Virtualization Technology News and Information
New Analysis by Alcide Finds 89% of Kubernetes Deployments Not Leveraging Secrets Resources
Alcide, the Kubernetes network security leader empowering DevOps and security teams with continuous security for workloads running on Kubernetes, today shared the findings from a recent cross-environment analysis, leveraging its Alcide Advisor, a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes and Istio security best practices and compliance checks. The analysis reveals that DevOps teams face significant challenges and gaps following best practices for Kubernetes secrets handling and network policies. Specifically, 89% of deployment scans show that companies are not using Kubernetes' secrets resources, with secrets wired in the open. Moreover, over 75% of the scanned deployments use workloads, which mount high vulnerability host file systems such as /proc; while none of the surveyed environments show segmentation implementation using Kubernetes' network policies.

Now fully integrated with Azure DevOps, Alcide Advisor scans Kubernetes clusters for known vulnerabilities on the master API server and worker node components, including container runtime. This comprehensive capability enables multiple types of Microsoft Kubernetes customers with continuous CI/CD pipeline integration, including managed clusters like Kops, AKS Engine or managed Kubernetes services like AKS. The Azure DevOps/ Alcide Advisor integration also facilitates the cloud-native pace needed to support dynamic deployments, with continuous vulnerabilities and threat scans, critical for customers with multiple teams involved. The new solution is now available in the Microsoft Visual Studio Marketplace.

"AKS is quickly gaining ground as the platform of choice for cloud-native applications, especially those workloads calling for dynamic scaling," said Jeana Jorgensen, General Manager, Microsoft. "Alcide's innovations for Kubernetes multi-cluster hygiene and its integration with Azure DevOps makes continuous security a built-in process spanning Dev and DevOps. The way they facilitate and automate AKS onboarding enables developers to maintain their creativity without compromising security."

"With Alcide Kubernetes Advisor, Eupraxia Labs has been able to significantly reduce security drifts in our entire CI/CD pipeline - from development and staging, all the way to production," said  David J. Brewer, founder at Eupraxia Labs, a software vendor running on Azure AKS, which delivers free or open source software to accelerate the development of business applications. "We began looking into dedicated Kubernetes products, and after comparing several solutions, it became very clear to us that Alcide's next-generation product was way ahead of the market."

"The increasing complexity of multi-cluster Kubernetes environments and the persistent lack of connectivity with DevOps workflows is complicating efforts by DevOps teams to keep pace with vulnerabilities and best practices," said Gadi Naor, CTO and co-founder of Alcide. "Alcide Advisor, built specifically for Kubernetes, automates and integrates cluster hygiene into the CD process natively, to arm DevOps teams to immediately identify potential vulnerabilities, configuration drifts and threats, without sacrificing agility."

Published Monday, July 15, 2019 1:52 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2019>