Red Hat Adds New Security and Compliance Capabilities to Red Hat OpenShift

Red Hat, Inc., the world's leading provider of open source solutions, today introduced new security and compliance capabilities for Red Hat OpenShift, the industry’s leading enterprise Kubernetes platform. The new features, available with the general availability of Red Hat OpenShift 4.12, are designed to help organizations more efficiently scale workloads across the hybrid cloud without compromising security. 

According to Red Hat’s 2023 Global Tech Outlook, security remains the top IT funding priority across all regions and almost all industries, with 44% of respondents calling it a top 3 funding priority— 8 points higher than the second highest priority, cloud infrastructure. In the same survey, security overtook innovation when respondents were asked about top priorities for digital transformation.

IT security remains a constant concern for CIOs, especially as security-related challenges risk stalling hybrid cloud innovation. Digital transformation demands a shift in how organizations approach software security, and for organizations to embrace new cloud-native technologies, they need solutions that provide more seamless, integrated security and compliance features. The new enhancements available in Red Hat OpenShift 4.12 are designed to help organizations mitigate risks and meet compliance requirements across increasingly complex IT environments.

Enhanced oversight and compliance for workloads spanning the hybrid cloud

Red Hat OpenShift 4.12, based on Kubernetes 1.25, introduces three new Operators and an update to the Compliance Operator, designed to enhance workload consistency and management from the datacenter to the edge.

• The new Security Profiles Operator enables users to more easily distribute and use security profiles like Seccomp or SELinux in a Kubernetes cluster. Replacing what was previously a more manual process, the Security Profiles Operator is designed to simplify Seccomp or SELinux profile creation while managing profiles across nodes and namespaces. This helps IT teams to craft security profiles that give only the necessary privileges to container processes.
• New enhancements were introduced to the Compliance Operator which helps Red Hat OpenShift administrators run compliance scans and provide remediations for the issues found. With the introduction of PriorityClass, admins now have better control of their compute and memory resources and can prioritize which pods to scan first, enabling more accurate results and helps ensure each cluster stays compliant.
• The new Ingress Node Firewall Operator allows users to configure firewall rules at the node level. This helps administrators control from which interface and remote hosts the Kubernetes API server can be accessed, better controlling network traffic in and out of the node for enhanced security.
• The new Network Observability Operator, provides observable network traffic metrics, flows, topology and tracing for a more complete understanding of network traffic. The operator helps simplify identification of network bottlenecks and assists with troubleshooting connectivity issues, providing for enhanced network performance optimization in Red Hat OpenShift clusters. 

Increased flexibility and options with a common foundation

Red Hat OpenShift provides a more consistent foundation for organizations to run applications wherever it makes the most sense while using their preferred tools to build, deploy, run and scale applications with a focus on security. Red Hat OpenShift 4.12 delivers even greater choice in how organizations deploy Red Hat OpenShift and enables IT teams to better meet dynamic technology requirements. New features supporting this expanded flexibility include:

• Support for Red Hat OpenShift on Arm now includes support to deploy Red Hat OpenShift on Arm-based instances in Microsoft Azure.
• Agent-based installer for disconnected deployments provides an easy and repeatable way to deploy edge Red Hat OpenShift clusters at scale into production with limited or no additional hardware.The agent-based installer is optimized for disconnected and air-gapped Red Hat OpenShift deployments for bare metal, vSphere, and agnostic platforms. Using the agent-based installer, organizations can deploy all supported Red Hat OpenShift topologies including single node clusters, three-node compact clusters or standard high availability clusters.
• Extended lifecycle support with an additional six months of extended update support on even numbered Red Hat OpenShift releases on the x86_64 architecture. Starting with Red Hat OpenShift 4.12, users will now have 24 months of support so users have even more flexibility to plan and operationalize upgrades.

Availability
Red Hat OpenShift 4.12 is now generally available. More information, including how to upgrade to the latest version, is available here.

Supporting Quote
Joe Fernandes, vice president and general manager, Hybrid Cloud Platforms, Red Hat
“IT security is a demand that spans all organizations, regardless of region or industry, especially as they seek to balance cloud-native innovation with hardened IT infrastructure. Red Hat is committed to making this choice a non-factor for our customers, providing the capabilities that allows them to embrace cloud-native technologies with greater operational confidence. With Red Hat OpenShift 4.12, organizations can better scale applications across clouds with integrated tools with an expanded suite of capabilities to meet stringent security and compliance requirements no matter where they run on the hybrid cloud.”