Google made a number of big announcements this summer at its Google Cloud Next conference. Two particularly notable announcements were the Google Kubernetes Engine (GKE) serverless add-on and Knative, both of which are designed to help organizations take advantage of the greater scalability, flexibility and portability of a serverless container environment based on Kubernetes. Of course, regardless of whether your containers run on a server, you still need to secure and protect them.
Google Cloud Next
Kubernetes has established its dominance in the container orchestration platform space. It is not the only orchestration solution out there, but it has managed to become the de facto standard in much the same way Docker is synonymous with containers.
Google developed GKE to offer customers a reliable, efficient and secure way to run Kubernetes clusters. It is a managed, production-ready environment for deploying containerized applications, giving organizations a framework that enables them to accelerate time to market.
At the Google Cloud Next conference, Google unveiled a new GKE serverless add-on that lets customers run serverless workloads on GKE with one-step deployment. According to a blog post from Google, “You can go from source to containers instantaneously, auto-scale your stateless container-based workloads, and even scale down to zero.”
In addition, Google announced Knative. Google recognizes that some organizations need to run container environments on-premises or in hybrid scenarios that span multiple clouds. Knative is an open source set of components, based on the same technology as the GKE serverless add-on, that provides organizations with the building blocks necessary to deploy container-based serverless applications across various platforms.
“Knative focuses on the common but challenging parts of running apps, such as orchestrating source-to-container builds, routing and managing traffic during deployment, auto-scaling workloads, and binding services to event ecosystems,” according to Google.
Securing and Protecting Containers in a Serverless World
Awesome. Now you can run containers on serverless environment in the Google Cloud using the GKE serverless add-on and you can take advantage of Knative to run those same serverless containerized applications anywhere, on any cloud or infrastructure supported by Kubernetes. You also need to secure and protect those containers.
When it comes to container security, there are plenty of reasons to choose a container-native solution, regardless of what platform you run it on. Container security solutions that require root or elevated privileges to gain visibility into the containers expose you to additional potential risk, and solutions that rely on a software agent being installed limit the portability—and possibly scalability—of the containers, which are key reasons companies adopt containers in the first place.
The best way to get comprehensive visibility and protection for containers in any environment is by building security directly into each individual container. When you’re working in a serverless environment, such as with the GKE serverless add-on or Knative, it is the only way to effectively secure your containers. There is no underlying operating system on which to provide root access to or to install agent software—your only option, really, is to deploy containers that have security built-in.
“To address the security and compliance requirements of these new applications and infrastructure, it’s time to embed security into the process and technology from the beginning,” says Asif Awan, co-founder and chief technology officer at Layered Insight.
Serverless platforms are still a relatively young concept, but they are gaining momentum. It’s crucial to keep your eye on where things are going and not paint yourself—or your containerized applications—into a limited or proprietary corner. By choosing container-native security that is not dependent on a particular platform or operating system, you leave yourself free to explore different options and integrate with or migrate to other platforms at will so you can do what makes the most sense for your organizations operationally and financially, without sacrificing security.