An Intellyx BrainCandy Brief
When companies initially explore a cloud-native transformation, they likely assume they will need to monitor and secure Kubernetes clusters. Unfortunately, security requirements will never be that simple to nail down, as there are several different flavors of containers and Kubernetes in play, and many other layers to address in the cloud-native story.
To address this growing threat surface, Aqua Security splashed into the cloud-native ecosystem four years ago, which makes them old-party members of the CNCF. The firm actively participates in security standards development and contributed their own Kube-Bench compliance checker to open source.
That’s nice for cluster hygiene, but Aqua is telling a bigger story of providing a comprehensive security platform for all the new and changing moving parts of an enterprise scale cloud-native environment, which will run workloads across hybrid IT infrastructures, containers, microservices, functions and serverless environments.
DevSecOps teams leverage Aqua’s platform in the CI/CD pipeline, as it scans all registries and components for a gateway at any check-in, not just to find non-compliant or outdated bits, but to help developers avoid using components that won’t behave as specified in production.
Once cloud-native apps are in production, the Aqua platform employs different control techniques based on the complex environment they are observing. Thus, a Docker container may get a sidecar agent that can act as an enforcer for remediation, whereas a serverless Lambda function gets a lightweight ‘code injection’ that allows traceable data to reach the platform so the appropriate tool or SRE can be notified of any problems to resolve with context.
© 2019 Intellyx. At the time of writing, Aqua Security is not an Intellyx customer. Want to see more BrainCandy? Subscribe today. If you are a vendor seeking coverage from Intellyx, please contact us at PR@intellyx.com.