IBM Looks to Secure Kubernetes Service
The shift to cloud-native applications and services brings with it a new set of monitoring and security challenges as early adopters of application containers, micro-services and serverless computing struggle to gain a comprehensive view of their cloud infrastructure.
Growing requirements for cloud management—especially in hybrid clouds—is forging partnerships among public cloud and “cloud-native intelligence” vendors offering tools designed to help develop and securely deploy cloud-native applications along with existing workloads in hybrid clouds.
Sysdig and IBM announced a partnership this week designed to install a cloud-native intelligence platform on the IBM cloud. The package includes tools for managing container lifecycles to gain better visibility into micro-services performance while spotting potential security risks.
Those risks are growing as infrastructure vendors roll out cloud-native capabilities based on emerging tools like the de facto standard Kubernetes cluster orchestrator and comparable cloud management schemes. Those tools are scaling as more enterprises run new workloads for AI, machine learning and the Internet of Things. (IBM noted that its Watson AI services platform run on Kubernetes.)
Forthcoming research indicates that wider deployment of cloud management tools creates a new set of security challenges since cloud-hosted clusters are often exposed on open network connections.
San Francisco-based Sysdig promotes its approach as “service-aware” application security and forensics designed to provide “cross-cloud monitoring” among other security features. The partners said this week during the DockerCon event they would work together to bring the run-time security and monitoring capabilities to developers using the IBM Cloud Kubernetes Service.
The partners assert that much of the work around containers and orchestration has so far focused on developer requirements rather than cloud management issues. That argument is supported by recent research that found security vulnerabilities associated with Kubernetes, Docker Swarm and other cluster orchestrators.
IBM (NYSE: IBM) this week announced expansion of services aimed at what it calls “cross-cloud infrastructure,” including expansion of 18 cloud availability zones in Asia, Europe and North America. It also announced availability of “multi-zone clusters” for its Kubernetes service. The goal is to “let users deploy a single, containerized app across multiple global IBM Cloud regions,” the partners noted in a blog post.
Sysdig and IBM also said they would collaborate to bring the capabilities to IBM Cloud developers along with a set of tools, such as Istio, to help orchestrate and manage cloud-native workloads.
Other cloud vendors are offering new security frameworks for cloud security as Kubernetes scales into production. For example, Google (NASDAQ: GOOGL) announced last month that Sysdig was among five security vendors integrating their tools into Google Cloud Platform as part of the search giants new cloud security “command center.”
The partners said Sysdig’s platform would help boost container visibility to block threats and enforce compliance policies, providing what they said would be “continuous security with runtime analysis.”
--Editor's note: An earlier version of this article contained an erroneous reference to the service mesh technology called Istio. The article incorrectly stated that Istio, which is used to connect, manage and secure networks of different micro-services, was developed by Sysdig. The service mesh was jointly developed by IBM, Google and Lyft to support traffic flow management, access policy enforcement and telemetry data aggregation between micro-services.