Kubernetes can be native or managed within a multi-cloud environment.This is advantageous not just because of Amazon, Google, and other clouds, but also because there are many enterprises that still run significant datacenter workloads and probably will be for some time to come. Public cloud is not always cheaper and not always the best option; therefore, it is essential that you are able to provision and manage a Kubernetes cluster that works across different cloud computing options of public, private, and hybrid clouds.
- Business - Avoid vendor lock-in and ensure the best price per resource
Companies don't want to be locked into a vendor. We all played the datacenter game and know how painful it can be when you get locked into a long-term contract lacking the flexibility you need as an enterprise. Furthermore, you really can't engage in optimal pricing negotiations if they know they've "got you by the tail." They know you can't leave their environment, so avoiding vendor lock-in is a good business practice and will empower you to make smart business decisions.
- Stability - Keep applications online, even during a catastrophic cloud outages
Cloud outages do happen. Last year, someone took down all of Amazon east coast by running the wrong rm-rf command on node. These things happen and the reality is:technology fails, but people fail way more often. We are likely to see more stability issues as systems become more and more complex. So it's important to spread yourself across multiple clouds to ensure that your application is still up and running and making money in the event one of the cloud providers goes down.
- Best in class services - Take advantage of the best service cloud providers have to offer
Providers are beginning to commoditize, meaning the infrastructure layer is becoming the same across all providers. Servers, load balancers, etc. are all generally the same and operate in the same way. The differentiators are Google focusing on AI and machine learning, and Amazon has some excellent database service technologies like their Relational Database Service and DynamoDB.
- Security - protect your data by replicating across multiple data storage systems
We are seeing more ransomware out there, and companies are being held hostage if their Amazon accounts become compromised. You need to make sure you spread your cloud footprint so that if, in the event you are compromised, you can protect yourself and isolate the compromised area. This will allow you to maintain your running applications and deal with the situation in the other cloud provider.
Kubernetes makes all of this possible because it allows for effortless application portability, modernization, and scalability. You can manage and migrate monolithic or service-based architectures from one server to another; in fact, a Kubernetes cluster is going to be doing that all the time for you as an orchestration layer for containerized workloads.
Creating a Security Strategy that Integrates Culture and Technology
DivvyCloud technology is well suited to address the security concerns of any company using managed Kubernetes in the cloud or the native in private data centers. However, implementing robust technology such as DivvyCloud is only part of a comprehensive security solution. More is needed. Companies that use DivvyCloud successfully embrace not only technology, but also cultural and organizational changes necessary to realize the full benefit of securing the enterprise using an automated monitoring, analysis, and remediation tool.
To take full advantage of the cloud and containerized computing paradigm, companies need to have the right people, processes, and cloud-native tools in place. Yet, many companies will incur a great deal of expense hoping to achieve the goal and still come up short. These companies spend money on all kinds of software and training, but they overlook the cultural and process changes necessary to fully adopt containerized computing on the cloud.
Companies that have experienced success moving to containerized computing in the cloud understand that you can't simply buy your way into a digital transformation. A successful digital transformation requires an investment of time and effort from a people perspective. It's about moving from a command and control management style to one based on an operational theme of trust but verify. And, with DivvyCloud, it means creating automation and remediation policies that work for your environment but don't get in the way of innovation.
The world of ephemeral computing using the cloud, containers, and Kubernetes continues to evolve in ways that are both innovative and challenging. Change happens so fast it's hard for Security and GRC professionals to keep up. But there is help available. Using CIS Benchmarks combined with the automation capabilities of DivvyCloud will help companies embrace Kubernetes while improving their overall security posture.
DivvyCloud automation allows developers to engage in more experimentation and innovation. It provides the trust and verification that system administrators need to ensure that work is being done according to industry standard security guidelines and well-established best practices. Automated remediation technology is a powerful tool for companies that use Kubernetes to get quality software into the hands of customers at web scale. DivvyCloud and its holistic approach to supporting the CIS Benchmarks for Kubernetes provides a competitive advantage that is unequaled.
About the Author
Anjali Khatri is an Enterprise Cloud Architect at DivvyCloud, leading the adoption of cloud-native solutions. She helps enterprise customers secure their cloud infrastructure, resources, and services within a multi-cloud through customer success, product maturity, case studies, and architecture optimization. She has co-authored an upcoming book on securely managing microservices through a service mesh, running on kubernetes titled “Mastering Service Mesh Architectures”, targeted for release in December, 2019. Before DivvyCloud, she worked at IBM and Merlin for 9+ years in program management, open-source analytics, network consulting & software development.