Enterprise, open-source solutions provider Red Hat Inc. has begun to articulate how it sees its acquisition of StackRox Inc., the Kubernetes-native security solution, playing out. That includes StackRox’s name change to Red Hat Advanced Cluster Security for Kubernetes, or RHACS (and sometimes just ACS).

The idea is that RHACS will augment container application platform OpenShift’s existing security, and indeed Red Hat says that StackRox’s security add-on is needed.

“There’s a great deal of security built in to OpenShift; as it goes to market out of the box, customers need the additional capabilities that StackRox brings,” said Kirsten Newcomer (pictured right), director of cloud and DevSecOps strategy at Red Hat.

Newcomer and Kamal Shah (pictured left), vice president of cloud platforms at Red Hat, spoke with Lisa Martin, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the recent Red Hat Summit. They discussed StackRox as it becomes integrated with Red Hat. (* Disclosure below.)

Add-on security

Security partners have traditionally supplied the needed add-on security, but with the acquisition, Red Hat believes it can now more tightly knit security. It still will support other security partners, though. However, “we are already working hand-in-hand to integrate our companies,” Shah said.

Adding to workload protection is one of the key attributes of the StackRox add-on. And that’s a requirement that has been changing over time: No longer is one simply deploying antivirus or malware catchers on VMs and host operating systems, Newcomer pointed out.

“If they aren’t secured from the get-go, you miss your opportunity to secure them, right?” she said. Meaning, one can’t layer security on a running container.

“You always have to rebuild and redeploy. If you patch the running container, the next time that container image is deployed, you’ve lost that patch,” Newcomer added.

She reckons that StackRox integration will fix that potential problem.

“We help them to secure the infrastructure by preventing misconfigurations,” added Shah, who was the CEO of StackRox before the January 2021 acquisition announcement. “Misconfigurations often lead to breaches at runtime.”

Built-in security includes helping customers manage compliance requirements, like HIPAA health information privacy, for example. Inadvertently missing steps in security required for containerized workloads, or if new vulnerabilities are discovered after delivery, is also handled.

“With policies that are written for you, you can focus on building your applications,” said Newcomer.

One example she cites would be a case of malware in a container. “StackRox can look for a package manager that could be used to pull in code that could be exploited,” she said, explaining that the container is then simply stopped.

These security problems are exacerbated by the nature of containers, according to Newcomer.

“They’re designed to be shut down and brought back up,” she said. In fact, containers come and go all the time in a Kubernetes cluster. The same goes for server nodes in a cloud native Kubernetes cluster. What that means is that one has a lot more data that to collect and analyze.

“Things are moving fast, so you want the right type of data collection and the right correlation to have good visibility into your environment,” Newcomer said.

Having policy guardrails introduced by better security product integration, for example, means digital transformation developers can move faster … “without having to worry about hundreds of potential issues,” Shah concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Red Hat Summit. (* Disclosure: TheCUBE is a paid media partner for Red Hat Summit. Neither Red Hat Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE