I sat down for this edition of The New Stack Makers podcast to discuss The State of the Kubernetes Ecosystem and how Twistlock is rethinking the developer pipeline for securing hyperscale applications. Check out some of the talking points below, and listen the entire podcast here.
[2:30] The advantages of shift left security in the development process, and how the more that can be done to identify and remediate the problem earlier in the lifecycle, the better it is for everyone. Its lower risk, lower cost and more efficient. Twistlock gives developers actionable information early in that lifecycle.
[6:05] Twistlock’s Jenkins plugin works to give you a graphical, tabular, easy to use way of showing vulnerability and compliance posture inside of the native tool that you’re using to do all your builds – without the need to run a separate process to evaluate the security of the build.
[10:05] The fundamental differences between securing containers vs. securing virtual machines:
- With containers you are talking about a lot more entities
- These entities change and update a lot more frequently
- There’s a lot more security responsibility that needs to be baked in upstream – and a lot more responsibility on the developer
[15:40] There are some things that containers do differently than VM’s that can give you some security advantages as the defender. [16:45] If you have the right tools that enable you to take advantages of those container characteristics, you can add a lot of value and benefit in terms of protecting the application and re-enforcing quality standards upstream in the development. As well as downstream by being able to create security policies that are specific to that application. The way that containers work really enable a new model for security.
[18:00] The reality of securing microservices and the value-add if tools are leveraged correctly.
[21:00] The value of creating secure code from the beginning of the process and enforcing a better communications process. It gives developers more time to focus on the security of their own code. The more time you have to focus on your own value-add versus repackaging up stuff that the others have, the more value that you’re able to create for your organization.
Get your copy of The State of the Kubernetes Ecosystem Ebook here.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
How My Company (Teckro) Uses ContainersRead the Blog
Mitigating CVE-2019-5736 Impacting RunC and DockerRead the Blog
From Agile to DevSecOps and DevOps SecurityRead the Blog
What’s Next for Cloud-Native Infrastructure Technology?Read the Blog
Cloud Native Security Beyond Your Cloud Vendor’s ToolsRead the Blog