November 06, 2019

A Multi-Cloud Strategy for Kubernetes Security

Kubernetes is an open-source, extensibility platform. DivvyCloud, a multi-cloud security, compliance, and governance platform, can help companies understand and identify excessive cloud risk. Organizations need to take a holistic approach to Kubernetes security and consider both the infrastructure, container runtime, network, metrics, and observability environments for managing and scaling Kubernetes clusters, as both are fundamentally intertwined.

Kubernetes can be native or managed within a multi-cloud environment.This is advantageous not just because of Amazon, Google, and other clouds, but also because there are many enterprises that still run significant datacenter workloads and probably will be for some time to come. Public cloud is not always cheaper and not always the best option; therefore, it is essential that you are able to provision and manage a Kubernetes cluster that works across different cloud computing options of public, private, and hybrid clouds.

Why Multi-Cloud?

  • Business - Avoid vendor lock-in and ensure the best price per resource

Companies don't want to be locked into a vendor. We all played the datacenter game and know how painful it can be when you get locked into a long-term contract lacking the flexibility you need as an enterprise. Furthermore, you really can't engage in optimal pricing negotiations if they know they've "got you by the tail." They know you can't leave their environment, so avoiding vendor lock-in is a good business practice and will empower you to make smart business decisions.

  • Stability - Keep applications online, even during a catastrophic cloud outages

Cloud outages do happen. Last year, someone took down all of Amazon east coast by running the wrong rm-rf command on node. These things happen and the reality is:technology fails, but people fail way more often. We are likely to see more stability issues as systems become more and more complex. So it's important to spread yourself across multiple clouds to ensure that your application is still up and running and making money in the event one of the cloud providers goes down.

  • Best in class services - Take advantage of the best service cloud providers have to offer

Providers are beginning to commoditize, meaning the infrastructure layer is becoming the same across all providers. Servers, load balancers, etc. are all generally the same and operate in the same way. The differentiators are Google focusing on AI and machine learning, and Amazon has some excellent database service technologies like their Relational Database Service and DynamoDB.

  • Security - protect your data by replicating across multiple data storage systems

We are seeing more ransomware out there, and companies are being held hostage if their Amazon accounts become compromised. You need to make sure you spread your  cloud footprint so that if, in the event you are compromised, you can protect yourself and isolate the compromised area. This will allow you to maintain your running applications and deal with the situation in the other cloud provider.

Kubernetes makes all of this possible because it allows for effortless application portability, modernization, and scalability. You can manage and migrate monolithic or service-based architectures from one server to another; in fact, a Kubernetes cluster is going to be doing that all the time for you as an orchestration layer for containerized workloads.

Creating a Security Strategy that Integrates Culture and Technology

DivvyCloud technology is well suited to address the security concerns of any company using managed Kubernetes in the cloud or the native in private data centers. However, implementing robust technology such as DivvyCloud is only part of a comprehensive security solution. More is needed. Companies that use DivvyCloud successfully embrace not only technology, but also  cultural and organizational changes necessary to realize the full benefit of securing the enterprise using an automated monitoring, analysis, and remediation tool.

To take full advantage of the cloud and containerized computing paradigm, companies need to have the right people, processes, and cloud-native tools in place. Yet, many companies will incur a great deal of expense hoping to achieve the goal and still come up short. These companies spend money on all kinds of software and training, but they overlook the cultural and process changes necessary to fully adopt containerized computing on the cloud.

Companies that have experienced success moving to containerized computing in the cloud understand that you can't simply buy your way into a digital transformation. A successful digital transformation requires an investment of time and effort from a people perspective. It's about moving from a command and control management style to one based on an operational theme of trust but verify. And, with DivvyCloud, it means creating automation and remediation policies that work for your environment but don't get in the way of innovation.

Conclusion

The world of ephemeral computing using the cloud, containers, and Kubernetes continues to evolve in ways that are both innovative and challenging. Change happens so fast it's hard for Security and GRC professionals to keep up. But there is help available. Using CIS Benchmarks combined with the automation capabilities of DivvyCloud will help companies embrace Kubernetes while improving their overall security posture.

DivvyCloud automation allows developers to engage in more experimentation and innovation. It provides the trust and verification that system administrators need to ensure that work is being done according to industry standard security guidelines and well-established best practices. Automated remediation technology is a powerful tool for companies that use Kubernetes to get quality software into the hands of customers at web scale. DivvyCloud and its holistic approach to supporting the CIS Benchmarks for Kubernetes provides a competitive advantage that is unequaled.

Visit us at Kubecon to discuss how you can embrace and realize the benefits of cloud and container with a simplified and instantaneous landing zone. Click here to schedule a meeting.

##

About the Author

Anjali Khatri 

Anjali Khatri is an Enterprise Cloud Architect at DivvyCloud, leading the adoption of cloud-native solutions. She helps enterprise customers secure their cloud infrastructure, resources, and services within a multi-cloud through customer success, product maturity, case studies, and architecture optimization. She has co-authored an upcoming book on securely managing microservices through a service mesh, running on kubernetes titled “Mastering Service Mesh Architectures”, targeted for release in December, 2019. Before DivvyCloud, she worked at IBM and Merlin for 9+ years in program management, open-source analytics, network consulting & software development.

Last modified on November 06, 2019
Published in KubeCon + CloudNativeCon 2019
Tagged under

Related items

More in this category: « KubeCon 2019 Q&A: Platform9 Will Showcase How to Simplify the Operational Burden of Delivering Kubernetes at Scale, Anywhere at Booth P14 StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management »
back to top

Sponsors

Learn more about A10 Networks

Learn more about Alluxio

Learn more about Blameless

Learn more about Containous

Learn more about DivvyCloud

Learn more about Lacework

Learn More about MacStadium

Learn More about Mirantis

Learn More about Platform9

Learn More about Sauce Labs

Learn More about solo.io

Learn More about Stackrox

Learn more about Wallarm

Learn More about Weaveworks

Latest Tweets

Latest Videos