How Twistlock Secures the Enterprise Container
As enterprises continue to make the shift to microservices and container-based infrastructures, many wonder how to best secure these technologies. Fortunately, companies are emerging to take on the work of shaping container technologies to enterprise needs. This is the domain of container security platform Twistlock, which has recently released a new ebook on PCI Compliance for Containers.
“With containers, you know exactly what processes are running in that container. What we found out is that it’s much easier to base on good behavior what a container should do,” said Twistlock CEO Ben Bernstein on this new episode of The New Stack Makers hosted by TNS managing editor Joab Jackson.
Twistlock’s features include environment checks, policy enforcement, and role-based access control. “We can stop, start, analyze, and understand what any actor is doing with the container engine. That enables us to do a lot of the heavy lifting of compliance. Another thing we do is plug into all the notifications and all the operating system capabilities that enables one process, or anything at the OS level to understand what happens inside the OS. If we see anything, then we can basically alter on that and block it,” Bernstein said.
To make this process easier for developers, the Twistlock console is easily integrated into a CI/CD pipeline via the use of a Rest API, Bernstein noted.
“We believe that developers should get notified ASAP when they do something that is non-compliant. We’re not waiting until there’s a problem. When you push an image into production or any environment and we realize it’s non-compliant, we let the developer know so you can push it back and say they have to fix it,” Bernstein said.
Ultimately, Twistlock hopes to help enterprises and developers alike create more secure containerized infrastructures. “When a developer does something wrong, you have to empower them to fix it. I think there is a fine line, but you have to automatically enforce it. You can’t force someone to voluntarily care about security,” he said.
Twistlock is a sponsor of The New Stack.