Aqua Delivers Cloud Native Security for IBM Power10 Workloads
Designed to serve as a high-performance, scalable engine for containerization, IBM today launched its IBM Power10-based IBM Power E1080 server. In tandem, we are excited to announce that Aqua Security is the first cloud native security PartnerWorld partner for the IBM Power E1080.
As an important component of end-to-end application modernization and hybrid cloud adoption, Aqua Security integrates with Power10-based servers to provide tools to help customers further secure the full lifecycle of Red Hat OpenShift containerized workloads.
Accelerating app modernization and hybrid cloud adoption
IBM Power10-based systems allow customers to run more container software on fewer servers, delivering significant improvements in performance and economics for cloud native applications – and a compelling set of reasons to move forward with application modernization.
With Red Hat OpenShift running on Power10, customers can take advantage of a powerful and flexible platform for modernizing their applications, as well as developing and deploying new cloud native apps in a hybrid cloud infrastructure. Power10-based systems support end-to-end security with accelerated cryptographic performance, transparent memory encryption, and enhanced defense for return-oriented programming attacks.
Aqua Security and IBM Power are teaming up to enable to complement the existing security capabilities within Red Hat OpenShift, providing layers of security for containerized workloads across clusters deployed on-premise and in public or managed clouds.
A modern security approach for application modernization
As IBM Power customers shift to hybrid cloud developments and deploy more containerized applications, they need a security approach that is designed for how cloud native applications are developed, deployed and run in production.
Many Aqua customers use Red Hat OpenShift as their Kubernetes platform of choice for the orchestration and management of containerized applications – especially in hybrid deployments spanning on-premise and public cloud environments. Customers make use of Aqua’s centralized management to define and enforce policies across clusters and protect workloads wherever they run.
However, Kubernetes can be a complex environment, extending across the underlying OS, clusters, master nodes, worker nodes, APIs, pods and namespaces, with the complexity growing in tandem with the range of workloads running on the platform. In addition, attackers can exploit vulnerabilities in container images that run on the Kubernetes worker nodes or embed malware into the image via supply chain attacks to gain access to the cluster.
In turn, enterprises need a set of consistent controls to manage who gets access that is consistent with their role to each of these Kubernetes functional and operational elements, as well as security and compliance policies. The Kubernetes platform itself provides many controls that can greatly improve application security, and independent, third-party frameworks like the CIS benchmarks serve as a guide for best practices.
Configuring these controls correctly (and consistently), hardening the environment and dealing with the complexities of the environment at scale requires specific expertise – and tools that help customers leverage and extend that expertise. Complete security coverage, consistent visibility and ongoing compliance enforcement involves taking a holistic approach to full lifecycle of applications running on Kubernetes, securing them at the container, workload and infrastructure levels.
Red Hat OpenShift already provides out-of-the-box capabilities to address many of these complexities, from built-in platform configuration, compliance and lifecycle management to integrated build and CI/CD tools for more secure DevOps practices The platform also meets the majority of CIS’ Kubernetes benchmark recommendations. As a Red Hat partner, Aqua Security further builds upon this foundation with additional layered security offerings.
Aqua’s holistic approach to cloud native security
Aqua extends OpenShift's native capabilities with tools for risk-driven and container scanning vulnerability management, supplementing OpenShift’s Compliance Operator with additional capabilities to enforce assurance and compliance policies for cluster and admission controller configurations, and protect Kubernetes and containerized workloads at runtime. Aqua also provides a dynamic, real-time, logical view of running workloads in Kubernetes environments and associated security risk insights.
Aqua’s approach is to leverage native Kubernetes capabilities such as admission controllers where it makes the most sense and augment them with more stringent controls and policy management made for security teams, with no Kubernetes expertise required.
Combining Aqua’s frontline research and innovative open source contributions, the Aqua Platform offers a robust commercial product to further protect cloud native applications running on the new IBM Power10-based systems.
For enterprises that are enabling Red Hat OpenShift on Power10 and want to solidify their development and Q&A process before migrating workloads to production, Aqua’s robust open source portfolio, including kube-bench, kube-hunter, Starboard and Trivy, can help newer DevOps teams establish consistent Kubernetes-native security toolkits.
For customers embracing Red Hat OpenShift on Power10 for application modernization and hybrid cloud, Aqua’s unified, holistic platform helps mitigate the risks across the application lifecycle in hybrid environments by delivering consistent visibility, build and image security, Kubernetes container orchestration infrastructure protection as well as runtime policy enforcement.
- “Shift security left” by scanning directly within the CI/CD pipeline and image registries to provide complete risk analysis and rapid remediation. Aqua is optimized for Red Hat OpenShift Container Platform registry to scan images for vulnerabilities
- Apply consistent controls on any orchestration platform and across cloud providers, with supports for multi-cloud and hybrid
- Maintain Kubernetes Security Posture Management (KSPM) for Red Hat OpenShift with configuration checks, assurance policies, and blocking for non-compliant workloads - plus hundreds of policy checks, including CIS Benchmarks, PCI, HIPAA and custom rules
- Enforce role-based access (RBAC) for complex, multi-tenant environments and limit the use of default policies embedded declarative assurance policies based on the cloud native OPA standard
- Gain a clear view of the security posture of the Red Hat OpenShift Kubernetes environment across its entire architecture. Get real-time visibility into namespaces, deployments, nodes (hosts), pods, and containers.
- View a dynamic map of Kubernetes clusters and their associated risks, including all running workloads, namespaces, deployments, nodes (hosts), containers, and network connections
- Enforce runtime policies and enable protection by blocking non-compliant images and non-compliant Kubernetes workloads
- Assure compliance and enforce container level network rules with an application-contextual container firewall allows you to segment workloads within the same environment or across clusters and clouds
Customers can now take advantage of the performance, scale, end-to-end security and cost benefits delivered by OpenShift infrastructure running on IBM Power10-based systems, while addressing cloud native security and compliance concerns at scale with Aqua’s support for the new architecture and extended OpenShift on Power10 container and Kubernetes workload runtime protection capabilities.
Aqua Security builds on Power10’s advances in security to help customers mitigate the risks across the application lifecycle in hybrid environments by delivering consistent visibility, build and image security, Kubernetes infrastructure protection as well as runtime policy enforcement.