UPDATED 20:15 EDT / MAY 27 2021

NEWS

Accurics aims to reduce security costs with ‘policy as code’ to address Kubernetes vulnerability

Following the modernization of IT infrastructure, cloud native resilience is a current concern for most businesses. Although essential, the solutions to protect this environment can be complex and add costs for enterprises.

Employing “policy as code” to address Kubernetes vulnerabilities in a cost-effective way is the goal of startup Accurics Inc., according to Om Moolchandani (pictured), chief information security officer and chief technology officer of Accurics.

“Our focus is 100% on reducing the cost of security,” he said. “And in order to do that, you really have to do things that previously were not done in development environments, and that’s where we’re going.”

Moolchandani spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during DockerCon. They discussed Accurics security solutions for the cloud native infrastructure, the main threats around Kubernetes and the challenges companies face in solving them. (* Disclosure below.)

Security during the development and deployment time

To reduce the cost of detecting security problems in the cloud native infrastructure, the best option is to implement solutions during development and deployment time, according to Moolchandani. Security must be codified into all layers of the cloud stack to identify and fix misconfigurations before cloud infrastructure is provisioned.

“We shift your cloud native security posture detection to left, we detect all your security posture related issues while the code is in development, in design phase, as well as while it is about to get deployed,” he explained.

Accurics provides more than 1.500 policies across more than 10 standards, such as CIS Benchmarks, NYDFS and GDPR, so that companies can enable policy guardrails in minutes. It also defines policies based on customer individual needs.

After the detection, Accurics fixes the issues by generating what it calls remediation as code. It resolves policy violations and security risks by codifying remediation into customer’s pipeline.

“We help developers reduce the cost of remediation and also meantime to remediation for security problems,” Moolchandani said.

Cyber ​​threats for this environment are evolving

The uniqueness of cloud native security is that it does not involve a single control plane; it also includes the supply chain elements that go into the deployment of the clusters, according to Moolchandani. And it means a broader security solution.

“You need to secure not just the application code, which is running inside your container images, but also the container image itself, then the pod, then the namespace, then the cluster, and also you need to do all the other cyber hygiene related things that you were doing previously,” he explained.

With the singularity of the infrastructure, the cyberattacks are also likely to be different from the traditional ones. One example is s watering hole attack.

Since most of the cloud native infrastructure are developed from several different open-source components and pieces, pulling a container image that contains malware can have a direct impact on the cluster.

“[It is] not only that,” Moolchandani said. “Registries can be located anywhere, [and] if you do not do proper sanitization and checking off your supply chain components, such as a container image, it can land in secure zones like this, so not only in a cluster; it can become part of a system namespace very soon.”

People have a false sense of security in the cloud native environment because a Kubernetes cluster is a kind of air gap, with no exposure of the control plane to the internet.

“[But] that doesn’t mean anything; a container [that] enters into your cluster can take over the entire cluster,” he explained. “These are some very innovative and noble attacks that we predict are going to come to our way in next 12 to 18 months.”

To operationalize security in the cloud native environment, Accurics first brings all major types of infrastructure code and control planes to a single uniform format, called cloud as code.

“So, we apply Open Policy Agent to this middleware that we create,” Moolchandani stated. Accurics’ strategy also aims to not introduce any new tooling into the developer’s workflows – the solution is integrated with all existing flows.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of DockerCon. (* Disclosure: Accurics Inc. sponsored this segment of theCUBE. Neither Accurics nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU