The microservice deployment and management stack is proving very effective for companies taking advantage of the cloud’s capabilities to scale and adapt. Containers (often alongside Kubernetes tooling) fit well, too, with agile DevOps and CI/CD workflows that transition code from development to production in short timescales.
A significant problem with the speed of transition from home lab tests to production in just a few years is that containers are a technology that’s DevOps- not SecOps-focused. The collegiate atmosphere of trust in the broader development community has not so much turned a blind eye to bad actors but simply not considered the implications of malevolent players’ potential activities.
The emergence of DevSecOps roles in many workplaces (CAGR of over 24% in roles in the sector is expected to 2028) shows that many organizations are aware that there’s potential for combining security and CI/CD. But other than continuing to hire almost as many cybersecurity personnel as developers, what can companies do to ensure safer production systems?
Right from when container technology began to emerge into the development community’s awareness, native specialist security platforms designed for microservices started to appear. Recently acquired by SUSE, NeuVector is probably the best-known among these. Its lightweight presence in Kubernetes environments protects developing applications throughout the CI pipeline, through QA, and into production.
As you might imagine, a static security framework wouldn’t be suitable in container-focused applications. The speed and ease of creating virtual networks, hundreds of pods offering a shifting range of scalable services, clusters distributed over several clouds – these are hardly factors that make security specialists conversant in traditional security feel comfortable.
With cybersecurity platforms designed specifically for containers, organizations can easily use policy as code to create zero-trust container environments, environments that are actively scanned automatically. The plus side here for developers is that protection can be assured by relatively trivial changes to configuration files. Once achieved, the development environment can be addressed as usual.
The differences in methods between DevOps and SecOps are perhaps exaggerated for the sake of a good story in the technology press: the former wants to surge forward, the latter holding back for security’s sake. But hyperbole aside, there are increasing numbers of concerns from legal quarters of compliance with a changing raft of legislation: HIPAA, NIST, GDPR, etc. Getting the security, development, agility, and compliance balance “just so” is a challenging ask.
NeuVector’s light touch in deployment ticks boxes for DevOps, creates the type of self-learning, zero-trust environment that makes security pros sleep better at night, and also provides the kind of security data the governance paperwork demands.
Best of all, though, the security function the platform provides fits neatly into the cloud-native stack that companies like SUSE are helping to promote. Instead of needing extra, specialist security tooling, NeuVector can be deployed as a Jenkins plugin, in an “Enforcer” container, onto a VM installation, and even onto a bare-metal OS. It also plays nice with your SIEM and common monitoring tools, so there’s no new source of red flags too.
To deliver fine digital experiences and gain consumer trust, companies have to pursue the highest standards in both development and security practice. In microservice-based development cycles, security has to be a concern, but it needn’t be a hindrance to the agility that cloud-native technology offers.
Protecting your container pipeline needn’t be complicated. To read more, head over here, or watch the video.
Read More from This Article: The Container Age Has Security-To-Go as Part of CI/CD Workflows
Source: News