Red Hat Helps Make Kubernetes Security More Accessible
The shift to cloud native represents a major if not the most ambitious initiative that an organization’s DevOps teams can ever implement. Among the challenges is managing the complexities of security, and in highly distributed Kubernetes environments the stakes and the challenges are even more significant. The necessity to adopt a comprehensive platform for these highly distributed containerized environments has prompted Red Hat to offer what it says is a comprehensive security management platform and associated tools for cloud native security.
During KubeCon + CloudNativeCon in Detroit, Red Hat representatives spoke with The New Stack about the company’s latest effort to help combine Kubernetes-native security capabilities with the convenience and support of a fully Red Hat-managed offering. The preview of its Red Hat Advanced Cluster Security (ACS) Cloud Service offering was developed to allow organizations to improve security and security management as they build, deploy and maintain cloud native applications, regardless of the underlying Kubernetes platform, Red Hat says.
The key improvement Red Hat is adding to ACS is how the ACS Cloud Service offers more comprehensive and direct support and management of security for Kubernetes and for StackRox, after Red Hat bought StackRox and opted to open source the StackRox platform in 2021. StackRox is seen as a way to help enable Kubernetes-specific workloads to be more secure and to run faster and more efficiently.
“You previously had to run the StackRox infrastructure yourself, but now, we are going to run the infrastructure for StackRox for you in your choice of cloud environments,” Doron Caspin, senior principal product manager for Red Hat ACS, told The New Stack.
Supply Chain Security
Red Hat Advanced Cluster Security (ACS) for Kubernetes plays a large role in its supply chain security pattern. By integrating with an organization’s CI/CD pipelines and image registries, ACS provides continuous scanning so that vulnerable and misconfigured container images can be remediated within the same developer environment, with real-time feedback and alerts. Red Hat Advanced Cluster Security Cloud Service supports Red Hat customers running containerized workloads on Red Hat OpenShift, Azure Red Hat OpenShift and Red Hat OpenShift Service on Amazon Web Services (AWS). Red Hat ACS Managed Service is also available for non-Red Hat Kubernetes services offered by major cloud providers including Amazon EKS, Google GKE and Microsoft AKS.
“We try to help by remaining laser-focused on the area of Kubernetes security for DevOps. This means that both developer and operations team members should have their security needs comprehensively covered by ACS and now ACS Cloud Service,” Caspin said. “This way, developers can have more time to develop code and applications more quickly and allow operations team members to focus more on improving infrastructure to achieve business goals, instead of being bogged down by security management.”
According to Red Hat’s “2022 Global Tech Outlook” report, 46% of respondents put IT security as their top funding priority. Security is thus obviously a large concern Red Hat shares with its customers and helps to explain how Red Hat has been aggressively expanding on the range of security tools it can offer. The ACS Cloud Service release follows a number of other newer Red Hat Security projects.
Red Hat’s Ansible Automation Platform 2.2 provides a content signing technology similar to Sigstore. It helps to automate supply chain security best practices by verifying that the code executed in the pipeline or during runtime has been verified and is thus trusted. Red Hat’s OpenShift offers a number of tools and has vetted and recommended options from third parties for use in supply chain security. The company has created a supply chain security pattern applicable across hybrid cloud environments — from on-premises to multicloud to the edge — across the entire technology life cycle and software stack.
With Red Hat‘s OpenShift container platform, the pattern delivers complete stacks as code and defines, builds and tests the necessary software configurations. The pattern makes available a Kubernetes-integrated pipeline through Red Hat OpenShift Pipelines and Red Hat OpenShift GitOps for version control. Through Tekton Chains, the pattern incorporates Sigstore for the cryptographic signing of code.
In addition, in Red Hat Ansible Automation Platform 2.2, Red Hat is offering a technical preview of its Ansible content-signing technology. The new capability helps with software supply chain security by enabling automation teams to validate the automation content being executed in their enterprise.
“We are aiming to build on our presence as a security leader by helping our customers by offering a security solution for whatever their requirements are, whether they use OpenShift or regardless of who their cloud provider is,” Caspin said. “For security solutions for Kubernetes on the cloud, we expect ACS Cloud Service will play a large role, largely supported by StackRox’s know-how and experience that is now expanding across cloud environments.”