UPDATED 14:30 EDT / NOVEMBER 26 2019

Knox Anderson, Amit Gupta, Loris Degioanni SECURITY

Designing security for an open-source, containerized, cloud-native world

Data security is the big issue facing enterprise today. Forget fancy social media campaigns, customer loyalty, and sales figures. One data breach can damage brand reputation in minutes, and trust takes years to rebuild.

Cloud computing and open-source development have made traditionally security measures, such as firewalls and gateways, obsolete. And the multitudes of connected devices have created a potential attack surface that grows larger by the minute.

“Security is super critical, and more so now as folks are deploying more and more mission-critical applications on the Kubernetes-based platform,” said Amit Gupta (pictured, center), vice president of business development and product management at Tigera Inc.

Gupta; Loris Degioanni (pictured, right), founder and chief technology officer of Sysdig Inc.; and Knox Anderson (pictured, left), director of product management at Sysdig, spoke with Stu Miniman (@stu), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the KubeCon + CloudNativeCon event in San Diego, California. They discussed how security is different in an open-source, cloud-native environment. (* Disclosure below.)

Cloud-native security requires distributed architecture

As monolithic architectures disappear, software is also changing. Instead of singular large applications, cloud-native applications are architected from hundreds of microservices operating in a dynamic and distributed fashion. This is more efficient, but “this also means that, securing, monitoring, troubleshooting infrastructures becomes much different,” Degioanni said.

As legacy security tools become obsolete, new security approaches, such as those provided by open-source projects Calico and Falco, are the way forward, Degioanni added.

Sysdig is the original creator of Falco, which Degioanni described as an open-source Cloud Native Computing Foundation phased anomaly detection system that’s based on collecting high granular data from a running Kubernetes environment.

The big challenge in the Kubernetes space is around incident response and audit,” Anderson said.

Tigera and Sysdig have collaborated to manage security within Kubernetes workflows, creating products that provide security across the entire container lifecycle. “So, at build time, making sure your images are properly configured, free of vulnerabilities at run time, looking at all the activity that’s happening,” Anderson stated.

So as enterprise architecture is designed, organizations must think about how to design security across the entire infrastructure “in a distributed fashion or done in the early stages of your projects,” Gupta pointed out. “Just like your applications are being deployed in an automated fashion, your security has to be done in that fashion. So, policy as code, infrastructure as code, and the security is just baked in as part of that process. It’s critical you design that way to get the best outcomes.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon event. (* Disclosure: Sysdig Inc. sponsored this segment of theCUBE. Neither Sysdig nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.