and runtime. The Software is deployed in the infrastructure and integrates with the DevOps tooling and workflows to deliver enhanced security and compliance.

The policy engine adopts best of industry standards and includes hundreds of built-in controls to enforce DevOps and security best practices. Red Hat Advanced Cluster Security for Kubernetes provides a Kubernetes native architecture for container security, enabling DevOps and InfoSec teams to operationalize security.

Features and Benefits

  • Secures the software supply chain, integration and automation.
  • Secure the infrastructure, Kubernetes configurations, compliance, security posture management.
  • Secure the workloads, privilege controls, network detection, runtime threat introspection and response.
  • Lower operational cost by enabling DevOps and security teams to use a common language and source of truth.
  • Reduce operational risk that ensures alignment between security and infrastructure to reduce application downtime.
  • Increase developer productivity by providing developer-friendly security guardrails to shift security left.
  • Creates cognizance with staff regarding critical vulnerabilities and threat vectors.
  • Minimizes time and effort for implementation of security.
  • Simplifies security analysis, investigation, and remediation using the rich context that Kubernetes provides.
  • Supplies with scalability and resiliency native to Kubernetes, avoiding operational conflict and complexity that can result from out-of-band security controls.
  • Enhanced safeguards.
  • Reduces time and costs.
  • Creates Visibility, captures critical system-level events in each container.

Red Hat Container Orchestration Product Suites

Red Hat OpenShift Kubernetes Engine (formerly Red Hat OpenShift Container Engine) delivers the foundational, security-focused capabilities of enterprise Kubernetes on Red Hat Enterprise Linux CoreOS to run containers in hybrid cloud environments.

Red Hat OpenShift Container Platform adds a full set of operations and developer services and tools, including Serverless, Service Mesh, and Pipelines. With OpenShift Container Platform, organizations can adopt a hybrid cloud strategy and start building cloud-native applications. The proven platform includes a complete set of services that empower developers to code with speed and agility for applications while providing more flexibility and efficiency for IT operations teams.

Read my article ‘What is Red Hat OpenShift’ to know more about Red Hat OpenShift Container Platform.

Red Hat OpenShift Platform Plus builds on the capabilities of OpenShift Container Platform with advanced MultiCluster security features, day-2 management capabilities, and a global container registry. With OpenShift Platform Plus, organizations can more consistently protect and manage applications across open hybrid cloud environments and application life cycles.

Red Hat OpenShift Platform Plus

Red Hat OpenShift Platform Plus includes:

Red Hat OpenShift Container Platform, a complete set of services that helps developers code applications with speed while providing flexibility and efficiency for IT operations teams.

Red Hat Advanced Cluster Security for Kubernetes, a solution that provides Kubernetes-native security to enhance infrastructure and workload security through the entire application lifecycle.

Red Hat Advanced Cluster Management for Kubernetes for extended visibility of your entire Kubernetes domain with built-in governance and application life-cycle management capabilities.

Red Hat Quay, an open-source registry platform for managing containers across global data centre and cloud environments, focusing on cloud-native and DevSecOps development models and environments.

Benefits

Consistent user experience, management, and security across hybrid infrastructure: Provides consistency and a uniform interface for administrators and developers, regardless of installation location — whether on premise, in the cloud, or at the edge. As a result, teams can focus on innovation and more easily deploy applications across mixed infrastructures.

Comprehensive tools for cloud-native application development: Includes the components you need to build, deploy, run, and secure your applications, or you can continue to use your existing tools, integrated with Red Hat OpenShift.

Built-in security across the entire application life cycle: Extends OpenShift’s already robust security and compliance capabilities with additional tools and capabilities for organizations that have unique, complex security requirements that vary across applications.

End-to-end management and observability: Apply consistent operational policies for security, configuration, compliance, and governance to Kubernetes clusters across on-premise and Cloud infrastructure.

Conclusion

Cloud native technologies are extremely dynamic due to rapid advancement in market and demands from customers. The need of the hour is to create a platform that amalgamates DevOps and DevSecOps.

To satisfy that need, Red Hat comes up with Red Hat OpenShift Platform Plus which is a universal DevOps + DevSecOps product suite that provides agile practices to customers.

With multiple layers of security, manageability and automation built-in, the Red Hat OpenShift Platform Plus helps customers to drive DevSecOps adoption with its Advanced Cluster Security module and accelerate application innovation across the Hybrid Cloud.

In my next article, I will write about Red Hat Advanced Cluster Management.

Lawrence Manickam is the Master Cloud Architect Trainer in RedPeppy, E-Learning division of Kuberiter.

Please visit https://RedPeppy.com to register for my premium Cloud native courses such as Certified Kubernetes Administrator (CKA) and Certified Kubernetes Security Specialist (CKS).