Portshift Extends the Security of Pods with Simplified PSP Deployment
January 28, 2020

Portshift introduced a simplified and intuitive pod security policy (PSP) implementation for Kubernetes.

Portshift’s PSP implementation allow users to harden their Kubernetes clusters security settings, with an agentless approach eliminating the need to deploy a daemonset (software agent) on all Kubernetes nodes.

Portshift’s PSP solution simplifies the way administrators configure and use policies by enabling users to define granular policies (per pod/group of pods) based on potential risk even when they share the same service account attributes. With this capability Portshift enables the setting of flexible secured deployment configuration policies free of the need to tie it with the Kubernetes RBAC mechanism and service account granularity limitation.

Kubernetes pod security policies provide a framework to ensure that pods run only with the assigned privileges, with access only to predetermined resources (e.g. volumes and network). Security and DevOps teams operating Kubernetes clusters leverage them to control pod creation with the desired security context. Kubernetes role-based access control (RBAC) is used together with PSP to verify that the pod’s security configuration meets the defined policy.

However, there are several limits to implementing Kubernetes policies, including overlapping policy conflicts and the inability to deliver granular security in a complex K8s environment at scale.

With this release, Portshift adds a simple and intuitive policy layer of security to pods solving duplication conflicts and RBAC constraints, allowing users to configure their desired security settings from predefined PSP profiles or to use their home-grown profiles.

Portshift addresses the existing challenges of Pod Security Policy by extending its capabilities at scale to address more pod elements than previously possible. It also allows Portshift to leverage the existing architecture to provide seamless policy enforcement to users without performance degradation -- which is typically associated with the deployment of agents (daemonset) on each Kubernetes node (host).

"Portshift has simplified PSPs to provide DevOps with an intuitive and simplified option to benefit from Kubernetes pod security policy and deliver more robust and secure pod deployments by leveraging Kubernetes native tools," Zohar Kaufman, VP, R&D and Co-Founder, Portshift. "This new capability extends the pod’s security, helping to better defend against cyber attack."

Share this

Industry News

February 27, 2020

Datadog announced an integration with Nessus from Tenable.

February 27, 2020

Talend announced the Winter ‘20 release of Talend Data Fabric.

February 27, 2020

Alcide announced that the Alcide Kubernetes Security Platform now supports compliance scans for PCI and GDPR, enabling DevOps to deliver regulatory compliance checks rapidly and seamlessly alongside Alcide’s leading Kubernetes security capabilities.

February 26, 2020

Perforce Software released a free tool for organizations considering open source software - OpenLogic Stack Builder.

February 26, 2020

Applause announced a new partnership with Infosys to provide broader end-to-end digital experience testing services to clients.

February 26, 2020

RapidMiner announced the release of its platform enhancement, RapidMiner 9.6. This update prioritizes people – not technology – at the center of the enterprise AI journey, providing new, unique experiences to empower users of varying backgrounds and abilities.

February 25, 2020

JFrog announced the availability of the "JFrog Platform," a hybrid, multi-cloud, universal DevOps platform.

February 25, 2020

Nureva added new agile canvas templates to Span Workspace, including a heat map developed by Jeff Sutherland, the co-creator of Scrum and founder of Scrum Inc. and Scrum@Scale.

February 25, 2020

Agiloft announced the addition of its new Agiloft AI Engine, complete with prebuilt AI Capabilities for contract management and an open AI integration that allows customers to incorporate custom-built AI tools into the no-code platform.

February 24, 2020

Cloudify announced that its latest product update - Cloudify version 5 - features an Environment as a Service component, designed to achieve consistent delivery and management of hybrid-cloud services and network infrastructures across CI/CD pipelines - at scale.

February 24, 2020

Checkmarx announced new enhancements to its Software Security Platform to empower more seamless implementation and automation of application security testing (AST) in modern development and DevOps environments.

February 24, 2020

Rapid7 and Snyk announced a strategic partnership to deliver end-to-end application security to organizations developing cloud native applications.

February 20, 2020

The American Council for Technology and Industry Advisory Council (ACT-IAC), the premier public-private partnership dedicated to advancing government through the application of information technology, officially announced the release of the DevOps Primer.

It was produced through a collaborative, volunteer effort by a working group from government and industry, hosted by the ACT-IAC Emerging Technology Community of Interest (COI).

February 20, 2020

DLT Solutions, a subsidiary of Tech Data, launched the Secure Software Factory (SSF), a framework that provides the U.S. public sector with consistent development and deployment of high-quality, scalable, resilient and secure software throughout an application’s lifecycle.

February 20, 2020

Netography announced the general availability of the company’s Security Operations Platform.