Red Hat Bolstering Its OpenShift Kubernetes Security with Acquisition of StackRox
Red Hat is bringing deeper security capabilities to its popular Red Hat OpenShift enterprise Kubernetes platform through the acquisition of container and Kubernetes security vendor StackRox.
The deal is the latest part of Red Hat’s road map to deliver a single, holistic platform that enables customers to build, deploy and securely run nearly any application across hybrid clouds, according to the company.
No price tag was given for the acquisition, which is expected to close in the first quarter of 2021. This is Red Hat’s first corporate acquisition since it was itself acquired by IBM in 2019.
The move aims to help the open source software powerhouse work to allay security concerns about using containers and Kubernetes, which has been cited by research firm, Gartner, as a continuing challenge for the technologies. By integrating StackRox technologies, Red Hat hopes to mitigate those concerns, according to the vendor.
Using the StackRox tools, Red Hat says it will focus on transforming how cloud-native workloads are secured by expanding and refining Kubernetes’ native controls. Red Hat says it also plans to shift security into the container build and CI/CD phase to enhance security up and down the entire IT stack and product lifecycles.
"Securing Kubernetes workloads and infrastructure cannot be done in a piecemeal manner; security must be an integrated part of every deployment, not an afterthought,” Red Hat president and CEO Paul Cormier said in a statement. “Red Hat adds StackRox's Kubernetes-native capabilities to OpenShift's layered security approach, furthering our mission to bring product-ready open innovation to every organization across the open hybrid cloud across IT footprints."
Expanding Security for Red Hat’s Product Portfolio
Ashesh Badani, Red Hat’s senior vice president of cloud platforms, told EnterpriseAI that the move should not be a huge surprise for customers because the company has long worked hard to address security concerns with its open source applications and platforms.
“We've been doing that on the Enterprise Linux front for two decades or more now,” said Badani. “We've got a Linux distribution and we put a lifecycle ecosystem around it, then obviously make sure to invest heavily with regard to security considerations for running an OS at scale for mission critical applications. Then what we've been seeing as we've been in the Kubernetes market since its earliest days since 2015.”
Improvements in Kubernetes security follow that same path, he said. “A container is essentially a Linux process, so there's a lot of Linux-related security that accumulates into Kubernetes security. So, we're investing in things like Linux namespaces for container isolation [and] doing workaround application isolation.”
Adding StackRox’s technologies will help further drive those goals, Badani added. “We've been thinking a lot about how can we invest more in a particular approach to Kubernetes security that StackRox brings,” he said.
Badani gave more details about the acquisition and its technology match-up with Red Hat in a recent blog post.
Over time, StackRox’s technologies will all be offered as open source by Red Hat. Presently, only some of StackRox’s applications are open source, said Badani.
Positive Move for Kubernetes Security
Dan Olds, the principal analyst for Gabriel Consulting Group, told EnterpriseAI that because StackRox was previously well-integrated with Red Hat OpenShift, the transition will be smooth for customers.
“Having a huge industry player like Red Hat purchase StackRox is a very good thing for Kubernetes and will help bolster and further develop container security mechanisms,” said Olds. “In these days when security is uppermost on nearly every CIO’s mind, it makes sense for Red Hat to add a company like StackRox to their security portfolio.”
In addition, while the acquisition is initially a play for Red Hat’s cloud native platform, Olds said he expects to see this technology filter down to non-cloud users over time. “It would be a great boon for them,” he said.
Kamal Shah, the president and CEO of StackRox, said in a statement that his company’s initial focus was on runtime security for containers. “Over time, based on customer feedback and industry trends around DevSecOps and shift-left security, we expanded the product footprint to cover use cases across the build and deploy phases of the container lifecycle.”
That led almost three years ago to the strategic decision to focus exclusively on Kubernetes, while pivoting its software to be Kubernetes-native. “While this seems obvious today; it wasn’t so then,” he wrote. “Fast forward to 2020 and Kubernetes has emerged as the de facto operating system for cloud-native applications and hybrid cloud environments.”
The acquisition by Red Hat will help StackRox accelerate product innovation and achieve far greater scale on a global level than it would be able to achieve as an independent startup, wrote Shah. “Red Hat sees the tremendous Kubernetes security benefits our customers have enjoyed, understands how security remains a top priority, and knows that together we can further increase the value we provide to our customers.”