By assessing the compliance of both the Kubernetes API resources of OpenShift, as well as the nodes running the cluster, the Compliance Operator is able to paint a full picture of the state of the cluster. The Compliance Operator allows administrators to describe the required compliance state of a cluster and provides them with an overview of gaps and ways to remediate them. The Compliance Operator is one such capability that serves a critical function in Red Hat OpenShift. In addition to providing Advanced Cluster Security add-ons, Red Hat OpenShift has several built-in capabilities to ensure customers meet their security and compliance requirements. Security and compliance is one of the core use cases for cloud-native application development, and Red Hat OpenShift has several capabilities to address the security challenges you will face when building, deploying, and running cloud-native apps. The platform addresses use cases for DevOps, DevSecOps, and hybrid cloud administration for cloud-native workloads running in any environment – on-prem, public or private cloud, at the edge, or a hybrid mix of all. This is an updated version of an earlier blog.Red Hat OpenShift is the leading application development platform for building and modernizing cloud-native applications. In the event organizations are unable or don’t want to dedicate resources to install, configure, and develop the skills required to maintain and manage their Kubernetes adoption on their own, Red Hat offers OpenShift managed service options. Although Kubernetes Pod Security Policies are deprecated, Red Hat continues to support Security Context Constraints in OCP for the entirety of its lifecycle. SCCs are on by default and are used to control permissions for pods. OpenShift Security Context Constraints (SCCs) (comparable to Kubernetes Pod Security Policies) exemplify Red Hat’s commitment to security. We work to equip our enterprise products with hardened defaults, or security baselines like validated STIGs or CIS benchmarks. Red Hat engineering teams test and evaluate the security attributes of these technologies using techniques such as static code analysis, automated CI/CD testing, and performance reliability testing among other approaches. The OpenShift Compliance Operator (powered by SCAP security content built via an open source community at ComplianceAsCode), the OpenShift File Integrity operator and tools like StackRox (now Red Hat Advanced Cluster Security) or Advanced Cluster Manager (ACM) assist in delivering policy-based security, governance and risk management to minimize errors, apply consistency and lower total level of effort.Īs Kubernetes is a core component of Red Hat’s OpenShift Container Platform (OCP), Red Hat has already made huge investments. Automation in OCP via OpenShift platform operators may be used to apply security guidance or monitor for configuration drift. Red Hat also continues to prioritize software life cycle development practices and utilize automation to make the application of security policy easier to do and govern at scale. Red Hat has developed a significant amount of hardening guidance for OpenShift Container Platform (OCP) (its distribution of Kubernetes), with a strong alignment to the new guidance from NSA and CISA on the technical security controls, including, for example, a combination of the default settings for OCP and existing profiles for use with the OpenShift Compliance Operator, such as the Center for Internet Security (CIS) benchmarks. It is what makes our products “enterprise ready.” We start with doing the hard work of analyzing security concerns with open source technologies. Red Hat has long recognized the need to provide our customers and users with robust documentation and guidance. This guidance will be especially useful to security practitioners in both public and private sectors who can benefit from the experience of leading cybersecurity experts. Cybersecurity is a team sport and Red Hat is pleased to help foster government and industry collaboration. Red Hat applauds the recent release of Kubernetes hardening guidance from the US National Security Agency (NSA) and the US Cybersecurity and Infrastructure Agency (CISA) to improve the nation’s cybersecurity through their collaborative efforts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |