I sat down for this edition of The New Stack Makers podcast to discuss The State of the Kubernetes Ecosystem and how Twistlock is rethinking the developer pipeline for securing hyperscale applications. Check out some of the talking points below, and listen the entire podcast here.
[2:30] The advantages of shift left security in the development process, and how the more that can be done to identify and remediate the problem earlier in the lifecycle, the better it is for everyone. Its lower risk, lower cost and more efficient. Twistlock gives developers actionable information early in that lifecycle.
[6:05] Twistlock’s Jenkins plugin works to give you a graphical, tabular, easy to use way of showing vulnerability and compliance posture inside of the native tool that you’re using to do all your builds – without the need to run a separate process to evaluate the security of the build.
[10:05] The fundamental differences between securing containers vs. securing virtual machines:
- With containers you are talking about a lot more entities
- These entities change and update a lot more frequently
- There’s a lot more security responsibility that needs to be baked in upstream – and a lot more responsibility on the developer
[15:40] There are some things that containers do differently than VM’s that can give you some security advantages as the defender. [16:45] If you have the right tools that enable you to take advantages of those container characteristics, you can add a lot of value and benefit in terms of protecting the application and re-enforcing quality standards upstream in the development. As well as downstream by being able to create security policies that are specific to that application. The way that containers work really enable a new model for security.
[18:00] The reality of securing microservices and the value-add if tools are leveraged correctly.
[21:00] The value of creating secure code from the beginning of the process and enforcing a better communications process. It gives developers more time to focus on the security of their own code. The more time you have to focus on your own value-add versus repackaging up stuff that the others have, the more value that you’re able to create for your organization.
Get your copy of The State of the Kubernetes Ecosystem Ebook here.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Baking Compliance in your CI/CD PipelineRead the Blog
Serverless Security Suggestions: Tips for Keeping Serverless Functions SecureRead the Blog
Why a Common Security Toolset is Essential for DevSecOpsRead the Blog
Putting the “Ops” in DevSecOps: Why It’s Hard and How to Do ItRead the Blog
Why the Point Solution Mindset for IT Security is DeadRead the Blog