Posts under Kubernetes Security
To understand how to effectively secure your Kubernetes environments, it is informative to understand the architecture of Kubernetes itself as well as where and how to focus efforts on valuable mitigations, especially those which require administrator or user configuration when provisioning clusters. Kubernetes is a robust yet complex infrastructure system for container orchestration, with multiple components that must be adequately protected. Each Kubernetes cluster consists of two sets of components: (1) the control plane which is used to manage operations throughout the cluster, and (2) the cluster’s worker nodes which run containerized applications in pods.
We were already having a great day yesterday – responding to all the congratulations messages on our funding, our huge 240% increase in revenue, and our customer momentum – when news hit that we were named amongst that select group of SINET 16 Innovator Award winners. Wow. The tally of security vendors hovers around 2500, and we’re called out as one of the 16 most innovative across that entire landscape. This recognition is just one more indicator of the power of our unique approach to securing cloud-native infrastructure.
Today we’re excited to announce our $26.5M round of funding led by Menlo Ventures, with participation from Highland Capital Partners and Hewlett-Packard Enterprise along with existing investors Redpoint Ventures and Sequoia Capital. The influx of capital will enable us to meet rapidly growing demand driven by two of the biggest trends in IT and Security — Kubernetes and DevSecOps — and deliver on our vision to enable organizations to securely build, deploy, and run cloud-native applications anywhere.
I’ve had the good fortune to get to know Pathik Patel, head of cloud security at Informatica, over the past 18 months since he became a StackRox customer, and today we’re sharing the news of our joint success story. Across our numerous conversations, he has repeatedly impressed me with his forward thinking on how to innovate security processes, approaches, and tooling to keep Informatica at the forefront of securely enabling sophisticated data management, detailed in this case study.
I’m very pleased to announce the launch of StackRox’s EMEA business, with my new role as vice president, international. Why StackRox, why now? Having spent the first half of my career evangelising the Cloud and the second half Cyber Security, I’m super excited to help cloud-native companies to secure and accelerate their business transformation and DevOps initiatives with StackRox. The boom of cloud-native start-ups here in London and across Europe has been largely assisted by the massive adoption of containers and Kubernetes - StackRox is building here at the right time to help enable this digital wave.
Right on the heels of last week’s news that we’re providing Kubernetes security for DoD’s Platform One software factory, we’re excited to share today that we’ve been awarded a Phase III contract with the Department of Homeland Security. In this stage of our partnership, we’re deploying our Kubernetes Security Platform to protect running systems at a large U.S. bank. The DHS Science and Technology Directorate (S&T) uses its Silicon Valley Innovation Program (SVIP) to invest in next-generation security technologies to protect critical infrastructure, including mission-critical, cloud-native applications for financial institutions.
StackRox is in the midst of our own “Fed ramp” of sorts, with news today that we’ve been awarded a Department of Defense SBIR Phase II Award, our long history with In-Q-Tel and multiple deployments in the U.S. Intelligence Community, and more news coming soon on additional Fed initiatives. We have deep roots in protecting the cloud-native apps of many civilian and Intelligence Community agencies, including our long partnership with In-Q-Tel.
What’s better than being named a Computer Reseller News Emerging Vendor? Winning that designation two years running! We’re thrilled to be included amongst these elite technical innovators. The advantages of our unique Kubernetes-native approach to securing today’s modern apps are earning us kudos across customers (see online reviews on Gartner Peer Insights and G2), cloud partners, resellers, and industry watchers. As companies of all stripes work to accelerate their digital transformation, resellers have a special opportunity to serve as trusted advisors on the path toward app modernization.
When you’re managing the distribution of people’s paychecks, you’ve got a high bar to meet on security. So for Namely, whose SaaS application supports payroll, people management, compliance and tax, and team collaboration for hundreds of thousands of users, security has been a priority from Day 1. The move to a microservices architecture, however, drove the need for a whole new approach to security. Namely’s flagship SaaS platform uses hundreds of services that are constantly being released and updated, so the company standardized on Kubernetes to scale and operationalize infrastructure management.
You learn from every customer, but some of the toughest requirements can come from our Intelligence Community customers. Occasionally, that group needs capabilities uniquely their own, but in the best of times, they push you in ways that benefit all your customers. Our recent developments in runtime security fall in that second camp, and we’re excited to announce their availability today. We collaborated with our IC customers along with some of our biggest enterprise customers to enhance our platform with new features that help streamline analysis, investigation, and response for runtime security events.
By every measure, Kubernetes is dominating the container orchestration market. Our latest State of Kubernetes and Container Security report found that 87 percent of organizations are managing some portion of their container workloads using Kubernetes. The same survey shows that 94 percent of organizations have experienced a serious security issue in the last 12 months in their container environment, with 69 percent having detected misconfigurations, 27 percent experiencing runtime security incidents, and 24 percent discovering significant vulnerabilities to remediate.
In Part 1 of this series on the Open Policy Agent (OPA), we gave a brief rundown of why you might want to use the OPA Gatekeeper controller for policy enforcement in your Kubernetes clusters. We also gave a few examples of OPA’s query language, Rego, and of the Kubernetes Custom Resource Definitions (CRDs) that OPA Gatekeeper uses and creates. This follow-up post dives into practical aspects of writing and implementing OPA policies for Kubernetes clusters, demonstrating a working example that can be used to restrict a pod’s allowed tolerations of node taints.
It’s always a great feeling to learn another customer win story, but it’s especially exciting when you’re a customer in return! That’s the fun I had talking with Greenlight to learn how the company relies on StackRox to protect its Kubernetes applications. Greenlight has a cool mission: teach kids about financial literacy, encouraging them to create a budget and helping them reach savings goals. I grew up with a mother who gave me envelopes with my first allowance, and I had to distribute my four pennies across each one (labeled spend, save, gifts, and charity, in case you were wondering).
Being based in one of the more impacted COVID-19 areas in the U.S. - Silicon Valley - we at StackRox, like many other companies, are entering our third week with employees working from home. Many members of our team are supporting at-home learning for their children as well. Family and health come first – always. We are committed to offering our employees the flexibility and understanding that they need to take care of their families – without any additional stress or worry.
I’ve always said the best part of my job is talking to customers – especially happy customers! – and I got that chance a couple weeks ago in interviewing George Gerchow, the chief security officer at Sumo Logic. George is one of those “no BS, move fast, lead by serving, and do it all with a smile” guys. And he’s unflinching about the criticality of security to the company he serves.
Today we’re excited to take another step in our partnership with AWS – earning Container Competency partner status. This certification provides our joint customers with the peace of mind to know that the StackRox Kubernetes Security Platform integrates easily with both Amazon EC2 (Elastic Compute Cloud) and Amazon EKS (Elastic Kubernetes Service). Complementing AWS with StackRox security for containers and Kubernetes fulfills a key piece of the shared responsibility model. While Amazon takes responsibility for managing and securing the underlying infrastructure in both its IaaS (EC2) and PaaS (EKS) offerings, customers retain responsibility for securing their application workload.