Fairwinds Melds Kubernetes Security and Governance

Fairwinds has updated its Kubernetes governance platform to include the ability to automatically scan YAML files and Helm charts stored in GitHub repositories.

Announced at the recent KubeCon + CloudNativeCon Europe 2022 conference, the latest edition of Fairwinds Insights also adds the ability to identify the riskiest container images across Kubernetes clusters, recommend upgrade and remediation options and an ability to recommend newer versions of third-party images with fewer vulnerabilities.

Finally, Fairwinds Insights adds support for the open source Falco container runtime security software to boost container security.

Joe Pelletier, vice president of product for Fairwinds Insights, says the updates are designed to enable IT teams that have adopted Kubernetes to implement DevSecOps best practices to better secure modern cloud-native applications. Many of those applications are now being built using GitOps workflows that integrate the management of infrastructure-as-code with the management of application development and deployment. The latest version of Fairwinds Insights has been extended to support the GitHub repositories where all that code is most often stored, he says.

Support for additional Git-based repositories will be evaluated based on demand, notes Pelletier. Ultimately, the goal is to make securing cloud-native applications running on Kubernetes clusters as frictionless as possible for developers, says Pelletier.

As the responsibility for application security continues to shift left, more organizations are trying to strike the right balance between teaching developers to write more secure code and embedding guardrails in DevOps platforms that prevent development teams from making security mistakes. The challenge they face is that cloud-native application environments are more complex than legacy monolithic applications, so the odds a developer will make a mistake is often higher. On the plus side, it’s easier to rip and replace containers that have vulnerabilities than it is to patch a legacy monolithic application. Over time, the overall state of application security should improve as more cloud-native applications are deployed.

Git-based repositories also further that goal by providing a central location for scanning all the code being employed by an application development team to both build applications and provision infrastructure. Developers that lack cybersecurity expertise and who are responsible for provisioning infrastructure are especially problematic; misconfigurations make it possible for data, for example, to be exfiltrated via ports that have been accidentally left open. An analysis published by Fairwinds last fall found almost a quarter (24%) of the IT sites surveyed have 91% to 100% of their workloads running with at least one insecure capability enabled.

The shift to cloud-native applications presents IT organizations with a unique opportunity to rethink their approach to application security. It’s still early days as far as the adoption of DevSecOps and GitOps is concerned, but with so much more focus these days on securing software supply chains the number of organizations embracing these best practices should increase. The primary goal is to increase the overall security of applications without slowing down the rate at which they are developed.

Naturally, achieving that goal will require a much higher degree of convergence between security operations and the overall governance of those platforms—which is, arguably, long overdue.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1634 posts and counting. See all posts by Mike Vizard