I sat down for this edition of The New Stack Makers podcast to discuss The State of the Kubernetes Ecosystem and how Twistlock is rethinking the developer pipeline for securing hyperscale applications. Check out some of the talking points below, and listen the entire podcast here.
[2:30] The advantages of shift left security in the development process, and how the more that can be done to identify and remediate the problem earlier in the lifecycle, the better it is for everyone. Its lower risk, lower cost and more efficient. Twistlock gives developers actionable information early in that lifecycle.
[6:05] Twistlock’s Jenkins plugin works to give you a graphical, tabular, easy to use way of showing vulnerability and compliance posture inside of the native tool that you’re using to do all your builds – without the need to run a separate process to evaluate the security of the build.
[10:05] The fundamental differences between securing containers vs. securing virtual machines:
- With containers you are talking about a lot more entities
- These entities change and update a lot more frequently
- There’s a lot more security responsibility that needs to be baked in upstream – and a lot more responsibility on the developer
[15:40] There are some things that containers do differently than VM’s that can give you some security advantages as the defender. [16:45] If you have the right tools that enable you to take advantages of those container characteristics, you can add a lot of value and benefit in terms of protecting the application and re-enforcing quality standards upstream in the development. As well as downstream by being able to create security policies that are specific to that application. The way that containers work really enable a new model for security.
[18:00] The reality of securing microservices and the value-add if tools are leveraged correctly.
[21:00] The value of creating secure code from the beginning of the process and enforcing a better communications process. It gives developers more time to focus on the security of their own code. The more time you have to focus on your own value-add versus repackaging up stuff that the others have, the more value that you’re able to create for your organization.
Get your copy of The State of the Kubernetes Ecosystem Ebook here.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Multiple Registry Scanners: 2.4 Deep Dive
At Twistlock, we’ve watched our customers implement security through...
The Challenges of Securing and Protecting Containers During Runtime
Containers deliver many advantages over virtual machines, but they als...
Infinite Scale and Multitenancy with Projects: 2.4 Deep Dive
At Twistlock, we’re working with enterprises across almost every ind...
Twistlock 2.4 Release Notes
Announcing Twistlock 2.4 We just signed off on Twistlock 2.4, the 13th...
5 Ways to Solve for Enterprise Cloud Security Challenges and Risks
Infrastructure as a Service (IaaS) clouds present a somewhat unique se...