New Analysis by Alcide Finds 89% of Kubernetes Deployments Not Leveraging Secrets Resources
TEL AVIV, Israel and SAN FRANCISCO, July 15, 2019 (GLOBE NEWSWIRE) — Alcide, the Kubernetes network security leader empowering DevOps and security teams with continuous security for workloads running on Kubernetes, today shared the findings from a recent cross-environment analysis, leveraging its Alcide Advisor, a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes and Istio security best practices and compliance checks. The analysis reveals that DevOps teams face significant challenges and gaps following best practices for Kubernetes secrets handling and network policies. Specifically, 89% of deployment scans show that companies are not using Kubernetes’ secrets resources, with secrets wired in the open. Moreover, over 75% of the scanned deployments use workloads, which mount high vulnerability host file systems such as /proc; while none of the surveyed environments show segmentation implementation using Kubernetes’ network policies.
Now fully integrated with Azure DevOps, Alcide Advisor scans Kubernetes clusters for known vulnerabilities on the master API server and worker node components, including container runtime. This comprehensive capability enables multiple types of Microsoft Kubernetes customers with continuous CI/CD pipeline integration, including managed clusters like Kops, AKS Engine or managed Kubernetes services like AKS. The Azure DevOps/ Alcide Advisor integration also facilitates the cloud-native pace needed to support dynamic deployments, with continuous vulnerabilities and threat scans, critical for customers with multiple teams involved. The new solution is now available in the Microsoft Visual Studio Marketplace.
“AKS is quickly gaining ground as the platform of choice for cloud-native applications, especially those workloads calling for dynamic scaling,” said Jeana Jorgensen, General Manager, Microsoft. “Alcide’s innovations for Kubernetes multi-cluster hygiene and its integration with Azure DevOps makes continuous security a built-in process spanning Dev and DevOps. The way they facilitate and automate AKS onboarding enables developers to maintain their creativity without compromising security.”
“With Alcide Kubernetes Advisor, Eupraxia Labs has been able to significantly reduce security drifts in our entire CI/CD pipeline – from development and staging, all the way to production,” said David J. Brewer, founder at Eupraxia Labs, a software vendor running on Azure AKS, which delivers free or open source software to accelerate the development of business applications. “We began looking into dedicated Kubernetes products, and after comparing several solutions, it became very clear to us that Alcide’s next-generation product was way ahead of the market.”
“The increasing complexity of multi-cluster Kubernetes environments and the persistent lack of connectivity with DevOps workflows is complicating efforts by DevOps teams to keep pace with vulnerabilities and best practices,” said Gadi Naor, CTO and co-founder of Alcide. “Alcide Advisor, built specifically for Kubernetes, automates and integrates cluster hygiene into the CD process natively, to arm DevOps teams to immediately identify potential vulnerabilities, configuration drifts and threats, without sacrificing agility.”
The Alcide team will be showcasing the Azure DevOps integration for Alcide Advisor at Microsoft Inspire. Click here to schedule a meeting.
Alcide is a cloud-native security leader empowering DevSecOps teams to continuously secure and protect their growing multi-cluster Kubernetes deployments. By automatically discovering, managing and enforcing security policies across deployments, Alcide’s Microservices Firewall for K8s and Istio enables unified code-to-production enforcement of security policies spanning networks and workloads. This enables the smooth operation of business apps while protecting cloud deployments from malicious attacks.