Alcide Advances DevSecOps in Kubernetes Environments

Alcide is moving to advance the adoption of best DevSecOps practices among developers of containerized applications running on Kubernetes platforms by making its container security platform available via a command-line interface (CLI).

Company CTO Gadi Naor says Alcide sKan makes it easier for developers to scan source code for vulnerabilities within the context of existing DevOps processes. That approach is critical because it means developers can invoke a cybersecurity tool without having to substantially alter their existing workflow processes, he says.

For example, in addition to scanning Kubernetes deployment files, sKan can scan Helm charts, Kubernetes application programming interfaces known as customized resources or plain Kubernetes resource files such as YAML files or Javascript Object Notation (JSON) file formats.

Based on the same core cybersecurity software Alcide employs in Alcide Advisor and Open Policy Agent tools, sKan can be employed to discover both vulnerabilities and potential compliance issues, Naor says.

Ultimately, the goal is to make it easier to incorporate Kubernetes security software from Alcide within the context of a larger DevOps ecosystem, he adds.

In fact, Naor notes, the biggest obstacle when it comes to adopting DevSecOps is not so much resistance to giving developers more control as much as it is providing them with access to tools that manifest themselves as a natural extension of the way they already work. Organizations then need to also provide a platform through which cybersecurity teams can easily define policies and verify they’ve been implemented, he says, noting that, in effect, cybersecurity needs to shift simultaneously left and right.

As part of an effort to enable organizations to achieve that goal, Alcide is providing educational resources to train developers on how best to implement role-based access control (RBAC), for example. In the absence of tools and training, many organizations are simply trying to make developers more accountable for cybersecurity without providing any means for enabling developers to practically implement any of the cybersecurity controls required.

It’s not clear right now who inside any organization is leading the DevSecOps charge. Developers are clearly exercising more influence and control over which platforms are employed within the enterprise. Cybersecurity teams, however, are still coming to terms with the degree of control they need to cede to developers. Most of them recognize there is not enough cybersecurity expertise available to participate in application development projects. At the same time, many cybersecurity teams traditionally have been wary of developers who, from their perspective, carelessly introduce vulnerabilities into applications that later lead to a major breach.

On the plus side, containers make it a lot easier to rip and replace vulnerabilities once they are discovered. In an ideal world, developers will discover most of those vulnerabilities long before an application is ever deployed. The best part about that, of course, is that it means no one in the rest of the IT organization may never need to know a vulnerability ever existed in the first place.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.