Oracle announced plans for Oracle Code Assist, an AI code companion, to help developers boost velocity and enhance code consistency.
Just like health in humans where both nature (e.g., your genetic traits) and nurture (e.g., diet and exercise) play an important role; a healthy Kubernetes deployment too needs to have the right start with secure foundations, as well as secure operational practices to keep your clusters running. However, accidents do occur, and things go wrong unexpectedly, so it is critical to invest in an insurance policy with Kubernetes data protection.
Going to the Gym – Secure Operations
A recent report from the NSA provides a Kubernetes Hardening Guide that is a good example of best practices that serve as a defense against supply chain risks, malicious actors as well as insider threats.
Security hygiene practices of container scanning, encrypting data, segmenting networks, etc. are highlighted well in this guide. Implementing and adhering to these processes starts with organizations understanding the unique risks and challenges that come with securing Kubernetes clusters.
Old methods and tools that relied on securing perimeters and firewalls do not work in this growing cloud-native environment, so it is critical to invest in educating and retooling. Cloud-native applications, built as microservices employ a variety of open-source modules and are deployed in distributed environments, obsoleting the traditional notions of static IP address-based security and enforcement rules.
Building your DNA – Secure Foundations
What the NSA report doesn't cover though is that with the adoption of "Shift Left" principles, not only is security a shared responsibility, but we now also have very capable tools to embed security constructs and polices very early in the software development life cycle. Cloud-native development IDEs now make it a snap to incorporate the best security practices early. For e.g., Right at development time, when creating an object storage bucket, the developer can be auto reminded to ensure that the encryption options are turned on.
The Kubernetes community is also innovating with new constructs that make Policy-as-code easy to author and enforce without being locked into a single vendor solution. For e.g., using policy language authoring and enforcement tools, you can associate a backup policy as a pre-cursor to a stateful application being deployed into production. Kubernetes admission controllers can detect and enforce these policies with mutating web hooks. This follows the principle of security being a shared responsibility. Organizations that build these strong foundations upfront, will not find themselves in a potentially disastrous situation of production applications without backup policies handling mission critical data at run time.
Don't Forget Insurance – Kubernetes Backup and DR
As the deployment of Kubernetes applications increase in scale, so have the attacks from malicious actors. As an example, ransomware is a serious problem for enterprises and is now even expanding to the mid-market segment as this WSJ article highlights.
Organizations need to plan for these disruptions and invest in the right data protection tools. Just like the old perimeter-based approaches don't work in securing Kubernetes, similarly traditional hypervisor-based tools don't work for data protection. Invest and operationalize in the right Kubernetes-native solution that accommodates high-velocity application development cycles with distributed deployment where the infrastructure is abstracted away.
Follow these principles, and there is no reason why your Kubernetes applications will not have a long and health life!
Industry News
New Relic launched Secure Developer Alliance.
Dynatrace is enhancing its platform with new Kubernetes Security Posture Management (KSPM) capabilities for observability-driven security, configuration, and compliance monitoring.
Red Hat announced advances in Red Hat OpenShift AI, an open hybrid artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across hybrid clouds.
ServiceNow is introducing new capabilities to help teams create apps and scale workflows faster on the Now Platform and to boost developer and admin productivity.
Red Hat and Oracle announced the general availability of Red Hat OpenShift on Oracle Cloud Infrastructure (OCI) Compute Virtual Machines (VMs).
The Software Engineering Institute at Carnegie Mellon University announced the release of a tool to give a comprehensive visualization of the complete DevSecOps pipeline.
Synopsys has entered into a definitive agreement with Clearlake Capital Group, L.P. and Francisco Partners.
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.