Posts under Container Security
We recently asked IT and security professionals working at organizations that have adopted containers to rate the importance of several container security capabilities and use cases for their environments. We found that respondents put a premium on addressing those security use cases that allow them to shift security left and apply best practices earlier in the container life cycle, with vulnerability management and configuration management taking two of the top three spots.
Today, StackRox published its State of Kubernetes and Container Security Report, Winter 2020 edition (download your full copy here) - a first of its kind. Based on responses from more than 540 Kubernetes and container users across IT security, DevOps, engineering, and product roles, the report provides insights into how organizations are adopting containers and Kubernetes and its security impact. Of all the survey responses, five findings stand out as the biggest surprises.
SOC (System and Organization Controls) 2 is a set of compliance requirements that applies to companies that store, process, or transmit customer data. A broad range of companies, including SaaS providers, may need to comply with SOC 2 to be competitive in the market and keep customer data secure. Public cloud providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure are subject to SOC 2 and make their audit reports publicly available.
I recently joined Alan Shimel, editor-in-chief of DevOps.com for a chat about what it means to be a Kubernetes-native security platform and why we believe it’s the most effective way to secure containers and Kubernetes. You can watch our conversation in the video below, or you can read through the transcript of our talk that follows, condensed and modified for clarity.
Containers, along with orchestrators such as Kubernetes, have ushered in a new era of application development methodology, enabling microservices architectures as well as continuous development and delivery. Docker is by far the most dominant container runtime engine, with a 91% penetration according to our latest State of the Container and Kubernetes Security Report. Containerization has many benefits and as a result has seen wide adoption. According to Gartner, by 2020, more than 50% of global organizations will be running containerized applications in production.
Following security best practices for AWS EKS clusters is just as critical as for any Kubernetes cluster. In a talk I gave at the Bay Area AWS Community Day, I shared lessons learned and best practices for engineers running workloads on EKS clusters. This overview recaps my talk and includes links to instructions and further reading. About EKS Amazon Elastic Kubernetes Service (EKS) is AWS’ managed Kubernetes service. AWS hosts and manages the Kubernetes masters, and the user is responsible for creating the worker nodes, which run on EC2 instances.
Operationalizing container security by integrating with existing DevOps tooling and workflows has long been a design principle in how we’ve built our StackRox Kubernetes Security Platform. Today we’re excited to announce yet another powerful integration to make our customers’ operational lives better – the StackRox App for Sumo Logic. With this integration, joint customers now get rich StackRox insights about Kubernetes and container security incidents directly in the Sumo Logic Continuous Intelligence Platform.
It’s a bit like Groundhog Day, where we just keep winning award after award. This time, StackRox takes the prize for Best DevOps/Container Security Solution in the inaugural Tech Ascension Awards. The judges celebrated the StackRox Kubernetes Security Platform as “the first deeply integrated, full life cycle solution for cloud-native applications that is both container-native and Kubernetes-native.” The team went on to cite that StackRox address all the critical security and compliance use cases for containers in a single platform, so customers can avoid buying multiple separate tools.
StackRox has done it again. We’ve been recognized once more for our leadership role in the industry – this time as a finalist in the Black Unicorn Awards for 2019 at Black Hat, on now in Las Vegas. This award recognizes those cyber security innovators that judges deem have the potential to reach a $1 billion market potential. Cyber Defense Magazine chose just 30 finalists amongst all entries. Cyber security industry veterans Gary Miliefsky of Cyber Defense Magazine, Robert Herjavec of Herjavec Group, and David DeWalt of NightDragon served as the judges for this year’s Black Unicorn awards.
The awards just keep rolling in … We are thrilled to announce that StackRox has been chosen as a Gold Winner at the 14th Annual Network Products Guide’s 2019 IT World Awards in the Security Services category. StackRox was recognized for our container-native and Kubernetes-native security solution to help our customers protect containers and Kubernetes environments throughout the container life cycle. Containers and Kubernetes have drastically accelerated and streamlined cloud-native application development and deployment, with organizations across industries containerizingtheir most critical production workloads at an ever increasing pace.
We recently repeated our survey of IT and security practitioners to understand the state of security in your container and Kubernetes environments. In our inaugural survey last year, the key findings included: Lack of adequate security strategy topped the list of container strategy concerns Runtime was the lifecycle phase that was of most concern from a security perspective Kubernetes was used by just over half (57%) of respondents for container orchestration This time around we expanded the audience from 230 to more than 390 IT and security practitioners.
Right on the heels of winning two CODiE awards, StackRox was just named a Computer Reseller News 2019 Emerging Vendor. StackRox and our Kubernetes-native container security platform were chosen for our ability to help organizations harden and secure Kubernetes environments at scale. DevOps practices and the cloud-native stack provide the channel with rich opportunities to help companies enable business transformation. The underlying technologies of containers and Kubernetes, however, wreak havoc with traditional security tooling and processes.
Kubernetes is by far the most widely used container orchestrator in the market, and Kubernetes adoption – especially in production environments – is taking off. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.” The explosion in Kubernetes adoption hasn’t been without its share of security concerns. Earlier last year, the runC vulnerability, which allows an attacker to gain host-level code execution by breaking out of a running container, was discovered.
This is the first of a three-part blog series reviewing Gartner Security & Risk Management Summit 2019. Don’t forget to read article two titled Gartner on Securing Cloud-Native Apps, and article three titled Gartner: How-To Guide on Securing Containers. After considering nearly two dozen security projects, Gartner analysts included container security on their list of top projects to undertake in 2019 at the Security and Risk Management conference last week.
Today news broke that Palo Alto Networks (NYSE: PANW) is buying container security startup Twistlock for approximately $410 million. The acquisition provides great validation of the container security market and broader cloud-native security market. Twistlock is Palo Alto’s third security acquisition since Nikesh Arora took over as CEO and reflects the growing importance of the broader cloud security market. Enterprises today are looking for ways to enforce security and compliance policies as they embrace the business benefits of cloud-native application architectures across multi-cloud and hybrid cloud environments.
Greetings from the Red Hat Summit in Boston! We had a great time at OpenShift Commons yesterday, and today we’re talking to folks about some joint news between StackRox and Red Hat – the StackRox Kubernetes Security Platform is now available as a Red Hat certified container, and customers can get our software through the Red Hat Container Catalog. This certification makes it easier for OpenShift customers to access enhanced security and compliance capabilities that complement Red Hat’s Kubernetes platform.