I sat down for this edition of The New Stack Makers podcast to discuss The State of the Kubernetes Ecosystem and how Twistlock is rethinking the developer pipeline for securing hyperscale applications. Check out some of the talking points below, and listen the entire podcast here.
[2:30] The advantages of shift left security in the development process, and how the more that can be done to identify and remediate the problem earlier in the lifecycle, the better it is for everyone. Its lower risk, lower cost and more efficient. Twistlock gives developers actionable information early in that lifecycle.
[6:05] Twistlock’s Jenkins plugin works to give you a graphical, tabular, easy to use way of showing vulnerability and compliance posture inside of the native tool that you’re using to do all your builds – without the need to run a separate process to evaluate the security of the build.
[10:05] The fundamental differences between securing containers vs. securing virtual machines:
- With containers you are talking about a lot more entities
- These entities change and update a lot more frequently
- There’s a lot more security responsibility that needs to be baked in upstream – and a lot more responsibility on the developer
[15:40] There are some things that containers do differently than VM’s that can give you some security advantages as the defender. [16:45] If you have the right tools that enable you to take advantages of those container characteristics, you can add a lot of value and benefit in terms of protecting the application and re-enforcing quality standards upstream in the development. As well as downstream by being able to create security policies that are specific to that application. The way that containers work really enable a new model for security.
[18:00] The reality of securing microservices and the value-add if tools are leveraged correctly.
[21:00] The value of creating secure code from the beginning of the process and enforcing a better communications process. It gives developers more time to focus on the security of their own code. The more time you have to focus on your own value-add versus repackaging up stuff that the others have, the more value that you’re able to create for your organization.
Get your copy of The State of the Kubernetes Ecosystem Ebook here.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Container Compliance: HIPAA, PCI, NIST & GDPR = Oh My! | 2.3 Deep Dive
At Twistlock, we work with large enterprises to startups around the wo...
Serverless Security: 2.3 Deep Dive
It wasn’t long ago that only the most leading-edge technology compan...
Blocking Malicious Behavior and Exploits in Containers with Twistlock
At Twistlock Labs, we continuously try to get into the minds of attack...
Twistlock Per-Layer Vulnerability Analysis: 2.3 Deep Dive
In today’s blog we take a deep dive into a new capability in Twistlo...
Twistlock 2018 Predictions: Security as a Primary Focus
This post originally appeared on vmblog.com From political scandals, t...