Aqua Security Extends Container Security Platform
Aqua Security today announced it has natively extended the reach of its container security platform to include serverless computing frameworks.
Version 3.5 of Aqua Container Security Platform (CSP) adds a risk assessment for serverless functions that scans for known vulnerabilities, embedded secrets and cloud permissions. Rani Osnat, vice president of product marketing for Aqua Security, said serverless support is now managed with the same console Aqua provides to manage container security. That approach will make it easier for Aqua to support multiple serverless computing frameworks, as it appears there will be no single standard, Osnat said.
Previously, Aqua Security had relied on third-party alliances to secure functions on serverless computing frameworks. But as serverless computing continues to evolve, serverless computing frameworks are becoming extensions of container platforms. Typically, long-running applications will continue to run as containers, while invoking functions to create a child process to process a complementary stateless workload. Given that relationship, IT organizations will need to couple security for containers and serverless computing frameworks tightly via a common policy enforcement layer spanning containers, serverless containers and serverless functions, Osnat said.
Other capabilities being added to Aqua CSP 3.5 include the ability to now encrypt the entire contents of a container image. That image can only be decrypted when a valid key is provided at the time the container is instantiated. In effect, Osnat said that encryption capability adds the equivalent of a digital rights management capability for containers.
Aqua has also added support for more contextual runtime policies using dozens of parameters such as Kubernetes deployment and namespace, image registry prefix and environment variables to allow cybersecurity teams to apply stricter policies to applications with higher trust requirements. Aqua also has added support for more granular role-based controls to limit who can apply security policies within a DevOps team.
Finally, Aqua has added a tabular and graphical views through which workloads running as Docker containers on Kubernetes clusters can be more easily tracked.
In many ways the rise of containers is forcing organizations of all sizes to confront a host of DevSecOps issues. In the same way that organizations need to employ DevOps processes to bring some order to a potentially chaotic container environment, it’s now apparent the rate at which containers are being deployed and updated requires developers to assume more responsibility for programmatically applying security controls within their applications. IT security professionals are still responsible for determining what controls need to be applied, but the task of implementing those controls is shifting left toward developers as best DevSecOps practices start to become more widely adopted.
Naturally, the rate at which organizations embrace DevSecOps practices will vary widely. In many cases, cybersecurity teams are once again playing catchup with developers who first embraced containers and now serverless computing frameworks with little regard to the cybersecurity implications. The challenge is now finding a way to make sure all the appropriate controls get applied without necessarily slowing down the rate at which applications are being developed.