NEW REPORT: State of Container and Kubernetes Security 2019 DOWNLOAD NOW
{ .link_text }}

Fueling digital transformation in the public sector with OpenShift & container security

On November 9, 2017, I attended the 9th annual Red Hat Government Symposium in Washington, DC, and quickly got a sense of Red Hat’s momentum in the public sector and the rapid growth of OpenShift, Red Hat’s container application platform based on Kubernetes. Over 600 participants attended the symposium, many of whom were senior IT and cybersecurity leaders from government agencies such as Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), General Services Administration (GSA), Social Security Administration (SSA), U.S. Air Force, U.S. Citizenship and Immigration Services (USCIS) and the White House. They shared how they have been leading their organizations through significant digital transformation, leveraging Red Hat technologies such as OpenShift and cloud to increase their agility and speed of innovation while maintaining a solid security posture.

Open source momentum

Paul Smith, SVP & GM of Public Sector at Red Hat, kicked off the symposium with this message: “Open source is the best source of choice and security”. That message was echoed by speakers throughout the day. They shared how they are selecting open source technologies and hybrid clouds as the underlying infrastructure for their next-generation applications. They discussed how containers and microservices are allowing them to innovate quickly and better serve their customers. They talked about how they are using OpenShift to orchestrate and manage their applications at scale. While Red Hat Enterprise Linux (RHEL) continues to be the core of Red Hat’s business, OpenShift is the new growth engine. I met many OpenShift customers at the symposium who are relying on it as the foundation for their modern application infrastructure based on containers.

Containers are the new fabric underlying hybrid & multi-clouds

Throughout panel discussions and conversations with attendees, it was clear that the public sector is heading in the direction of adopting hybrid cloud architecture. While CIOs of federal and state agencies are pushing their teams to adopt public cloud platforms aggressively for both new projects and migration of existing applications such as customer-facing web applications, they continue to invest in existing datacenter infrastructure for workloads that are best suited to run on-premises. Larry Prior, CEO of CSRA, made the argument that for complex applications, customers must consider the hybrid cloud model so they have the choice of deploying workloads where they best fit. For workloads that require elastic, on-demand web-scale infrastructure: choose public cloud. For workloads that handle sensitive data that cannot leave the datacenter: choose private cloud.

Amidst this push towards hybrid and multi-cloud environments, containers have emerged as the fabric that ties hybrid clouds together as the foundation for enterprise computing. A container image is a lightweight package that includes everything needed to run a piece of software including code, system tools, system libraries and settings. When applications are deployed in containers, they can run on any private or public cloud infrastructure that supports that container format, the most popular being Docker. This level of application portability enables customers to realize the full potential of hybrid cloud without the fear of platform lock in. In order to deploy and manage container-based applications across hybrid clouds at scale, customers need an enterprise-grade container platform and Red Hat OpenShift has emerged as the leading platform amongst public sector customers.

Kubernetes & OpenShift are growing rapidly

WIth more than 50,000 commits in the main Kubernetes repo in just 3 years and additional extensions to Kubernetes contributed in associated repos, Kubernetes is one of the fastest growing open source projects ever. Red Hat was one of the earliest to recognize the potential of Kubernetes and joined the Kubernetes community in 2015. They are now the top contributor to Kubernetes after Google. Red Hat continues to innovate and advance the OpenShift platform, bringing enterprise-grade container orchestration, management and security features to government agencies and enterprises worldwide.

Customers like Barclays Bank, Government of British Columbia, and many others have adopted OpenShift to accelerate their innovation cycle. Here are some other inspiring success stories of customers using OpenShift to drive their digital transformation in a secure manner.

Security must be an enabler, not a roadblock

The conference was closed out by David Egts, Chief Technologist of Public Sector at Red Hat, and Chris Wade of the U.S. Army’s Mission Assurance Division. Their message was clear: our soldiers, as well as our businesses, are dealing with cyber threats every day and facing off with our enemies on a regular basis. Leadership understands the critical importance of cybersecurity, and everyone must work to organize their teams and resources to implement security to protect our citizens, strategic assets and our businesses.

Container security was a hot topic at the symposium. Many customers told me that while they are using Red Hat’s Atomic OpenSCAP vulnerability scanning to catch vulnerabilities in their container images, they are also actively looking for runtime security solutions for their production environments. Their existing endpoint and host-based security solutions do not have visibility into container activity and cannot handle the ephemeral and dynamic nature of container-based attack surfaces. Without visibility into containers, customers cannot adequately protect their strategic assets in production environments against known and unknown attacks.

In addition to the lack of visibility into containers, legacy security solutions also have trouble adapting to microservices-based applications that are substantially more dynamic and scalable than legacy monolithic applications.

While the era of container and microservices is upon us, providing enterprise organizations the opportunity to innovate quickly to serve their customers’ changing needs, it also presents new security challenges for customers to overcome. In closing, I’ll quote Susie Adams, CTO of Microsoft Federal: “You need to be a continuous learner”. We all need to learn how to use the right security solutions to protect container assets while pushing for speed and agility.

StackRox is purpose-built to protect enterprise organizations throughout their journey from containers to web-scale microservices. Learn more about our unique approach to container runtime security and how we can protect OpenShift environments in runtime.