Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

The Container Age Has Security-To-Go as Part of CI/CD Workflows

The microservice deployment and management stack is proving very effective for companies taking advantage of the cloud’s capabilities to scale and adapt. Containers (often alongside Kubernetes tooling) fit well, too, with agile DevOps and CI/CD workflows that transition code from development to production in short timescales.

A significant problem with the speed of transition from home lab tests to production in just a few years is that containers are a technology that’s DevOps- not SecOps-focused. The collegiate atmosphere of trust in the broader development community has not so much turned a blind eye to bad actors but simply not considered the implications of malevolent players’ potential activities.

The emergence of DevSecOps roles in many workplaces (CAGR of over 24% in roles in the sector is expected to 2028) shows that many organizations are aware that there’s potential for combining security and CI/CD. But other than continuing to hire almost as many cybersecurity personnel as developers, what can companies do to ensure safer production systems?

Right from when container technology began to emerge into the development community’s awareness, native specialist security platforms designed for microservices started to appear. Recently acquired by SUSE, NeuVector is probably the best-known among these. Its lightweight presence in Kubernetes environments protects developing applications throughout the CI pipeline, through QA, and into production.

As you might imagine, a static security framework wouldn’t be suitable in container-focused applications. The speed and ease of creating virtual networks, hundreds of pods offering a shifting range of scalable services, clusters distributed over several clouds – these are hardly factors that make security specialists conversant in traditional security feel comfortable.

With cybersecurity platforms designed specifically for containers, organizations can easily use policy as code to create zero-trust container environments, environments that are actively scanned automatically. The plus side here for developers is that protection can be assured by relatively trivial changes to configuration files. Once achieved, the development environment can be addressed as usual.

The differences in methods between DevOps and SecOps are perhaps exaggerated for the sake of a good story in the technology press: the former wants to surge forward, the latter holding back for security’s sake. But hyperbole aside, there are increasing numbers of concerns from legal quarters of compliance with a changing raft of legislation: HIPAA, NIST, GDPR, etc. Getting the security, development, agility, and compliance balance “just so” is a challenging ask.

NeuVector’s light touch in deployment ticks boxes for DevOps, creates the type of self-learning, zero-trust environment that makes security pros sleep better at night, and also provides the kind of security data the governance paperwork demands.

Best of all, though, the security function the platform provides fits neatly into the cloud-native stack that companies like SUSE are helping to promote. Instead of needing extra, specialist security tooling, NeuVector can be deployed as a Jenkins plugin, in an “Enforcer” container, onto a VM installation, and even onto a bare-metal OS. It also plays nice with your SIEM and common monitoring tools, so there’s no new source of red flags too.

To deliver fine digital experiences and gain consumer trust, companies have to pursue the highest standards in both development and security practice. In microservice-based development cycles, security has to be a concern, but it needn’t be a hindrance to the agility that cloud-native technology offers.

Protecting your container pipeline needn’t be complicated. To read more, head over here, or watch the video.


Read More from This Article: The Container Age Has Security-To-Go as Part of CI/CD Workflows
Source: News

Category: NewsApril 26, 2022
Tags: art

Post navigation

PreviousPrevious post:Backcountry modernizes for the cloud eraNextNext post:Harvesting the Benefits of Cloud-Native Hyperconvergence

Related posts

Barb Wixom and MIT CISR on managing data like a product
May 30, 2025
Avery Dennison takes culture-first approach to AI transformation
May 30, 2025
The agentic AI assist Stanford University cancer care staff needed
May 30, 2025
Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
May 30, 2025
“AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
May 30, 2025
“ROI는 어디에?” AI 도입을 재고하게 만드는 실패 사례
May 30, 2025
Recent Posts
  • Barb Wixom and MIT CISR on managing data like a product
  • Avery Dennison takes culture-first approach to AI transformation
  • The agentic AI assist Stanford University cancer care staff needed
  • Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
  • “AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.