In this OpenShift Commons Briefing, StackRox’s Steve Giguere discusses Deterministic vs Probabilistic Security: Leveraging Everything as Code and sharing his experiences from the field.
As we move to cloud native, we find ourselves layering in declarative models with the idealism of “everything as code.” Through this, we can create repeatable results through a breadth of languages which represent our desired state and through cloud native technologies like Kubernetes we can enforce that state. Only 5 years ago code was for applications. Code that relied on our imperative or human controlled provisioning of hosting technologies. Security focused on honing detection and response skills to determine what wrong looked like.
This approach to security was probabilistic where cloud native can help us be more deterministic to enforce what is right.
Shifting left isn’t just for developers anymore.
Integrating a deterministic cloud native security model enables you to employ simpler checks distributed more often throughout the pipeline. Understanding context is critical to make sure that image vulnerabilities are prioritized correctly.
Additional resources:
Slides from the presentation
Be sure to check out both the StackRox Continuous Security Podcast and KubeNative Security on Twitch hosted by Steve Giguere.
Join the OpenShift Commons to hear about future OpenShift Commons Briefings and join the conversation globally to help enable the open source, container-driven hybrid cloud.
Register today for the upcoming OpenShift Commons Gathering on May 4th co-located with CNCF’s Kubecon/EU!
