UPDATED 17:39 EDT / NOVEMBER 09 2021

CLOUD

Security microservices, configuration and observability take the stage at KubeCon NA 2021

That open-source, hybrid cloud is maturing was foremost on the agenda at the recently concluded KubeCon + CloudNativeCon NA event.

Notably the buzz circled the security arena, regarding emerging methods to integrate it deep into the fundamentals of open-source containerization solutions, particularly Kubernetes.

“Now, open source and security go together,” said Stu Miniman, director of market insights and cloud platforms at Red Hat Inc., commenting in a special segment recapping the event’s keynote presentations.

Configuration, a subset of security, and deployment simplification were also high on the agenda, along with the disturbing and rapidly-escalating scourge of supply-chain hacking.

If you missed the event, here are five key takeaways from KubeCon. (* Disclosure below.)

1. Modern security practices take hold

Deepfence Inc.’s ThreatMapper, an open-source security solution, is one example of the products that claim to solve security woes inherent in very complex environments, such as is found in containers and serverless computing architectures.

ThreatMapper takes advantage of open security information being generated as enterprises shift to newer hybrid computing practices, thanks to a maturing containerization ecosystem.

“The stuff starts getting out of control when you have so many different modalities running side-by-side,” said Sandeep Lahane, founder and chief executive officer of Deepfence, in an interview with theCUBE.

ThreatMapper scans and uncovers threats to in-production applications throughout serverless, cloud and Kubernetes environments. Lahane describes the platform as being “security as a microservice.”

“Security is all bottom-up,” said Shyam Krishnaswamy, co-founder and chief technology officer of Deepfence, during the same interview with Lahane. “Your applications are microservices; your security should also be a microservice,” he said of the free platform, which notably uses the increasing amounts of community-sourced threat information.

“It’s tribal knowledge; their informal feeds, GitHub tickets, and a lot of these things,” all captured and built into the platform, the duo explained.

2. Configuration is more important in elaborate environments than cyberattack prevention

It’s actually configuration issues that are the primary cloud security risk, according to Fortinet Inc.’s “2021 Cloud Security Report.” Remarkably, the cybersecurity vendor says it’s more crucial than cyberattack prevention.

Hence, interest swirled at the KubeKon event in the matter of getting configuration right.

Echoing the ThreatMapper position — believing one should be focusing on security from the inception of a development cycle — Vince Hwang, senior director of dynamic cloud security at Fortinet, said in an interview with theCUBE that it’s vital to integrate security “throughout the entire life cycle, from the moment you start planning and development in peoples and process to when you’re developing it and then deploying and running into production.”

One way to go about that is by getting the configuration correct.

“The configurations when you’re storing the data, the registries [and] all these different considerations that go into a cloud environment — those are the things organizations need visibility on,” Hwang said, while discussing the Fortinet Security Fabric product that, among other things, handles security across different technologies and form-factors in heavily virtualized and increasingly complex computing environments.

3. Supply chain hacks are escalating, and in the spotlight

Supply chain security was a major theme at KubeKon. This interest was partly due to the 4x increase in attacks predicted for 2021 by a European Union agency cybersecurity report. Other factors include the myriad combination of new attack surfaces coming on stream as hybrid cloud and containerization and microservices take hold across enterprise.

Supply chain hacks are basically where a weak link in the customer or vendor computer system is used as an attack vector — 62 % of attacks on customers came through attacks on suppliers, according to the agency. The attack usually comes in the form of malware and can grab data from an element in the supply chain through a trusted relationship between two supply chain members.

Chainguard Inc. and Red Hat both weighed in on the topic in discussions with theCUBE. Open-source Chainguard, which is made up of former Google employees, says its specializing in early, foundational security too. Similar to the aforementioned vendors, it notes security must be implemented at the inception of development.

“Would you pick up a thumb drive off the side of the street and plug it into your computer? Probably not,” said Kim Lewandowski, Chainguard co-founder, in an interview with theCUBE. “But you download an open-source package that can give you more privileges and production environments, and it’s pretty scary.”

Tamper-proof signatures were another supply chain innovation under discussion from Red Hat-developed Sigstore.

4. Streamlining app deployment to Kubernetes

Monitoring tools to streamline the deployment of applications to Kubernetes was also a hot ticket-item at the event.

Harness.io promises an artificial intelligence deployment platform.

“We’ve designed our artificial intelligence to take care of the worst parts of anyone’s job. Ask any [developer operations] person if they love babysitting deployments; they don’t. Harness handles that for them,” said Nick Durkin, field chief technology officer at Harness.io, in an interview with theCUBE.

TriggerMesh, also in attendance, is a Kubernetes-based platform that integrates cloud applications to be deployed as code and managed at a single source. It’s geared toward keeping mainframes up while organizations work on “cutting-edge mobile applications,” said Mark Hinkle, co-founder and chief executive officer, in an interview with theCUBE.

5. Costs getting reined in

Costs, too, are getting taken care of. StormForge, also interviewed by theCUBE, was one of two companies promising to solve overspend on cloud issues.

“Organizations are becoming more agile, shipping code more quickly,” said Matt Provo, founder and chief executive officer of GramLabs Inc. (doing business as StormForge), in an interview with theCUBE. “But then all-of-a-sudden the cloud bill comes and they’ve overprovisioned by 80%, 90% and discover they didn’t need nearly as many resources.”

StormForge uses machine learning to accurately predict resources needed.

Kubecost is also focused on cloud-bill. It claims to handle cloud cost management by monitoring and reducing expenses of Kubernetes.

“You deploy our product in your environment anywhere you’re running Kubernetes 1.11 or above, we will run and start dynamically generating insights in minutes,” said Webb Brown, co-founder and chief executive officer of Kubecost, in an interview with theCUBE.

Container under-provisioning is one example of insights obtainable.

Be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of KubeCon + CloudNativeCon NA. (* Disclosure: TheCUBE is a paid media partner for the KubeCon + CloudNativeCon NA event. Sponsor for theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Image: KubeCon

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU