Tigera has extended its ability to apply security policies across multiple clusters inside and out of the cloud as part of an ongoing effort to provide an alternative to firewalls for securing containerized applications.
Company CEO Ratan Tipirneni says version 2.1 of CNX enables IT organizations to apply rules spanning hybrid environments that can include both container-based and legacy workloads. The latest release also adds support for detailed policy auditing, five-tuple logging of all east-west container traffic, integration to existing security event information management (SIEM) tools and enhanced anomaly detection and alerting.
Traditional firewalls don’t lend themselves to containerized environments, Tipirneni says, because it’s too hard to dynamically adjust firewall rules. CNX is designed specifically to create an encrypted zero-trust security model built on top of a flat IP networking model based on an open source software-defined network created using Project Calico software. That approach makes it possible to extend security polices to both clusters such as Kubernetes as well as virtual machines, he notes, adding those policies are presented in the form of labels that IT administrators or cybersecurity professionals can easily apply and adjust.
As DevSecOps continues to evolve, Tipirneni says it’s become more apparent that organizations want a fine-grained approach to applying polices against containers, which tend to be a lot more ephemeral than legacy applications. Those policies also need to be applied across hybrid cloud computing environments made up of containers, virtual machines and bare-metal servers that Tipirneni notes will be running alongside one another for at least the next decade. Achieving both of those goals is too difficult relying on traditional firewalls, says Tipirneni. In fact, as IT organizations make this transition many of them are discovering there is no such thing as a network perimeter, where firewalls traditionally have been applied. To support containers, many organizations find themselves opening so many ports on a traditional firewall that it renders those platforms from a cybersecurity perspective to be all but useless, he says.
Tipirneni notes that one of the biggest drivers of change in how security policies are applied in modern IT environments are compliance mandates. IT organizations are looking to embrace zero-trust security models that, by default, enable them to comply with any number of regulations in a way that is easily documented. That’s especially compelling when it comes to containers that tend to run for only short periods of time, he says. In addition, many organizations that have embraced containers are now starting to appreciate the rigors of regulations such as the General Data Protection Rule (GDPR) being implemented this month by the European Union, which requires IT organizations to be able to demonstrate who in the organization has access to what data precisely when.
Tigera is facing off against rivals that are applying firewalls to containerized applications. It remains to be seen who will prevail when it comes to securing containers. Many providers of existing firewall platforms are endeavoring to extend their reach into containerized applications. But it may turn out that new ways of securing containerized applications are extended back to secure legacy applications as well.