Posts under Container security
Faster application development and release, quicker bug fixes, and increased feature velocity are three of the most often cited benefits of containerization. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization – agility. Rolling out an application that hasn’t passed a security assessment puts the business at too great a risk. To prevent delays in application deployment and realize the benefits of containers and Kubernetes, organizations must shift left with security, building it into the development phase so they can address as many security challenges as possible during the build stage.
As companies embrace containerized, cloud-native applications, they recognize that the need for security is as paramount as ever but struggle to secure these new technologies. Since everyone is learning the new stack, no one has a roadmap for how to apply security across the various stages of the containerization journey. Each stage introduces novel security challenges, and organizations must learn both the infrastructure and the security at the same time. Understandably, security needs evolve as companies move from developing their first containerized application to doing all new development in containers and managing thousands of microservices.
By every measure, Kubernetes is dominating the container orchestration market. Our latest State of Kubernetes and Container Security report found that 87 percent of organizations are managing some portion of their container workloads using Kubernetes. The same survey shows that 94 percent of organizations have experienced a serious security issue in the last 12 months in their container environment, with 69 percent having detected misconfigurations, 27 percent experiencing runtime security incidents, and 24 percent discovering significant vulnerabilities to remediate.
Container images constitute the standard application delivery format in cloud-native environments. The wide distribution and deployment of these container images requires a new set of best practices for ensuring their integrity. While performing image scans to check for known vulnerabilities in operating systems and language packages remains a cornerstone of image security, it is only part of a larger set of security initiatives you need to employ to protect your environments.
We recently asked IT and security professionals working at organizations that have adopted containers to rate the importance of several container security capabilities and use cases for their environments. We found that respondents put a premium on addressing those security use cases that allow them to shift security left and apply best practices earlier in the container life cycle, with vulnerability management and configuration management taking two of the top three spots.
Today, StackRox published its State of Kubernetes and Container Security Report, Winter 2020 edition (download your full copy here) - a first of its kind. Based on responses from more than 540 Kubernetes and container users across IT security, DevOps, engineering, and product roles, the report provides insights into how organizations are adopting containers and Kubernetes and its security impact. Of all the survey responses, five findings stand out as the biggest surprises.
SOC (System and Organization Controls) 2 is a set of compliance requirements that applies to companies that store, process, or transmit customer data. A broad range of companies, including SaaS providers, may need to comply with SOC 2 to be competitive in the market and keep customer data secure. Public cloud providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure are subject to SOC 2 and make their audit reports publicly available.
I recently joined Alan Shimel, editor-in-chief of DevOps.com for a chat about what it means to be a Kubernetes-native security platform and why we believe it’s the most effective way to secure containers and Kubernetes. You can watch our conversation in the video below, or you can read through the transcript of our talk that follows, condensed and modified for clarity.
Containers, along with orchestrators such as Kubernetes, have ushered in a new era of application development methodology, enabling microservices architectures as well as continuous development and delivery. Docker is by far the most dominant container runtime engine, with a 91% penetration according to our latest State of the Container and Kubernetes Security Report. Containerization has many benefits and as a result has seen wide adoption. According to Gartner, by 2020, more than 50% of global organizations will be running containerized applications in production.
Following security best practices for AWS EKS clusters is just as critical as for any Kubernetes cluster. In a talk I gave at the Bay Area AWS Community Day, I shared lessons learned and best practices for engineers running workloads on EKS clusters. This overview recaps my talk and includes links to instructions and further reading. About EKS Amazon Elastic Kubernetes Service (EKS) is AWS’ managed Kubernetes service. AWS hosts and manages the Kubernetes masters, and the user is responsible for creating the worker nodes, which run on EC2 instances.
Operationalizing container security by integrating with existing DevOps tooling and workflows has long been a design principle in how we’ve built our StackRox Kubernetes Security Platform. Today we’re excited to announce yet another powerful integration to make our customers’ operational lives better – the StackRox App for Sumo Logic. With this integration, joint customers now get rich StackRox insights about Kubernetes and container security incidents directly in the Sumo Logic Continuous Intelligence Platform.
It’s a bit like Groundhog Day, where we just keep winning award after award. This time, StackRox takes the prize for Best DevOps/Container Security Solution in the inaugural Tech Ascension Awards. The judges celebrated the StackRox Kubernetes Security Platform as “the first deeply integrated, full life cycle solution for cloud-native applications that is both container-native and Kubernetes-native.” The team went on to cite that StackRox address all the critical security and compliance use cases for containers in a single platform, so customers can avoid buying multiple separate tools.
StackRox has done it again. We’ve been recognized once more for our leadership role in the industry – this time as a finalist in the Black Unicorn Awards for 2019 at Black Hat, on now in Las Vegas. This award recognizes those cyber security innovators that judges deem have the potential to reach a $1 billion market potential. Cyber Defense Magazine chose just 30 finalists amongst all entries. Cyber security industry veterans Gary Miliefsky of Cyber Defense Magazine, Robert Herjavec of Herjavec Group, and David DeWalt of NightDragon served as the judges for this year’s Black Unicorn awards.
The awards just keep rolling in … We are thrilled to announce that StackRox has been chosen as a Gold Winner at the 14th Annual Network Products Guide’s 2019 IT World Awards in the Security Services category. StackRox was recognized for our container-native and Kubernetes-native security solution to help our customers protect containers and Kubernetes environments throughout the container life cycle. Containers and Kubernetes have drastically accelerated and streamlined cloud-native application development and deployment, with organizations across industries containerizingtheir most critical production workloads at an ever increasing pace.
We recently repeated our survey of IT and security practitioners to understand the state of security in your container and Kubernetes environments. In our inaugural survey last year, the key findings included: Lack of adequate security strategy topped the list of container strategy concerns Runtime was the lifecycle phase that was of most concern from a security perspective Kubernetes was used by just over half (57%) of respondents for container orchestration This time around we expanded the audience from 230 to more than 390 IT and security practitioners.
Right on the heels of winning two CODiE awards, StackRox was just named a Computer Reseller News 2019 Emerging Vendor. StackRox and our Kubernetes-native container security platform were chosen for our ability to help organizations harden and secure Kubernetes environments at scale. DevOps practices and the cloud-native stack provide the channel with rich opportunities to help companies enable business transformation. The underlying technologies of containers and Kubernetes, however, wreak havoc with traditional security tooling and processes.