StackRox’s Kubernetes Security Platform is helping keep Kubernetes instances more secure for Sumo Logic
Once an organization decides to embrace containers and Kubernetes, it’s only a question of when cybersecurity issues will be raised. Based on the experiences of Sumo Logic, a provider of IT monitoring software, the sooner organizations have that conversation with all the stakeholders involved, the better off everyone involved will be.
Sumo Logic first embraced Kubernetes in 2017. By the beginning of 2019, the company deployed a Kubernetes security platform from StackRox to secure its entire container platform.
The decision to go with StackRox was driven by a preference to secure the entire application environment rather than relying on an approach that would require Sumo Logic to deploy security tools in a “sidecar” fashion that would have to be secured as well, says George Gerchow, chief security officer at Sumo Logic.
“We would have had to lock down the sidecars, too,” says Gerchow. “I didn’t want to have to stitch all that together.”
The instances of Kubernetes that Sumo Logic employs run on the Amazon Web Services (AWS) public cloud. The StackRox Kubernetes Security Platform essentially provides a set of security guardrails for developers to observe as they build and deploy applications, including proactively identifying misconfigurations across images, containers, clusters, Kubernetes and network policies.
Other features of the StackRox Kubernetes Security Platform include rules, whitelists and behavioral modeling to identify and prevent suspicious or malicious activity, as well as tools that identify risk levels in a way that enables developers to prioritize remediation efforts.
The biggest challenge Sumo Logic encountered, however, had little to do with the StackRox technology itself; rather, the introduction of a platform to secure the Kubernetes platform required changes to the workflows that developers had already put in place, especially as the StackRox platform was integrated more deeply with the continuous integration/continuous delivery (CI/CD) platform Sumo Logic already had in place. That transition required a lot of conversations with software engineers that Gerchow wishes he had initiated sooner—DevOps teams are always concerned about the impact any new tool might have on the speed at which applications are built and deployed, he says.
As is often the case in any modern IT environment, there are many more stakeholders—from developers to site reliability engineers (SREs)—who need to be made aware of changes to the IT environment than many cybersecurity teams initially may appreciate. There are often just as many stakeholders who benefit from a platform such as the StackRox Kubernetes Security Platform without even being aware of it. For example, one of the primary benefits of the StackRox Kubernetes Security Platform is that the controls needed to comply with standards such as CIS Benchmarks for Docker and Kubernetes and NIST SP 800-190 are built into the platform. That capability alone reduced many headaches Sumo Logic might have encountered in trying to pass multiple audits of a containerized application environment, Gerchow notes.
The good news, of course, is that more attention is being paid to application security across most organizations. From a deployment perspective, however, that also can be the bad news, should any of those stakeholders fall out of the cybersecurity loop.