Kubernetes and containers are one of the most efficient methods of cloud compute. Container technology improved on virtual machines by running directly on an OS kernel. This makes them lightweight, easy to move, and simple to divide. They eliminate operation headaches while giving developers more time to develop. However, container security often struggles without the right tools and approach.
Solutions Review recently had the chance to interview DivvyCloud CEO and co-founder, Brian Johnson. DivvyCloud provides Kubernetes and container security solutions. Brian leads corporate strategy and product innovation with the goal of making security, compliance, and governance accessible for hybrid, multi-cloud environments.
What are the biggest challenges facing Kubernetes security?
Kubernetes security is often too narrowly on Kubernetes itself, but this misses the bigger holistic picture. Kubernetes security needs to contextually take into account everything surrounding that Kubernetes application, especially when running in public cloud, including things like IAM and related infrastructure.
How can developers stay secure while using a public repository?
Depends on the problem. If the concern is that a container in a public repository has been compromised, developers can create sha256 hash sums of their containers and share the hash through their website. If the worry is that a docker “private” repository would be accessible to someone who doesn’t have access, then I would highly recommend exploring two-factor options.
Do you think the amount of managed service provider options for GCP will see notable growth in the coming year?
Yes, but in part because of the sheer growth of GCP. Generally, we think large enterprises should operate their own cloud and container environments, and that it isn’t as hard as companies think. They just need to put in place the people, processes, and systems needed to do so. However, there are companies who find this process daunting, need to move very rapidly, or have other business drivers that lead to an MSP approach being best for them. In these instances, managed services offer real value and as the number of companies using GCP increases rapidly, so will the opportunities for MSPs. We have a number of MSPs that run the DivvyCloud software as part of the tooling that helps them deliver managed services for security and compliance for public cloud. We love working with these great partners.
Does speed need to be sacrificed for Kubernetes security?
No. When done appropriately security is fully integrated into the plan, build, and operate process. In addition, in today’s world of cloud and containers, there should be a high degree of automation relative to all elements of this process, including security. Without automation, customers will simply not succeed in capturing the full value of Kubernetes and will create risk relative to security and compliance.
What upcoming trends do you expect in the Kubernetes security space?
I expect to see a push to make containers more isolated. One concern is that containers are not properly protected from one another on the same system.
Brian Johnson Bio
Starting at a very young age, Brian developed a passion for almost anything involving computers. His expertise in a broad range of technologies and disciplines, from programming to security, led him to be named the Director of Online Operations at Electronic Arts (EA) for the Mythic Studio by the age of 28. During his seven years at Electronic Arts he developed, managed, and operated the infrastructure that ran the world’s largest online games. Brian was a pioneer in the gaming industry. He led the first migration of a major online game to Amazon Web Services (AWS) and broke new ground by architecting the hybrid cloud environments that supported EA’s massive, distributed global computing needs.
Brian is a passionate technologist who enjoys sharing his insights from the front lines (you could call him a geek and he’d agree). His career has involved a number of research interests, and the opportunity to develop practical applications. Areas of focus include cyber threats, information security, automation, hybrid cloud, and software-defined infrastructure, such as building serverless architectures with microservices and container deployments.
- Solutions Review Best of 2018: Top Container Security Articles - December 20, 2018
- Logicworks and AVANT Communications Announce Alliance - December 19, 2018
- A Look at the Container Lifecycle and How to Keep it Secure - December 14, 2018