Kubernetes / Security / Tools

Weaveworks Adds Policy as Code to Secure Kubernetes Apps

9 Feb 2022 12:00pm, by

Weaveworks has added security to its GitOps platform by delivering new policy as code capabilities to Weave GitOps.

The additional security will provide enterprises with secure GitOps pipelines throughout the software development and deployment lifecycle as Weaveworks continues its efforts to automate Kubernetes application and infrastructure operations.

Weaveworks added policy as code through its acquisition of Seattle-based Magalix, which specializes in building tools for developers and security teams to codify security and compliance in their software development lifecycle.

Shifting Cloud and Kubernetes Security Left

“Policy as Code is a significant trend, underpinning security, compliance and guardrails efforts for enterprises adopting Kubernetes-based distributed systems,” said James Governor, co-founder of RedMonk, in a statement “GitOps is a natural workflow for policy between developers and operators, and Weaveworks has acquired Magalix to accelerate its capabilities in this area.”

“We believe that GitOps is the right way to solve customers, cloud native application operations problems going forward,” Alexis Richardson, CEO of Weaveworks, said.

According to an IDC study from 2020, 67% of breaches in the cloud are caused by misconfigured applications or infrastructure.

“Infrastructure automation enhances application delivery, supporting on-premises and cloud topologies,” said Chris Saunderson, a Gartner analyst in a report from last year. “GitOps and policy-as-code approaches and tools, supplemented by vulnerability prioritization technology platforms, will drive assessment and enforcement of security and compliance mandates.”

Policy as code is all about codifying your security standards and best practices, said Mohamed Ahmed, founder, and CEO of Magalix.

The Magic of Magalix

“Magalix is all about adding the guardrails so that you move fast without breaking things,” he said. “Magalix is based on the open source Open Policy Agent (OPA). We have a set of comprehensive policy libraries. Number two is we have integrations with the DevOps tools that exist in the market. And the last piece that we bring to the table is the insights and the comprehensive reporting that we provide all key players in any organization building cloud native apps.”

By adding Magalix, Weaveworks delivers customizable policies, compliance capabilities and comprehensive risk visibility into GitOps workflows, ensuring only authorized applications are deployed and there are no nefarious activities, Richardson noted.

Magalix was founded in 2017, focusing on security-as-code for teams running cloud native applications. Moreover, with Magalix’s security capabilities customers can control and enforce policies, using the same declarative approach as Kubernetes, to scale their applications while maintaining regulatory requirements and security best practices, Ahmed said.

“We are seeing an increase in customers who run a zero-trust security model turning to GitOps to bring DevOps to cloud native application development and IT operations,” he said in a statement.

Enterprise Customer Needs

Weaveworks has received requests from many of its larger enterprise customers for additional security, Richardson said.

“Because the biggest customers are very advanced in terms of compliance requirements, many of them are regulated,” he told The New Stack. “Many of them have data which needs to be looked after. But what they haven’t done is adopt Kubernetes. At scale, they’ve done it at the POC [proof of concept] level. And what stopped them from doing it is just the sense of how do I make it safe? They want all the things that I describe, you know, safe, safe pipelines, baked in compliance, being able to stop bad things from happening before they happen, supply chain verification, etc. These are all constant questions from customers.”

One large customer, Deutsche Telekom, is using Weaveworks and GitOps to roll out Kubernetes optimized for cloud native 5G deployments.

“As soon as we empowered our internal Kubernetes platform team to move forward with Weaveworks’ support, they shipped a working system into production in a matter of months, and onto 5G in 2021,” said Abdu Mudesir, SVP Technology at Deutsche Telekom, in a statement. “All this has been possible through the GitOps model.”

Trusted Delivery

Trusted delivery adds policy as code to GitOps, enforcing security within the DevOps workflow. GitOps Trusted Delivery means that:

  • Policy as code enforces security and compliance from source to production: Magalix’s policy engine enables DevOps teams to apply consistent policies and best practices across multiple Kubernetes environments. Customers can now bridge the gap between developers, DevOps and security teams by introducing developer guardrails.
  • Runtime policy and drift management guards protect production deployments: Magalix’s KubeGuard agent ensures any runtime drift is detected and automatically remediated. Customers are assured that policies are being enforced across all deployments and are immediately aware of any violations.
  • Embedding security in GitOps workflows: Magalix simplifies DevSecOps and enables cloud native environments to be more intrinsically secure, by integrating directly into source, build and deployment stages of the software lifecycle.

Weaveworks is integrating Magalix into Weave GitOps Enterprise, delivering Kubernetes security, enhanced visibility and resilience across the cloud native life cycle in hybrid cloud, multicloud and edge environments.

Featured image via Pixabay.