With the advent of Agile software development and cloud computing, developers needed a better way to develop applications. Rather than create what some refer to as monolithic applications where all the code gets packaged into one big single product, developers create smaller components. However, the developer still needs to run their apps somewhere.
You may have heard about microservices that can run as incredibly small bites of code using features like AWS Serverless Lambda and Azure Functions. Creating those small bites of code, managing them, orchestrating them, and dealing with limitations means developers need a more robust platform. That is where Kubernetes and containers come in to solve that problem.
A very simplistic explanation of containers is to compare them to using virtual machines. Unlike an application that runs on a single virtual machine with a specified operating system, developers might create many containers that serve a particular need for their application. Code that may have run on one virtual machine might run on many containers. Developers worry less about the operating system and more about the code they are producing.
Unfortunately, the bad news is Kubernetes and containers can be vulnerable. The list of security policies, settings, and configurations are significant and very much open to human misconfiguration issues. Without a properly secured container and Kubernetes environment, you need to put standards and practices in place. Ideally, you also have tools in place that maintain the standards and reinforce good behaviors.
In today’s T-Suite Podcast, I speak again with Kamal Shah, CEO of StackRox. (We spoke earlier this year about containers, Kubernetes, and keeping modern applications secure.) This time Kamal talks about a recent industry report that highlights top-of-mind security considerations for keeping Kubernetes and container applications secure.
Special thanks to Dex Polizzi from Lumina PR for introducing me to Kamal.