Portworx sponsored The New Stack’s coverage of KubeCon+CloudNativeCon North America 2019.
As companies rush to adopt Kubernetes, many have been neglecting security until the last minute. But bringing security into the DevOps workflow and doing so earlier has other ramifications — namely, more of the responsibility for security applications rests on developers themselves, rather than a separate security team.
This, according to cloud native security company Sysdig, creates a dangerous knowledge gap, because an average developer simply isn’t as skilled in security best practices as an expert would be. One way to combat this problem is with tools — that’s one of the goals of Octarine’s Guardrails product. But Sysdig, the company behind open source security tool Falco, is taking a slightly different approach: Open sourcing the know-how behind getting security configurations right
To this end, the company launched the Cloud Native Security Hub, a community site to share best practices around securing Kubernetes. The site debuted during KubeCon+CloudNativeCon North America 2019 in San Diego last week.
“The real issue is about connectivity,” said Janet Matsuda, chief marketing officer at Sysdig. This approach is designed to lower the barriers for developers — or any non-security-expert — who is now responsible for configuring security. It’s also a way for security experts to share knowledge, see how other companies are managing configurations and to collaborate on a set of standard best practices.
“For a lot of people, the question is ‘how do I get started?’” she said. “We’re trying to provide a nice UI so it’s not intimidating.”
DevOps teams can go to the Security Hub and download rules and configuration files directly and either used them as-is or customize them for specific use cases. At the moment, the Security Hub only has Falco rules, but the plan is to build support for other cloud native security tools in the future, as the community expands and more experts contribute.
“One of the goals is to have this discussion in the open and have everyone agree on what should be considered a best practice,” said Jorge Salamero Sanz, director of product marketing at Sysdig.
“The Mitre ATT&CK Framework is well accepted, but how do you map that to Kubernetes?” Matsuda explained. Different people can have different interpretations, and a place for them to all collaborate and teach can help the cloud native ecosystem mature in terms of security best practices. Providing easily shareable configuration files can also save a lot of time.
If individual developers and DevOps teams are going to be responsible for security, they need the tools to do so successfully. Sysdig hopes that the Cloud Native Security Hub will ultimately save time and create more secure cloud native applications.
KubeCon+CloudNativeCon is a sponsor of The New Stack.