Using the Strengths of Cloud Native to Make Security Better
Securing the Cloud Native Continuum
Like a new universe, the cloud native ecosystem is constantly expanding, as new technologies spin up beyond the initial core of containers. As a result, today’s enterprises can gain benefits across the cloud native continuum.
Cloud native technologies span a continuum from VMs to containers to serverless. Explore the benefits and differences in technologies and learn how Twistlock secures the entire cloud native ecosystem.
Twistlock protects your Linux and Windows servers against modern threats, identifies vulnerabilities, and ensures compliance — all under one platform.
VMs provide the greatest levels of isolation, compatibility, and control in the continuum and are suitable for running nearly any type of workload. VMs can be setup in various configurations, deployed either by a human operator or automation, and secured whether or not they include a container runtime.
Twistlock provides unmatched defense in depth for your containerized applications — identifying vulnerabilities and compliance issues across the application lifecycle and providing complete protection at runtime.
Containers provide a balanced set of capabilities and tradeoffs across the continuum. Containers balance separation, excellent compatibility with existing apps, and a high degree of operational control with good density potential and easy integration into software development flows. Containers can be either completely stateless, dynamic, and isolated or highly intermingled with the host operating system and stateful, or anywhere in between.
Twistlock natively deploys with all leading orchestrators and on any cloud to ensure your environment is fully protected no matter where it is or how large it grows.
Containers as a Service platforms, like Google Container Engine, Azure Kubernetes Service, or Amazon Elastic Container Service for Kubernetes, provide a more comprehensive set of capabilities that abstract the complexities involved with hardware and VM provisioning. CaaS platforms are highly optimized for container workloads and combine the container deployment and management capabilities of an orchestrator with their own platform-specific APIs to create and manage VMs.
On Demand Containers
Twistlock protects on-demand container platforms using the same automated policy creation and centralized controls as the rest of your cloud native stack.
On Demand Container platforms, such as AWS Fargate and Azure Container Instances, are a set of technologies designed to trade off some of the compatibility and control of CaaS platforms for lessened complexity and ease of deployment. Users have the ability to simply run a container, without any knowledge or configuration of the underlying hosts or VMs, to potentially increase development efficiency and agility.
Twistlock scans functions during the build and protects them at runtime with our first-to-market security capabilities — preventing risks in your serverless applications.
Serverless functions allow developers to provide only their app code to a service which then instantiates the rest of the stack below it automatically. In serverless apps, the developer only uploads the app package itself, without a full container image or any OS components. The platform, such as AWS Lambda or Knative, dynamically packages it into an image, runs the image in a container and, if needed, instantiates the underlying host OS, VM, and hardware required to run them.
On Demand Containers
Twistlock secures all leading platforms
Security for cloud native applications needs to be just as portable as the containers and functions themselves, which is why we’ve built Twistlock to protect your applications whether Windows or Linux, AWS or Azure, virtual machine or bare metal. Your data is completely under your control at all times and never leaves your control. Twistlock is the single platform to secure your cloud native environment -- no matter what form it takes.
In this white paper, Twistlock CTO John Morello shares a helpful model of viewing the different cloud native technologies as a continuum, to address different scenarios and efficiently choose which combination of technologies work best for running different workloads.