Shipa Module Surfaces K8s Security and Compliance Issues

Shipa today added a Shipa Insights module to its cloud platform to provide additional visibility into Kubernetes security and compliance policy enforcement across all workloads.

Ravi Lachhman, field CTO at Shipa, says Shipa Insights makes it possible to scan workloads to make sure they comply with all current policies without requiring changes to existing pipelines or cluster components.

DevOps Connect:DevSecOps @ RSAC 2022

Shipa Insights makes it possible to more easily understand any workload’s policy posture, support, history, metadata and the workload’s integration into incident management platforms, says Lachhman. It also includes a policy violation report, which identifies any containers with policy violations. IT teams can then use Shipa Cloud to implement or update frameworks as required, says Lachhman.

Obviously, security and compliance become more challenging to manage as the number of Kubernetes clusters used expands. Often, the team that may have originally deployed any given Kubernetes cluster is not the same one that manages it now. Shipa Insights makes it possible to surface the security and compliance posture of any cluster, regardless of who deployed it, notes Lachhman.

Shipa Cloud exposes an application programming interface (API) that detaches the cloud-native application layer from the underlying infrastructure. The goal is to manage applications as code using a set of pre-defined governance and security policies in much the same way infrastructure is now managed, says Lachhman.

Previously, many IT teams built the equivalent of Shipa Cloud themselves, but found maintaining that custom platform challenging, notes Lachhman.

It’s not clear whether building and deploying cloud-native applications on Kubernetes clusters will drive organizations to revisit their current DevOps workflows. It’s also not clear if that will push them to adopt, for example, GitOps workflows that unify the management of applications and infrastructure. However, as cloud-native applications are deployed alongside monolithic applications, Shipa is clearly betting more organizations will be looking to automate application management to a much deeper degree.

In the meantime, it’s not clear whether the proliferation of Kubernetes clusters in the enterprise will lead to the wider adoption of DevOps in general and GitOps in particular. As IT teams increasingly deploy fleets of Kubernetes clusters across an extended enterprise, there is a unique opportunity to centralize the management of those clusters via a standard set of APIs. In the longer term, those APIs will become the foundation on which a hybrid cloud computing environment can be implemented; it’s clear there is a symbiotic relationship between DevOps and Kubernetes. Many organizations may have also already implemented a DevOps workflow, but the level of maturity IT teams have in terms of their ability to continuously build and deploy cloud-native applications based on microservices varies widely. In fact, many organizations will be automating application delivery for the first time.

Regardless of the approach to application development and delivery, the way IT teams work will evolve as more microservices-based applications are built and deployed on Kubernetes clusters. The challenge is determining how specific IT roles will change as the management of cloud-native applications evolves.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1347 posts and counting. See all posts by Mike Vizard