피드 구독

Data controls in the DevSecOps life cycle

2021년 7월 26일Dave Meurer3분 읽기
DevSecOps Security DevOps 

In this post: 

  • Explains the concept of data controls. 

  • Shows how data controls integrate into the framework at the container orchestration and cluster level. 

  • Pointers to Red Hat partners that can help with data controls.

Data controls help protect data integrity and prevent unauthorized data disclosure for stored data and data in motion. In this post we'll dive deeper into the concepts of data controls and how they fit into the DevSecOps framework. 

July is “Data Controls” month in Red Hat’s monthly Security series! Since March 2021, the Red Hat Security Ecosystem team has published monthly articles and videos on DevOps Security topics to help you learn how Red Hat can help you master the practice called DevSecOps. 

By explaining how to assemble Red Hat products and introducing our security ecosystem partners, we aim to aid in your journey to deploying a comprehensive DevSecOps solution.

Data controls defined

Data controls are typically implemented in a running Kubernetes cluster, and the goal is to provide a defense in depth approach to protect sensitive data either at rest or in motion. The following security methods make up the Data Controls category:

  • Data encryption: Provides data cryptography, tokenization, data masking, and key management capabilities to help prevent unauthorized disclosure of data in databases, files, and containers.

  • Data protection: Discovers and classifies data and monitors and audits activity to help protect sensitive data and improve compliance.

Data controls integrated in DevSecOps

As pictured in the DevSecOps framework below, data controls integrations are typically found on the right side of the DevSecOps life cycle in a running cluster. The table that follows details some, but not all, of the common integrations to consider for Data Controls.

Data controls in devops framework

Integration Point

Description

Container Orchestration and Cluster

Data Control integrations in both container orchestration and the running cluster provide the same functionality as described below. Whether you are testing, releasing, deploying, operating or monitoring the cluster, these controls need to be considered. 

With Red Hat OpenShift Container Platform, you can enable etcd encryption, which provides an additional layer of data security for Secrets, Config maps, Routes, and OAuth tokens. This can help protect data if it's exposed to the wrong parties.

Data in-transit encryption is all about certificates and securing the ingress and egress traffic within a cluster. One of the many certificate types to address in the default API server certificate provided by the OpenShift Container Platform. For example, if you need clients outside of the cluster to access any running web applications, you’ll need to replace the certificate with a Certificate Authority that the client's trust. 

In order to centrally manage, store and further protect OpenShift keys and certificates for data controls, you’ll want to extend and enhance OpenShift Container Platform’s data security capabilities with certified partner software that centralizes data encryption across environments and adds layers of data protection. 

Red Hat’s partner ecosystem can help add:

  • Data encryption on container data, file and volumes, 

  • Control access to that data, 

  • Provide data access audit logging,

  • All through a centralized approach.

Data protection in a running cluster can also include discovering where sensitive data exists in your cluster, as well as analyzing data risks and uncovering suspicious activity against the data in rest.

 

Enhance and extend Data Controls with Red Hat partners

Combining Red Hat OpenShift Container Platform Data Control features with Red Hat’s certified ecosystem security partners can help your organization's DevSecOps practice.  

If you are looking to enhance and extend Red Hat’s security capabilities in Data Controls, take a look at the following Red Hat Partners:

For more information, visit "Modernize and secure applications with DevSecOps," or begin your discussion with us on enhancing container security and adopting DevSecOps. For similar blog posts on Red Hat’s DevSecOps Framework, search for previous months’ categories (Compliance, Identity and Access and Application Analysis) and stay tuned for upcoming posts.

저자 소개

Dave Meurer Author Photo

Dave Meurer

Global Solution Architect, Security ISVs

Dave Meurer currently serves as a Principal Solution Architect on the Red Hat Global Partner Security ISV team, where he owns technical relationships and evangelism with security independent software vendor partners of Red Hat. Before joining Red Hat, he spent nine years in the Application Security industry with Synopsys and Black Duck, where he served in similar roles as the director of technical alliances and sales engineering.

Meurer also worked for Skyway Software, HSN.com, and Accenture in various management and application development roles. When he’s not thinking about Kubernetes, security, and partners, he enjoys being the VP Sales of North Central Tampa for his wife (the CEO) and 5 kids (Inside Sales).

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

유사한 검색 결과

Blog post

Introducing Red Hat OpenShift Service Mesh 3.0

Blog post

Red Hat is now a CVE Numbering Authority of Last Resort in the CVE Program

오리지널 쇼

A new software supply chain security recipe | Technically Speaking

오리지널 쇼

WebAssembly breaks away from the browser | Technically Speaking

채널별 검색

모든 채널 탐색
automation icon

오토메이션

기술, 팀, 인프라를 위한 IT 자동화 최신 동향
AI icon

인공지능

고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
open hybrid cloud icon

오픈 하이브리드 클라우드

하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
security icon

보안

환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
edge icon

엣지 컴퓨팅

엣지에서의 운영을 단순화하는 플랫폼 업데이트
Infrastructure icon

인프라

세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
application development icon

애플리케이션

복잡한 애플리케이션에 대한 솔루션 더 보기
Original series icon

오리지널 쇼

엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리