There’s no shortage of container orchestration platforms these days, but most of them don’t go beyond managing the containers themselves. Capital One Financial Corp., however, is offering its own orchestration platform the company says makes it easier to to also implement security and compliance policies.
Critical Stack began development in 2014 by its namesake company and was acquired by Capital One in 2016. Liam Randall, senior director of software engineering for Capital One, has lead its development since its inception. Now that Critical Stack is officially in beta, Randall says Capital One is exploring whether to make the container orchestration platform available under a commercial license. However, the company is running Critical Stack in a production environment today, he says.
Critical Stack is based on a derivative of the Red Hat Enterprise Linux operating system that is compatible with Kubernetes 1.8. In effect, Randall says it provides a platform-as-a-service (PaaS) environment that has been extended to make it easier for IT organizations to declaratively apply security and compliance policies to workloads running on the platform.
As IT security continues to shift left as part of their transition to DevSecOps, Randall says organizations need to be able to manage IT at much higher levels of abstraction. Otherwise, it becomes too difficult for developers to master every low-level technology required to implement, for example, a compliance or security control. Capital One has also added a container marketplace to Critical Stack to make it easier to discover containers.
As platforms for deploying and managing cloud-native applications continue to evolve, there is a lot of jockeying for position occurring. Kubernetes has emerged as a core foundation for CaaS environments being developed by a broad base of vendors, but above Kubernetes will be highly opinionated stacks of software that provide the structure for building and deploying an application. Like most PaaS environments, Critical Stack is also prescriptive in terms of the underlying container networks and storage interfaces it supports, Randall says.
Competition is already fierce at that level of the software stack. While Critical Stack is further along in terms of making it easier to implement those controls than rival PaaS environments, it’s not clear to what degree a unit of Capital One will be able to differentiate over rival PaaS and container-as-a-service (CaaS) environments fueled by a large community of open-source contributors.
Randall notes that Capital One has thousands of developers working on open-source cloud projects, so organizations that embrace Critical Stack will, to a degree, benefit from any Capital One efforts to harden the Critical Stack environment.
It’s not uncommon for IT organizations operating at the scale of Capital One to find commercial platforms aimed at the average IT environment to not fully satisfy their internal needs. Capital One also would like to find some way to fund those ongoing efforts by deriving revenue from its intellectual property. At the same time, some organizations that compete with Capital One might be wary of relying on code mainly curated by a rival.
Capital One is not the only IT organization venturing into commercial software these days. GE, for example, has built out large portfolio of analytic services aimed at internet of things (IoT) environments and Amazon, of course, is using Amazon Web Services (AWS) to offset its e-commerce investments. Nevertheless, most internal IT organizations usually have their hands more than full when it comes satisfying their internal customers, much less any external ones.