Container security startup is the cloud-native yes man
The maturation of the Kubernetes container management platform is bringing relief to enterprises everywhere. They no longer require the biggest brains in information technology to configure clusters on the open-source platform for orchestrating containers (a virtualized method for running distributed applications). This is pushing Kubernetes and cloud-native computing further into the mainstream.
At the same time, the cast of supporting actors around Kubernetes and cloud-native is growing. The tool makers mean well; they want to improve some area of operations — like the orchestration of containers across environments. But will the need for extras and a glut to choose from become the new complexity nightmare?
Let’s take security, for example. It’s obviously an essential. Containers running across different environments — public clouds, for instance — certainly raise interesting questions: Will container security add a new layer of complexity and friction to Kubernetes? Where does security live in the multicloud world? Do cloud-native applications and operations require a whole new security paradigm?
Those building cloud-native apps or deploying any apps on Kubernetes should be thinking of security in a new way, according to said John Morello (pictured, left), chief technology officer of Twistlock Ltd. Companies are going cloud native because it basically allows them to do things a lot faster, he added. Most traditional security technology is a sack race compared to cloud-native’s Olympic sprint. To get the most from cloud-native, users have to get their security system running apace with it.
“It also has to get away from that approach people took in the past where security was always this friction; it was this impediment,” Morello said. All those time-consuming security reviews aren’t kind to trigger-happy cloud-native developer operations.
“If that’s your approach to security, you’re going to be at a fundamental conflict [with] this new approach,” he stated.
Morello and Nanda Kumar (pictured, right), digital technology transformation, global technology Services, at Verizon, spoke with John Furrier (@furrier) and Stu Miniman (@stu), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the KubeCon + CloudNativeCon event in Seattle, Washington. They discussed the benefits of cloud-native, app-centric security for use cases, including Kubernetes, and why Verizon chose Twistlock to secure its own Kubernetes deployments. (* Disclosure below.)
This week, theCUBE spotlights Twistlock in our Startup of the Week feature.
Security whitelist just says, ‘yes’
Twistlock is a 4-year-old cloud-native cybersecurity company for securing containers in Kubernetes, Docker Inc., etc. It gels with the cloud-native approach by referring to a whitelist of allowed activity instead of a blacklist of no-nos.
“We create this reference model where you can understand what’s normal, and then we automatically prevent anomalies. So unlike that traditional world of security, where you had to have a whole bunch of manual rules to black-list everything that was bad, we just say, ‘We learn what’s good and only allow that,'” Morello stated.
If something smells fishy, the alert goes straight to developers instantly so they can fix it. There are no waiting weeks for a security scan to find an app in production that has a “breach me” sign on its back.
Sounds great, but how does it work with Kubernetes? Is it a cat-and-dog death duel getting them to work together?
Deep in Kubernetes and across multicloud universe
A Kubernetes Technology Partner, Twistlock is itself a cloud-native application that blends right in with the platform. “Not only do we protect the platform, but we just are part of the platform,” Morello said. “There’s nothing abnormal that you have to do. You deploy it and manage it like you would any other Kubernetes application.”
With containers traversing multiple cloud environments, companies have to forget the old notion of a firewall in one location, according to Morello. “One of the things that we really think is important is to be able to bring the parameter to the application,” he stated.
Twistlock does this by learning how microservices in containers communicate with each other and allowing only those types of communications.
What is all this stuff for anyway?
It’s crucial for companies to keep the end goal of heavily hyped technologies in mind. It is not always possible to achieve the desired result just by pushing the start button. If some elements are not in place, they might be getting a fraction of the performance they seek.
“We’ve seen some really crazy uses of Kubernetes, where they’re on Kubernetes but they’re not really … what I say, ‘Kube native,’” Daniel Berg, distinguished engineer, IBM Cloud Kubernetes Service and Istio, at IBM Corp., recently told theCUBE.
Lifting and shifting legacy applications to Kubernetes can result in performance that asks, “What’s the point?”
“At the end of the day, if you truly want to get the value out of cloud and cloud native, your’e going to do an [application] rewrite eventually,” Berg said.
“It’s really easy to forget that infrastructure is not a thing in its own right — it’s solely there to enable applications and to enable other things,” Steve Herrod, managing director at General Catalyst Partners LLC, recently told theCUBE.
“This is chaos in terms of the number of startups doing very specific point solutions,” he said.
The number of tools out that purport to support Kubernetes is getting scarily high. Does it really take all of those extra tools to orchestrate containers? If so, can enterprises really get their hands around them all?
The Cloud Native Computing Foundation has more than 30 projects now, many of which purport to support containers and Kubernetes. CNCF has made project interoperability a priority, according to its executive director Dan Kohn.
“I do think that having so much traction and momentum around Kubernetes is a forcing function for the whole community to come together and stay compatible,” Kohn recently told theCUBE.
Keeping up with cloud-native
Easy compatibility is a key feature that Kubernetes assists should possess.
But the most important measure of a tool’s worthiness in cloud-native and Kubernetes deployments is its end result. Specifically, does it help a company and its developers and admins get to value faster?
Security that works in step with agile, cloud-native DevOps and doesn’t wag a finger at swift app deployment passes those tests, Morello concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon event. (* Disclosure: Twistlock Ltd. sponsored this segment of theCUBE. Neither Twistlock nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU