1 Increase network security
The ability to control, isolate, and visualize network traffic based on policies is critical to help secure container-based environments. Kubernetes software-defined networking (SDN) provides a foundation for tools like service mesh and application programming interface (API) management systems to control and monitor network traffic. Look for network tools that help you:
- Verify you have the right network policies implemented and have visibility to identify any gaps or weaknesses. Tools must go beyond the traditional policies on firewalls and extend into the SDNs for the container applications.
- Spot unusual activity through network traffic monitoring. Network traffic metrics should be automatically and centrally collected to support analysis and security incident response.
2 Keep data confidential
Understanding your organization's sensitive data and access patterns is key to detecting and preventing breaches. Protecting different classes of confidential information, like customer data and intellectual property, might require specialized tools and processes. Consider these key control and audit points:
- Encrypt data when at rest and in transit. Use tools to help manage encryption across multiple platforms.
- Use data protection tools to look for access anomalies that might indicate a breach and to scan logs, containers, and databases to look for confidential information that might be accidentally leaked. A robust secrets management system can help prevent secrets from being stored improperly.
3 Improve productivity
In DevSecOps, the responsibility for security is shared by development and operations teams. Productivity and transparency can be improved by:
- Giving development and operations teams access to the same security tools so developers can run the same checks and resolve issues prior to operations. Providing view-only access to consoles helps developers investigate issues without having operations relay information.
- Using automated processes rather than manual approvals to make sure only verified and scanned golden images make it into production. Tools that can help include: security-focused container registries, binary repositories, and automated vulnerability scanners.
- Having management communicate the potential losses due to a breach, including business and reputational impact, as well as legal liabilities.
4 Detect threats across containers
The ability to identify and mitigate unauthorized and malicious activity in real time can be the difference between a minor security incident and a major breach. Runtime analysis and protection methods can detect and respond to potential threats. These include:
- Runtime application behavioral analysis tools to intelligently detect suspicious activity in real time.
- Runtime application self-protection (RASP) tools to detect and block attacks in real time. These tools use instrumentation to detect and respond to potential attacks.
- A Kubernetes admission controller to mitigate attacks by controlling what is allowed to run on the cluster.
5 Plan for security incident response
A key performance indicator (KPI) for DevSecOps teams is the time to recover from security incidents. The time needed to understand and resolve incidents can be reduced by using good DevSecOps practices. Investigating security events requires that deep forensics data is available and easily accessible. Be prepared to respond to security events by:
- Collecting logs, events, and network data flows from applications, middleware, and devices to a central location. Consolidate logs, correlate events, and unify reporting to support analysis, audits, compliance checks, and incident response. Using security information and event management tools (SIEM) can help implement this capability.
- Evaluating whether adequate data is available to support forensic evidence gathering to determine what happened, when and where it occurred, and who might be responsible. Consider implementing deep data collection to address gaps in data.
- Investigating security orchestration, automation, and response (SOAR) platforms to simplify security management, improve response times and collaboration, and streamline operations.
6 Use a platform with a strong security ecosystem
To prepare for security threats, use a platform with a comprehensive security ecosystem that offers integrated and supported solutions. Red Hat® OpenShift® is a security-focused Kubernetes platform with the capability of running isolated applications for multiple tenants.
The powerful build and deployment pipelines in Red Hat OpenShift provide an ideal place to implement automated security checks and controls. Security processes can be inserted anywhere in the pipeline, from building source code into images through production deployment.
Red Hat offers trusted and supported container base images, container-ready middleware and runtimes, and cloud-native development tools that provide a security-focused foundation for your applications.
Red Hat has an ecosystem of security partners that enhance and extend the security capabilities of Red Hat OpenShift. These partners work with Red Hat to offer supported solutions that are integrated with Red Hat OpenShift. You can choose from a range of solutions to match your specific security and organizational requirements.