Securing Workloads and Containers at the Ground Level

Enterprise IT and Security teams realize the most effective approach to securing workloads and containers is to protect at the ground level with built-in security. In this on-demand webcast, a panel of experts from VMware and IDC uncovers insights to what’s driving this strategy, consideration requirements, common pitfalls, and best practices to implement and operationalize consistent security across workloads in various environments.

Here is a glimpse into some of the key discussion points from the webcast:

Q: The key to securing Kubernetes environments is to remediate misconfigurations in the CI/build stage before deployment to production. What are tangible steps organizations can take to achieve this result?

Frank Dickson, Program Vice President, Cybersecurity Products, IDC: The key is to use development tools and processes that integrate security into the application development across build, deploy and runtime.  Separate and disconnected tools, even if they are best of breed, do not deal with the problem holistically. Building integrity into applications is the best practice, empowering developers to be part of the solution is the paramount.

Q: Gary shared research that showed improving security was the biggest primary driver that caused organizations to initially deploy containers and/or Kubernetes, yet at the same time, security was also identified as the top challenge when deploying containers and/or Kubernetes. How can organizations overcome this hurdle?

Gary Chen, Research Director for Software Defined Compute, IDC: The first step is recognizing that containers and Kubernetes by themselves won’t automatically make your security better or worse. That is really dependent on how an individual customer approaches it. Yes, containers can offer a lot of security improvements, if done correctly. And customers also have to recognize that it is a new technology and a new layer that will need to be secured on many different levels. I think the best formula for success is to start formulating a security strategy from the beginning rather than having security as something added on afterwards. And realizing the container security is not any one thing but must span a lot of areas including image scanning, runtime, the control plane, and the entire software build pipeline. I would also look for tools that are as Kubernetes native/aware/integrated as possible.

Q: What kinds of container-native security tools should organizations prioritize adopting to maximize container security?

Frank Dickson, Program Vice President, Cybersecurity Products, IDC: The drama about who wins the container orchestration war has all but disappeared as Kubernetes seems to be the de facto container orchestration standard. Tools native to Kubernetes and that leverage Kubernetes to implement security should be prioritized.  As a result, the promise of being able to move clusters across on-promises and multi-cloud can be realized as security can natively move with the Kubernetes cluster.

If you are interested in learning more about VMware’s Advanced Cloud Workload Protection with Container and Kubernetes Security, check out additional resources below: