By providing a single, unified platform for provisioning and operating infrastructure services, Kubernetes streamlines and unifies workflows across app development and operations teams. That same consolidated approach, where everyone is working off a common source of truth and using the same infrastructure, can extend to security as well when you deploy a Kubernetes-native security platform. This approach saves time and money by shortening the learning curve and enabling faster analysis and remediation.
Shorten the learning curve
When DevOps and security teams are using the same constructs to build and ship containerized apps as well as to secure them, they have fewer interfaces, tools, and models to learn. DevOps uses Kubernetes manifest files to define the resources a given application needs. Using those same assets to glean security context and apply policies reduces complexity — and improves the security outcome. Being able to launch the security platform just like any other Kubernetes application also reduces the learning curve.
Configure once, use everywhere
Kubernetes-native security also enables high portability and re-use. Following a single, standardized approach that runs everywhere Kubernetes runs ensures that policies are applied consistently, across all environments. Kubernetes-native security lets users specify a single configuration, such as a Network Policy, that should apply to all pods in a deployment, rather than having to configure system-level controls on every host in a cluster. By tying policies into CI/CD systems and the Kubernetes Admission Controller framework, organizations can more easily apply control policies early in the software development life cycle, preventing exposures at runtime. And tapping Kubernetes constructs such as the Admission Controller keeps security tied deeply into Kubernetes toolchains.
Enable faster analysis and remediation
Containers complicate security on a number of fronts, including the fact that incidents can be very spread out, containers produce high volumes of data to process, and they’re ephemeral, which renders traditional incident response obsolete.
Kubernetes-native security enables you to detect threats more accurately. Leveraging Kubernetes context makes clear what the expected behavior is. As a result, Kubernetes-native security can identify anomalies with higher fidelity, and you can apply enforcement options, such as killing a pod, with more confidence. At the same time, using Kubernetes context also reduces the false positives and alert fatigue.
Kubernetes-native security also provides the ability to take a risk-based approach to security tasks. Your deployments are likely to contain a number of policy violations, but where do you start? Again, tapping Kubernetes context helps. Stitching together different aspects of the Kubernetes metadata, including whether a cluster is in dev or prod, whether it’s exposed to the Internet or not, how critical the application is, and whether any suspicious processes are currently running on it, will bring to fore what needs your team’s attention right now. You can only get this clarity of urgency with Kubernetes-native security.
Use Kubernetes-native security to reduce the time and effort you need to effectively apply security in your environment.
Last updated: Jul-3-2020