HyTrust unveiled HyTrust CloudControl 6.0, which, for the first time, adds support for both containers and virtual machines running on Amazon Web Services (AWS) to a platform that automates deployment of security controls.
Fred Kost, senior vice president of marketing for HyTrust, says the company has added two editions. The first supports instances of Kubernetes running on AWS, including the underlying infrastructure on which Kubernetes is deployed. The second supports the virtual machines that AWS makes available on its public cloud. This is the first time both editions are available on a platform other than VMware.
Kost says the primary driver behind the move is existing HyTrust customers want to be able to apply the same security polices they apply on-premises to the AWS cloud using a single pane of glass regardless of what hypervisor is being employed.
Specific capabilities included in HyTrust CloudControl Container Edition are the ability to assess the integrity of an image using component analysis tools, as well as support for controls that dictate who has permission to deploy what containers where. A runtime monitoring tool scans the containers in a production environment to detect any policy deviations.
To manage the container deployment process HyTrust also makes available dashboards through which IT organizations can easily determine the organization’s overall security posture. However, HyTrust has no immediate plans to support bare-metal deployments of Kubernetes, largely because most instances of containers running on Kubernetes are being deployed on top of hypervisors, says Kost. The company currently is not prepared to discuss how support for Kubernetes might be extended to other platforms. Kubernetes may be highly portable, but each individual platform it might be deployed on has its own underlying nuances that need to be mastered, notes Kost.
Containers can be especially challenging from a compliance perspective. Most containers are ephemeral in nature. They are likely to be replaced frequently, which makes documenting a chain of control for auditors a complex undertaking. HyTrust CloudControl Container Edition automates that process in a way that enables IT organizations to quickly document how the overall container environment is being managed, which in turn helps organizations start to develop more mature DevSecOps processes.
Documenting container environments is becoming a bigger issue as developers continue to embrace containers at rates that IT operations and cybersecurity professionals are finding a challenge. No one necessarily wants to be seen slowing down the rate of application development. However, the prospect of incurring a fine for failing to comply with one mandate or another is an equally unpleasant prospect.
Obviously, developers, IT operations teams and cybersecurity teams need to come to terms with a new container reality. In some instances, that may mean there is a need for new tools. In other cases, the path of least resistance is to extend existing tools and platforms to support containers. Whatever the ultimate path chosen, the one thing that is for certain is the way developers, IT operations teams and cybersecurity teams work together is about to be forever changed.