Virtualization Technology News and Information
VMblog Expert Interview: Amir Ofek, CEO of Alcide, Talks Kubernetes Security, AWS Bottlerocket and Its Latest Implementation by OODA Health

Over the last couple of years, VMblog has been closely following the rise of containers and Kubernetes.  And recently, one of the more interesting announcements made in the industry was around the GA of AWS Bottlerocket.  To learn more in this space, we reached out to industry expert, Amir Ofek, the CEO of Alcide.

VMblog:  Tell us about Alcide and your technology offering.

Amir Ofek:  Alcide helps bridge the gap between DevOps and Security teams to address their Kubernetes Security needs. The Alcide SaaS platform drives Kubernetes Security from CD to Runtime in a comprehensive way. It provides seamless guardrails to DevOps teams and robust compliance and security detection and enforcement to Security teams, addressing both known and unknown threats through our unique K8s anomaly detection capability. The Alcide team is at the forefront of Kubernetes Security research, constantly enriching the known K8s and Istio related CVEs, as well as enhancing our machine learning engine.

VMblog:  Given the rapid adoption of containers and Kubernetes, what are the emerging challenges that Alcide helps solve? 

Ofek:  The architecture of cloud native applications is very ephemeral and dynamic, and it's especially true when it comes to K8s infrastructure. This makes it very challenging to observe how an application is working and to detect when a malicious activity is taking place or when a security breach has already occurred. Developers of cloud native applications need ways to identify security flaws in their Kubernetes configurations during development, to monitor their application in runtime for suspicious behavior, and to flag risks and possible breaches to security professionals in a manner that is simple to understand and quick to resolve.

Another area which poses certain challenges is the skills gap among security professionals working with Kubernetes. A survey conducted by Alcide in late 2019 revealed that the surge in Kubernetes' popularity and its innate complexity have made it difficult to find Kubernetes pros to protect applications. The survey findings reinforced that Kubernetes is no longer primarily used to test new approaches; it is indeed becoming the engine for digital transformation for cloud-born and traditional enterprises alike. 

The rapid adoption of Kubernetes, driven by the increasing implementation of microservices (60%), the constant push to improve innovation velocity and time to market (53%), and the pervasive need for application scaling (44%), has created a widening Kubernetes expertise void, with only 20% of teams considering themselves Kubernetes pros. In 2020 and beyond, Kubernetes pros would need more sophisticated tools, such as intelligent automation moving beyond CI and firmly into CD, and advanced solutions for Kubernetes security, threat detection and forensics; those starting out will require new tools to quickly learn the critical Kubernetes skills they need to master Kubernetes in production, alongside intelligent automated monitoring and threat detection of their growing Kubernetes environments. End-to-end security, covering DevSecOps, will be seen as a critical imperative as cloud-native application environments mature, become more complex, and as speed to market continues to push teams to go faster. 

Alcide helps novices by providing easy to understand visualizations of security risks, and helps pros by automating difficult security analysis with AI.

VMblog:  As an Advanced Technology Partner in the Amazon Web Services (AWS) Partner Network (APN), what does this partnership entail for your customers, prospects and the Kubernetes community in general?

Ofek:  As an Advanced Technology Partner, AWS customers deploying EKS can rest assured the security aspect is being well addressed with the Alcide Security Platform in place. Our customers can be confident that Alcide will provide them a safe and securely designed EKS infrastructure from the get go, which will then be monitored in production addressing both compliance and security aspects effectively, so they can maximize the utilization of EKS in a secured manner.

VMblog:  Now let's talk more specifically about AWS Bottlerocket that just announced its GA.  What is AWS Bottlerocket?  How can Bottlerocket users benefit from Alcide's solutions?

Ofek:  AWS Bottlerocket is an open-source, Linux-based platform for running containers that is optimized for performance, security, and straightforward updating. As an Advanced Technology Partner, customers of AWS Bottlerocket can trust Alcide to provide simplified visualizations of security risks, protect applications from security drifts between their development, testing, and production environments, and monitor applications in runtime to detect suspicious activity.

VMblog:  You recently announced that your Kubernetes Security Platform was deployed by a healthtech startup Ooda Health.  Can you elaborate on that? 

Ofek:  As part of COVID-19 situation we have decided earlier in the year to help address the growing security challenges of the Healthcare sector. We are therefore proud to support Ooda Health in their journey to drive forward the healthcare industry in a safe and secured manner.

Ooda Health enables healthcare organizations to transform their payment systems through collaborative, real-time interactions between physicians, hospitals, insurance companies, and patients, eliminating inefficient and antagonistic billing and payment practices. Their application, OODAPayTM, utilizes Kubernetes and AWS Bottlerocket, and the Alcide Kubernetes Security Platform monitors OODA Health's pre-deployment and production environments for security misconfigurations and new zero-day vulnerabilities and exploits, helping them to meet strict compliance requirements necessary for healthcare technology.

Alcide will be hosting a live panel event on Tuesday, September 15, 2020, at 11:00 am PST, featuring technical experts from AWS and Ooda Health, to share the story of Alcide's work with Ooda Health. A panel of four speakers will discuss Bottlerocket, Ooda Health's application, and their use case with Alcide. We invite those interested in learning more about securing applications on AWS Bottlerocket to register for the panel discussion on the Alcide website here.


Published Friday, September 11, 2020 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2020>