Continuous Security for Cloud-native Applications

Overview

Hello everyone, welcome to my blog. We've covered Red Hat Advanced Cluster Management (ACM) for Kubernetes from my previous article, which is an add-on on top of the OpenShift Container Platform (OCP). ACM provides end-to-end visibility and control for your multiple Kubernetes environments across public, private clouds, and on-premise data centers.

In this article, we will cover why is continuous security important, our vision and introduce Red Hat Advanced Cluster Security (ACS) for Kubernetes.

Why is Continuous Security important?

Benefits of a Kubernetes-native Approach to Security

Reduce operational risk to ensure alignment between infrastructure and security teams to reduce application downtime.

Increase developer productivity by leveraging kubernetes to provide guardrails support developer velocity. 

Lower operational cost by DevOps and Security teams are able to use a common language and source of truth. 

DevSecOps is Important

DevOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, the security team must also play an integrated role in the full life cycle of your apps.

DevSecOps allows IT and security teams to tackle challenges across people, processes, and technologies and allows for improved speed and efficiency, improve consistency, repeatability, and collaboration; and reduce human error which all ultimately reducing risk.

Our Vision

Our vision is to enable organizations to securely build, deploy and run cloud-native applications anywhere.

What's Red Hat Advanced Cluster Security for Kubernetes?

Advanced Cluster Security (ACS) is the industry's only kubernetes-native container security platform that securing kubernetes and your cloud-native applications, powered by StackRox technology.

The security build-in from OCP provides:

• Identity & Access Management 
• Compliance Operator 
• Volume Encryption
• File Integrity Operator 
• Security Context Constraints 
• Secrets Management 

Day-1 security and Automation from ACM provides: 

• Compliance Operator
• ETCD Encryption 
• Removal of Kubeadm
• RBAC
• Default SCCs 
• Gatekeeper Policies

ACS provides advanced features to protect your applications across build, deploy and runtime security, and enable DevOps and InfoSec teams to operationalize security.

OpenShift Platform Plus

For the early adoption OpenShift customers, OpenShift Platform Plus includes three components as shown below.

• ACS: Built-in multicluster Kubernetes-native security anywhere you need it.
• ACM: Built-in governance and application life-cycle management across multiple clusters.
• Quay: A scalable, central registry to provide a single source of truth of available software and distribute it efficiently to multiple clusters