COVID-19 isolation transformed thousands of homes into home offices; and the shift is predicted to stick as companies and employees discover the benefits of remote work. However, the distributed nature of work has increased the already large cyber attack surface and heightened security problems. Securing the perimeter is impossible, putting the onus on cloud native zero-trust solutions to save the day.

“Security is ever more online; cloud security is ever more a part of what people need to pay attention to,” said Liz Rice (pictured), vice president of open-source engineering at Aqua Security Software Ltd. and chair of the Cloud Native Computing Foundation’s Technical Oversight Committee.

Rice spoke with Stu Miniman, host of theCUBE, SiliconANGLE’s livestreaming studio, during the virtual KubeCon + CloudNativeCon Europe 2020 event. They discussed the role of CNCF’s Technical Oversight Committee; what joining CNCF means for a cloud native project; Google, Istio and the CNCF; and Aqua Security’s new open-source container security solution, called Starboard. (* Disclosure below.)

Developers seek end-user input to create efficient solutions

Open source is about collaborative problem solving, but problems can’t be solved if the developers don’t know what they are. “Actually hearing from the horse’s mouth, from the end users who are doing it in the real world is super valuable,” Rice said. “The more input we can get from the end-user community, the more we’ll be solving real problems and not necessarily academic problems that we haven’t necessarily discovered in the real world.”

Helping end users share their input is the Technology Radar, a new tool introduced by CUBE alumni and CNCF ecosystem director Cheryl Hung. “With the Technology Radar, what Cheryl has been able to facilitate is having the end-user community share with us what tools they’re actually using. What do they actually believe are the right hammers for specific nails?” Rice stated.

Community feedback has been important in the development of Starboard, the latest open-source initiative from Rice’s team at Aqua. Still in pre-sandbox stage, the project is based on the idea of turning security reporting information into Kubernetes-native custom resources. This allows current security status to be queried over the Kubernetes API. Rice gives the example of querying the status of a deployment while simultaneously querying to see whether that deployment is passing configuration audits or passing vulnerability scans for the application containers inside it.

“Starboard brings security information not just from Aqua tools, but from other vendor tools as well front and center into that Kubernetes experience. It’s a great way of getting security visibility to more Kubernetes users,” Rice said.

Initial feedback on Starboard “has been really positive,” according to Rice. But the project has a long way to go before it graduates, and community input is needed.

“We’ve come up with some custom resource definitions, but we’d love them to be applicable to a variety of different tools,” Rice stated. “So if people are interested in collaborating, come and talk to me and my team. We’d love to hear from you.”

Watch the complete video interview below, and be sure to check out more of theCUBE’s coverage of KubeCon + CloudNativeCon Europe 2020. (* Disclosure: The Cloud Native Computing Foundation sponsored this segment of theCUBE. Neither The Cloud Native Computing Foundation nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE