Laura Ferguson
Author Archives: Laura Ferguson
- Home → Author's archive:
Laura Ferguson
The state of cloud-native security 2022 – Tigera’s new market report
We are excited to announce the publication of our first State of Cloud-Native Security market report! The report compiles survey results from more than 300 security and IT professionals worldwide (all of whom have direct container responsibilities), and explores organizations’ needs and challenges when it comes to containers and cloud-native applications, specifically in the areas of security, observability, and compliance.
Report highlights
Our survey results showcase the rise in cloud-native development, while identifying barriers and areas where organizations need support on their cloud-native journey. Some of the report’s key findings include:
- Cloud-native applications gain momentum but present security, compliance, and observability issues.
- While our survey found that 75% of companies are focusing development on cloud-native applications, the increased development (and deployment) also creates the need for more advanced observability and security capabilities.
- Containers require security solutions for runtime, access, and networking.
- 98% of organizations need container security, with runtime security topping the list.
- Cloud-native and container compliance requirements are driving delays and challenges.
- 95% of organizations report they have compliance requirements for cloud-native applications, with 84% stating that meeting these compliance requirements is challenging.
Why read the report?
The report gives organizations a chance to benchmark themselves against the findings, Continue reading
How to secure Kubernetes at the infrastructure level: 10 best practices
Infrastructure security is something that is important to get right so that attacks can be prevented—or, in the case of a successful attack—damage can be minimized. It is especially important in a Kubernetes environment because, by default, a large number of Kubernetes configurations are not secure.
Securing Kubernetes at the infrastructure level requires a combination of host hardening, cluster hardening, and network security.
- Host hardening – Secures the servers or virtual machines on which Kubernetes is hosted
- Cluster hardening – Secures Kubernetes’s control plane components
- Network security – Ensures secure integration of the cluster with surrounding infrastructure
Let’s dive into each of these and look at best practices for securing both self-hosted and managed Kubernetes clusters.
Host hardening
There are many techniques that can be used to ensure a secure host. Here are three best practices for host hardening.
Use a modern immutable Linux distribution
If you have the flexibility to choose an operating system (i.e. your organization doesn’t standardize on one operating system across all infrastructure), use a modern immutable Linux distribution, such as Flatcar Container Linux or Bottlerocket. This type of operating system is specifically designed for containers and offers several benefits, including:
- Immutability – This type Continue reading
What a more holistic approach to cloud-native security and observability looks like
The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because cloud native is so different from traditional architectures, both in how workloads are developed and how they need to be secured, there is a need to rethink our approach to security in these environments.
As stated in this article, security for cloud-native applications should take a holistic approach where security is not an isolated concern, but rather a shared responsibility. Collaboration is the name of the game here. In order to secure cloud-native deployments, the application, DevOps, and security teams need to work together to make sure security happens earlier in the development cycle and is more closely associated with the development process.
Since Kubernetes is the most popular container orchestrator and many in the industry tend to associate it with cloud native, let’s look at this holistic approach by breaking it down into a framework for securing Kubernetes-native environments.
Framework
At a high level, the framework for securing cloud-native environments consists of three stages: build, deploy, and runtime.
Build
In the build stage, developers write code and the code gets compiled, Continue reading
Why cloud native requires a holistic approach to security and observability
Like any great technology, the interest in and adoption of Kubernetes (an excellent way to orchestrate your workloads, by the way) took off as cloud native and containerization grew in popularity. With that came a lot of confusion. Everyone was using Kubernetes to move their workloads, but as they went through their journey to deployment, they weren’t thinking about security until they got to production. While this might seem like the intuitive thing to do, it doesn’t work in Kubernetes.
With Kubernetes, you can’t wait until the end when you’re ready to move workloads to production; you need to think about security early on. If security is not thought through in a system like Kubernetes, workloads are left vulnerable and you will not end up with a solution that is effective.
Why is this? What makes cloud native so different? Let’s take a look at some of the differences to understand why they warrant a more holistic approach to security and observability for cloud-native applications, whether in Kubernetes or another environment.
Cloud native: Origins, key differences, and challenges
What we’re used to (if we remove cloud native from the equation) is having a client-server architecture, where servers are running Continue reading
We’ve just published a book on container and cloud-native application security and observability
We are excited to announce the release of our O’Reilly book, Kubernetes security and observability: A holistic approach to securing containers and cloud-native applications. The book, authored by Tigera’s Brendan Creane and Amit Gupta, helps you learn how to adopt a holistic security and observability strategy for building and securing cloud-native applications running on Kubernetes.
Security practitioners are faced with a wide range of considerations when securing, observing, and troubleshooting containerized workloads on Kubernetes. These considerations range from infrastructure choices and cluster configuration to deployment controls and runtime and network security. Although securing cloud-native applications can be a daunting task, our book will give you the knowledge and confidence you’ll need to establish security and observability for your cloud-native applications.
In 11 chapters, the book covers topics relevant to containers and cloud-native applications in detail, including:
- Infrastructure security
- Workload deployment controls and runtime security
- Network policy
- Managing trust across teams
- Exposing services to external clients
- Encryption of data in transit
- Threat defense and intrusion detection
- And more…
After reading the book, you’ll have gained an understanding of key concepts behind security and observability for cloud-native applications, how to determine the best strategy, and which technology choices are available to support Continue reading
Calico is celebrating 5 years
October marks the five-year anniversary of Calico Open Source, the most widely adopted solution for container networking and security. Calico Open Source was born out of Project Calico, an open-source project with an active development and user community, and has grown to power 1.5M+ nodes daily across 166 countries.
When Calico was introduced 5 years ago, the world—and technology—was much different from what it is today. The march toward distributed applications and microservices had just begun. Today, open-source projects like Project Calico are enabling the large-scale adoption of a modern architecture that is ultimately responsible for the wholesale transition to digital transformations that we are witnessing.
As part of our celebration, we’ve compiled a few comments from people who have worked on the project over the years.
“Calico works well out of the box. It scales well, rarely has bugs, and is feature rich. Tigera does a good job supporting its customers also.” —Network engineer“[Calico is] the industry standard [for] networking for Kubernetes.” —Platform engineer“The support for a lot of K8s distributions (either on-prem or cloud managed) is great with Calico.” —Platform architect“[Calico helped us learn] about network segmentation in cloud-native environments.” Continue reading
Learn from industry experts at the Kubernetes Security and Observability Summit—next week!
The Kubernetes Security and Observability Summit is only 1 week away! The industry’s first and only conference solely focused on Kubernetes security and observability will be taking place online June 3, 2021.
During the Summit, DevOps, SREs, platform architects, and security teams will enjoy the chance to network with industry experts and explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.
What does security and observability mean in a cloud-native context? What challenges should Kubernetes practitioners anticipate and what opportunities should they investigate? Join us to explore these types of questions and gain valuable insight you’ll be able to take back to your teams.
Speakers & sessions
Tigera’s President & CEO, Ratan Tipirneni, will kick off the Summit with an opening keynote address. Two additional keynotes from Graeme Hay of Morgan Stanley and Keith Neilson of Discover Financial Services will follow. Attendees will then have the opportunity to attend breakout sessions organized into three tracks:
- Stories from the real world
- Best practices
- Under the hood
During these sessions, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera, will share real-world stories, best practices, and technical concepts related to Continue reading
Learn from industry experts at the Kubernetes Security and Observability Summit—next week!
The Kubernetes Security and Observability Summit is only 1 week away! The industry’s first and only conference solely focused on Kubernetes security and observability will be taking place online June 3, 2021.
During the Summit, DevOps, SREs, platform architects, and security teams will enjoy the chance to network with industry experts and explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.
What does security and observability mean in a cloud-native context? What challenges should Kubernetes practitioners anticipate and what opportunities should they investigate? Join us to explore these types of questions and gain valuable insight you’ll be able to take back to your teams.
Speakers & sessions
Tigera’s President & CEO, Ratan Tipirneni, will kick off the Summit with an opening keynote address. Two additional keynotes from Graeme Hay of Morgan Stanley and Keith Neilson of Discover Financial Services will follow. Attendees will then have the opportunity to attend breakout sessions organized into three tracks:
- Stories from the real world
- Best practices
- Under the hood
During these sessions, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera, will share real-world stories, best practices, and technical concepts related to Continue reading
Why you don’t want to miss the upcoming Kubernetes Security and Observability Summit
The inaugural Kubernetes Security and Observability Summit will be a free, live, online experience full of Kubernetes-related security and observability content. On June 3, 2021, industry experts will gather under one virtual roof to discuss trends, strategies, and technologies for Kubernetes security and observability, to help you understand and navigate today’s pressing issues in the world of cloud-native applications.
Why attend?
The Summit is a great opportunity to:
- Network with the industry’s best security, DevOps, and site reliability engineer (SRE) teams for cloud-native platforms
- Learn how to secure, observe, and troubleshoot Kubernetes environments
- Explore real-world Kubernetes security and observability use cases presented by experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera
Who should attend?
SREs, platform architects, and DevOps and security teams will all find value in attending the Summit.
- DevOps teams and SREs – Learn how to include security and observability in your CI/CD to enable security, observability, and troubleshooting
- Platform architects – Learn architecture patterns and best practices to secure and troubleshoot cloud-native applications
- Security teams – Learn how to holistically secure your cloud-native applications following today’s best practices
Speakers & sessions
An opening keynote address from Continue reading
Why you don’t want to miss the upcoming Kubernetes Security and Observability Summit
The inaugural Kubernetes Security and Observability Summit will be a free, live, online experience full of Kubernetes-related security and observability content. On June 3, 2021, industry experts will gather under one virtual roof to discuss trends, strategies, and technologies for Kubernetes security and observability, to help you understand and navigate today’s pressing issues in the world of cloud-native applications.
Why attend?
The Summit is a great opportunity to:
- Network with the industry’s best security, DevOps, and site reliability engineer (SRE) teams for cloud-native platforms
- Learn how to secure, observe, and troubleshoot Kubernetes environments
- Explore real-world Kubernetes security and observability use cases presented by experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, PayPal, Salesforce, and of course, Tigera
Who should attend?
SREs, platform architects, and DevOps and security teams will all find value in attending the Summit.
- DevOps teams and SREs – Learn how to include security and observability in your CI/CD to enable security, observability, and troubleshooting
- Platform architects – Learn architecture patterns and best practices to secure and troubleshoot cloud-native applications
- Security teams – Learn how to holistically secure your cloud-native applications following today’s best practices
Speakers & sessions
An opening keynote address from Continue reading
Don’t miss our session at SUSECON Digital 2021
Join us at SUSECON Digital 2021, taking place virtually from May 18–20. It’s free! Tigera VP Product Management & Business Development, Amit Gupta, will be leading a session on Kubernetes networking, security and observability with Rancher and Calico. Our team will also be at the Tigera booth waiting to speak with you.
Speaking session
Don’t miss our session on Kubernetes networking, security and observability with Rancher and Calico! You can add our session to your schedule here.
Session details
Title: Kubernetes Networking, Security and Observability with Rancher and Calico
Date: Tuesday, May 18 at 6:00–6:30 PM (BST)
Rancher enables enterprises to deliver Kubernetes-as-a-Service across any infrastructure, including hybrid, multi-cloud and multi-cluster environments. Kubernetes’ networking, security, and observability for such deployments are critical in preventing an organization’s exposure to a multitude of security and compliance issues.
In this session, you’ll learn about how you can leverage open-source Calico in Rancher (built-in) to secure your Kubernetes environments. You will also learn about how Calico Cloud and Calico Enterprise, built on open-source Calico, can help you address performance hotspots, troubleshoot microservice communication, and carry out anomaly detection. Lastly, you will learn how to bootstrap and configure your Rancher cluster along with sample network Continue reading
Don’t miss our session at SUSECON Digital 2021
Join us at SUSECON Digital 2021, taking place virtually from May 18–20. It’s free! Tigera VP Product Management & Business Development, Amit Gupta, will be leading a session on Kubernetes networking, security and observability with Rancher and Calico. Our team will also be at the Tigera booth waiting to speak with you.
Speaking session
Don’t miss our session on Kubernetes networking, security and observability with Rancher and Calico! You can add our session to your schedule here.
Session details
Title: Kubernetes Networking, Security and Observability with Rancher and Calico
Date: Tuesday, May 18 at 6:00–6:30 PM (BST)
Rancher enables enterprises to deliver Kubernetes-as-a-Service across any infrastructure, including hybrid, multi-cloud and multi-cluster environments. Kubernetes’ networking, security, and observability for such deployments are critical in preventing an organization’s exposure to a multitude of security and compliance issues.
In this session, you’ll learn about how you can leverage open-source Calico in Rancher (built-in) to secure your Kubernetes environments. You will also learn about how Calico Cloud and Calico Enterprise, built on open-source Calico, can help you address performance hotspots, troubleshoot microservice communication, and carry out anomaly detection. Lastly, you will learn how to bootstrap and configure your Rancher cluster along with sample network Continue reading
Join us at our inaugural Kubernetes Security and Observability Summit
We are excited to announce that the inaugural Kubernetes Security and Observability Summit, brought to you by Tigera, will take place on June 3, 2021.
The journey to Kubernetes adoption can be riddled with challenges and roadblocks. These challenges are magnified in a cloud-native context, where organizations are running hundreds—sometimes thousands—of applications simultaneously across numerous business units, for customers around the world.
What does security and observability mean in this context? What challenges should Kubernetes practitioners anticipate and what opportunities should they explore? To address these questions and to explore emerging trends, we are gathering industry experts under one (virtual) roof at the Kubernetes Security and Observability Summit.
As the industry’s first and only conference solely focused on Kubernetes security and observability, this (free) live virtual event will include discussions with technology leaders and Kubernetes users on real-world experiences, fundamentals, and best practices for securing and troubleshooting Kubernetes environments.
What to expect
The Kubernetes Security and Observability Summit is a place for DevOps, SREs, platform architects, and security teams to come together to explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.
During the summit, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, Continue reading
Join us at our inaugural Kubernetes Security and Observability Summit
We are excited to announce that the inaugural Kubernetes Security and Observability Summit, brought to you by Tigera, will take place on June 3, 2021.
The journey to Kubernetes adoption can be riddled with challenges and roadblocks. These challenges are magnified in a cloud-native context, where organizations are running hundreds—sometimes thousands—of applications simultaneously across numerous business units, for customers around the world.
What does security and observability mean in this context? What challenges should Kubernetes practitioners anticipate and what opportunities should they explore? To address these questions and to explore emerging trends, we are gathering industry experts under one (virtual) roof at the Kubernetes Security and Observability Summit.
As the industry’s first and only conference solely focused on Kubernetes security and observability, this (free) live virtual event will include discussions with technology leaders and Kubernetes users on real-world experiences, fundamentals, and best practices for securing and troubleshooting Kubernetes environments.
What to expect
The Kubernetes Security and Observability Summit is a place for DevOps, SREs, platform architects, and security teams to come together to explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.
During the summit, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, Continue reading
Calico Enterprise enables live view of cloud-native apps deployed in Kubernetes
We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer.
With this new release, developers, DevOps, SREs, and platform owners get:
- A live, high-fidelity view of microservices and workload interactions in the environment, with the ability to take corrective actions in real time
- An easy-to-understand, action-oriented view that maintains correlations at the service, deployment, container, node, pod, network, and packet levels
- Kubernetes context for easy filtering and subsequent analysis of traffic payloads
- A Dynamic Service Graph representing traffic between namespaces, microservices, and deployments for faster problem identification and troubleshooting
- An interactive display that shows DNS information categorized by microservices and workloads, to determine whether DNS is the root cause of application connectivity issues
- The ability to customize the duration and packet size for packet capture
- Application-level observability to detect and prevent anomalous behaviors
For more information, see our official press release.
Are you a Calico Cloud user? Not to worry—these same features are now available in Calico Cloud, too.
To learn more about new cloud-native approaches for establishing security and observability with Kubernetes, check Continue reading
Calico Enterprise enables live view of cloud-native apps deployed in Kubernetes
We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer.
With this new release, developers, DevOps, SREs, and platform owners get:
- A live, high-fidelity view of microservices and workload interactions in the environment, with the ability to take corrective actions in real time
- An easy-to-understand, action-oriented view that maintains correlations at the service, deployment, container, node, pod, network, and packet levels
- Kubernetes context for easy filtering and subsequent analysis of traffic payloads
- A Dynamic Service Graph representing traffic between namespaces, microservices, and deployments for faster problem identification and troubleshooting
- An interactive display that shows DNS information categorized by microservices and workloads, to determine whether DNS is the root cause of application connectivity issues
- The ability to customize the duration and packet size for packet capture
- Application-level observability to detect and prevent anomalous behaviors
For more information, see our official press release.
Are you a Calico Cloud user? Not to worry—these same features are now available in Calico Cloud, too.
To learn more about new cloud-native approaches for establishing security and observability with Kubernetes, check Continue reading
Calico Enterprise enables live view of cloud-native apps deployed in Kubernetes
We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer.
With this new release, developers, DevOps, SREs, and platform owners get:
- A live, high-fidelity view of microservices and workload interactions in the environment, with the ability to take corrective actions in real time
- An easy-to-understand, action-oriented view that maintains correlations at the service, deployment, container, node, pod, network, and packet levels
- Kubernetes context for easy filtering and subsequent analysis of traffic payloads
- A Dynamic Service Graph representing traffic between namespaces, microservices, and deployments for faster problem identification and troubleshooting
- An interactive display that shows DNS information categorized by microservices and workloads, to determine whether DNS is the root cause of application connectivity issues
- The ability to customize the duration and packet size for packet capture
- Application-level observability to detect and prevent anomalous behaviors
For more information, see our official press release.
Are you a Calico Cloud user? Not to worry—these same features are now available in Calico Cloud, too.
To learn more about new cloud-native approaches for establishing security and observability with Kubernetes, check Continue reading
Join Tigera at KubeCon + CloudNativeCon Europe 2021
We are excited to be a sponsor of this year’s virtual KubeCon + CloudNativeCon Europe conference, taking place May 4–7, 2021 online. We hope you’ll join us by visiting our virtual booth, where a team of Tigera experts will be standing by to speak with you.
Visit us at our booth
Our team will be conducting live demos, Ask the Architect sessions, 1:1 chats, and more during our booth hours.
Tigera booth hours
Live demo and Ask the Expert sessions
We will have eight 30-minute interactive sessions focused on addressing questions about Kubernetes security and observability. Stop by our booth to check out the times for these sessions.
Private 1:1 chats & calls
Attendees can view each booth representative’s profile and initiate a private or group text chat, or request a video call.
Public booth chat
Our booth will have a built-in public chat window where booth representatives and attendees can post and reply to messages. Announcements about upcoming activities will be posted in this chat by Tigera representatives.
Enter our raffle to win Apple AirPods
We have 5 pairs of Apple AirPods to give away! The first 100 visitors to our booth will automatically be entered to win. Attendees Continue reading
First look: new O’Reilly eBook on Kubernetes security and observability *early release chapters*
We are excited to announce the early release of a new O’Reilly eBook on Kubernetes security and observability!
This practical book introduces new cloud-native approaches for Kubernetes practitioners who care about the security and observability of mission-critical microservices. Through practical guidance and best practice recommendations, this book helps you understand why cloud-native applications require a modern approach to security and observability practices and how to implement them.
You should read this book if you want to:
- learn why you need a security and observability strategy for cloud-native applications, and determine your scope of coverage;
- understand key concepts behind Kubernetes’s security and observability approach;
- discover how to split security responsibilities across multiple teams or roles; and/or
- learn how to architect Kubernetes security and observability for multi-cloud and hybrid environments.
Whether you want to know how to secure and troubleshoot your cloud-native applications, or are exploring Kubernetes for your organization and would like to solve security and observability challenges before making a decision, you will find that this book provides valuable insight.
Get your early release copy here!
The post First look: new O’Reilly eBook on Kubernetes security and observability *early release chapters* appeared first on Tigera.
Calico Cloud now available on AWS Marketplace
We are pleased to announce that Calico Cloud, our software as a service (SaaS) for Kubernetes security and observability, is now available on AWS Marketplace! AWS users can now use Kubernetes security and observability as services along with managed Kubernetes services, all with a single click. For more information, see our official press release.
Can’t wait to jump right in? Subscribe and deploy Calico Cloud on AWS Marketplace here.
The post Calico Cloud now available on AWS Marketplace appeared first on Tigera.