Check Point® Software Technologies Ltd. announced its position as a leader in The Forrester Wave™: Enterprise Firewalls, Q4 2024 report.
Just like health in humans where both nature (e.g., your genetic traits) and nurture (e.g., diet and exercise) play an important role; a healthy Kubernetes deployment too needs to have the right start with secure foundations, as well as secure operational practices to keep your clusters running. However, accidents do occur, and things go wrong unexpectedly, so it is critical to invest in an insurance policy with Kubernetes data protection.
Going to the Gym – Secure Operations
A recent report from the NSA provides a Kubernetes Hardening Guide that is a good example of best practices that serve as a defense against supply chain risks, malicious actors as well as insider threats.
Security hygiene practices of container scanning, encrypting data, segmenting networks, etc. are highlighted well in this guide. Implementing and adhering to these processes starts with organizations understanding the unique risks and challenges that come with securing Kubernetes clusters.
Old methods and tools that relied on securing perimeters and firewalls do not work in this growing cloud-native environment, so it is critical to invest in educating and retooling. Cloud-native applications, built as microservices employ a variety of open-source modules and are deployed in distributed environments, obsoleting the traditional notions of static IP address-based security and enforcement rules.
Building your DNA – Secure Foundations
What the NSA report doesn't cover though is that with the adoption of "Shift Left" principles, not only is security a shared responsibility, but we now also have very capable tools to embed security constructs and polices very early in the software development life cycle. Cloud-native development IDEs now make it a snap to incorporate the best security practices early. For e.g., Right at development time, when creating an object storage bucket, the developer can be auto reminded to ensure that the encryption options are turned on.
The Kubernetes community is also innovating with new constructs that make Policy-as-code easy to author and enforce without being locked into a single vendor solution. For e.g., using policy language authoring and enforcement tools, you can associate a backup policy as a pre-cursor to a stateful application being deployed into production. Kubernetes admission controllers can detect and enforce these policies with mutating web hooks. This follows the principle of security being a shared responsibility. Organizations that build these strong foundations upfront, will not find themselves in a potentially disastrous situation of production applications without backup policies handling mission critical data at run time.
Don't Forget Insurance – Kubernetes Backup and DR
As the deployment of Kubernetes applications increase in scale, so have the attacks from malicious actors. As an example, ransomware is a serious problem for enterprises and is now even expanding to the mid-market segment as this WSJ article highlights.
Organizations need to plan for these disruptions and invest in the right data protection tools. Just like the old perimeter-based approaches don't work in securing Kubernetes, similarly traditional hypervisor-based tools don't work for data protection. Invest and operationalize in the right Kubernetes-native solution that accommodates high-velocity application development cycles with distributed deployment where the infrastructure is abstracted away.
Follow these principles, and there is no reason why your Kubernetes applications will not have a long and health life!
Industry News
Sonar announced two new product capabilities for today’s AI-driven software development ecosystem.
Redgate announced a wide range of product updates supporting multiple database management systems (DBMS) across its entire portfolio, designed to support IT professionals grappling with today’s complex database landscape.
Elastic announced support for Google Cloud’s Vertex AI platform in the Elasticsearch Open Inference API and Playground.
SmartBear has integrated the load testing engine of LoadNinja into its automated testing tool, TestComplete.
Check Point® Software Technologies Ltd. announced the completion of its acquisition of Cyberint Technologies Ltd., a highly innovative provider of external risk management solutions.
Lucid Software announced a robust set of new capabilities aimed at elevating agile workflows for both team-level and program-level planning.
Perforce Software announced the Hadoop Service Bundle, a new professional services and support offering from OpenLogic by Perforce.
CyberArk announced the successful completion of its acquisition of Venafi, a provider of machine identity management, from Thoma Bravo.
Inflectra announced the launch of its AI-powered SpiraApps.
The former Synopsys Software Integrity Group has rebranded as Black Duck® Software, a newly independent application security company.
Check Point® Software Technologies Ltd. announced that it has been recognized as a Visionary in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.
Harness expanded its strategic partnership with Google Cloud, focusing on new integrations leveraging generative AI technologies.
OKX announced the launch of OKX OS, an onchain infrastructure suite.