Continuous Security with Kubernetes

796

As the Chief Technologist at Red Hat for the western region, Christian Van Tuin has been architecting solutions for strategic customers and partners for over a decade. He’s lived through the rise of DevOps and containers. And in his role, he’s found that security is the highest adoption barrier for enterprises interested in harnessing the power of containers.

After all, “Now we’re seeing an increasing level of threats for geopolitical reasons, and we’re seeing the dissolving security perimeter,” says Van Tuin. “Everything doesn’t sit behind the firewall in your data center anymore, and there’s a shift to software-based storage, networking and compute. The traditional network base, the fences, are no longer good enough.”

But as he will share during his talk at OpenFinTech Forum in New York City, Oct. 10-11, there are security best practices in the areas of DevOps, containers, and Kubernetes that companies can adopt so that everyone can sleep better at night.

“We’re seeing this evolution to DevSecOps,” he says. “It’s all about reducing security and business risk, lowering costs, speeding up delivery and reaction time, falling in line with DevOps. And we’re doing this with automation process optimization and continuous security improvement.”

This is particularly relevant for FinTech companies. “With the move from physical to digital banking, DevSecOps ensures security is integrated into the process from the start of development rather than appended on in production,” says Van Tuin. “At the same time, it still allows for rapid and frequent releases without security becoming a bottleneck or burden on development.” For instance, OpenSCAP can be used to scan container images for compliance with PCI DSS (Payment Card Industry Security Standard) and customer security policies for banking.

Van Tuin’s best practices are wide-ranging: addressing security risks such as container images, builds, registry, hosts, and network; automating and integrating security vulnerability management and compliance checking in a DevOps CI/CD pipeline; and deployment strategies for container security updates. And he’s hopeful that there will be more improvements to security around Kubernetes with the growth of Istio service mesh and CoreOS operators.

“One of the keys to DevSecOps is to ensure that you can enable your developers to rapidly innovate and experiment,” says Van Tuin. And the first thing that needs to happen? “Embrace security into the culture of the company.”

To hear all about Chris’s strategies for continuous security with DevOps, containers, and Kubernetes, plus talks from other open source leaders, come to OpenFinTech Forum in New York City October 10-11. You can still register here!

Sign up to receive updates on Open FinTech Forum: