Security is an issue often cited as an obstacle to the wider adoption of cloud-native technologies, including scaling applications.
Red Hat, the pioneering provider of open-source solutions, announced its intent to acquire StackRox, which specialises in Kubernetes-native security. The idea is to bring StackRox’s Kubernetes-native security capabilities to Red Hat’s OpenShift, the Kubernetes platform for enterprises.
This is another step toward Red Hat attaining its vision of delivering a single, holistic platform that enables users to build, deploy and securely run most applications across the hybrid cloud. Kubernetes is one of the fastest growing open source projects and is the foundation of cloud-native (containerisation) applications, which are central to digitalisation efforts in many industries.
However, as Gartner notes, "Container usage for production deployments in enterprises is still constrained by concerns regarding security, monitoring, data management and networking."
Container security relies on Linux security. Working with the open source community, Red Hat Enterprise Linux constantly evolves new standards to secure cloud-native environments.
Building on this approach, OpenShift has a layered approach to securing containers throughout the container lifecycle, from building, to deploying to running containers in mission critical environments. The idea is that StackRox’s complementary capabilities strengthen the integrated security across Red Hat’s hybrid cloud portfolio with greater simplicity and consistency.
For example, Red Hat will expand and refine Kubernetes’ native controls, and shift security left into the container build and continuous integration and either continuous delivery (CI/CD) phase, to provide a cohesive solution for enhanced security up and down the entire IT stack and throughout the lifecycle.
Paul Cormier, President and CEO, Red Hat, stated, "Securing Kubernetes workloads and infrastructure cannot be done in a piecemeal manner; security must be an integrated part of every deployment, not an afterthought.
"Red Hat adds StackRox's Kubernetes-native capabilities to OpenShift's layered security approach, furthering our mission to bring product-ready open innovation to every organization across the open hybrid cloud across IT footprints.
Founded in 2014, StackRox was designed to reinvent enterprise security and evolved to focus on Kubernetes security. While many first generation container security platforms were often container-centric, StackRox is specifically a Kubernetes-native security platform.
This should make the control and enforcement of policies easier in a Kubernetes environment because it uses the same declarative approach as Kubernetes to scale applications while maintaining security.
Red Hat said in a statement that, “StackRox software provides visibility across Kubernetes clusters, by directly deploying components for enforcement and deep data collection into the Kubernetes cluster infrastructure, reducing the time and effort needed to implement security, and streamlining security analysis, investigation and remediation.
“The StackRox policy engine includes hundreds of built-in controls to enforce security best practices, industry standards such as CIS Benchmarks and NIST, and configuration management of both containers and Kubernetes, and runtime security.”
In addition to Red Hat OpenShift, StackRox will continue to support Kubernetes platforms, including Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE).