Raise the Bar - Workload protection on OpenShift

7 de outubro de 2020Alex Handy1 minutos (tempo de leitura)

This is a guest post by Amir Kaushansky, VP product at ARMO.

ARMO's unique security approach combined with Openshift enterprise standard results in a total hybrid secured solution. ARMO is an additional security layer for your Kubernetes workloads. It integrates with your CI/CD pipeline, maps the workload, and creates a strong identity: workload DNA. Based on this DNA, it provides:

Malware prevention, including in-memory protection and zero-day attacks prevention.
Micro-Segmentation, which is defined by an easy-to-use policy and enables cross-location (e.g. on-premises to the cloud) secure connectivity.
Data protection, including encryption key management.

ARMO is certified on OpenShift 4.x and supports Universal Base Image (UBI), you can find it in the RedHat market place.

Once ARMO is installed, on your OpenShift cluster you can use the ‘cacli’ tool to define policy and manage the agent, or you can do it from the SaaS management web user interface.

Once ARMO’s agent has signed your workload, you can define a network and/or encryption policy and create a highly resilient environment.
The below illustrates how it is done: in case an attacker penetrates your environment (by exploiting a weak link, exploiting an operating system component or an insider), the attacker can not do any damage as data is totally encrypted and even if it is leaked, it is useless due to the encryption, communication between your workloads is encrypted using mutual TLS - which mean that the attacker cannot eavesdrop to the communication nor to establish any communication with the other signed workloads.

Sobre o autor

Alex Handy

Principal Product Marketing Manager

Red Hatter since 2018, technology historian and founder of The Museum of Art and Digital Entertainment. Two decades of journalism mixed with technology expertise, storytelling and oodles of computing experience from inception to ewaste recycling. I have taught or had my work used in classes at USF, SFSU, AAU, UC Law Hastings and Harvard Law.

I have worked with the EFF, Stanford, MIT, and Archive.org to brief the US Copyright Office and change US copyright law. We won multiple exemptions to the DMCA, accepted and implemented by the Librarian of Congress. My writings have appeared in Wired, Bloomberg, Make Magazine, SD Times, The Austin American Statesman, The Atlanta Journal Constitution and many other outlets.

I have been written about by the Wall Street Journal, The Washington Post, Wired and The Atlantic. I have been called "The Gertrude Stein of Video Games," an honor I accept, as I live less than a mile from her childhood home in Oakland, CA. I was project lead on the first successful institutional preservation and rebooting of the first massively multiplayer game, Habitat, for the C64, from 1986: https://neohabitat.org . I've consulted and collaborated with the NY MOMA, the Oakland Museum of California, Cisco, Semtech, Twilio, Game Developers Conference, NGNX, the Anti-Defamation League, the Library of Congress and the Oakland Public Library System on projects, contracts, and exhibitions.