Cloud Pak for Integration

 View Only

Cloud and Cloud-Native Security (Part 1): Security Advantages of Container Orchestration Platforms

By James Wilson posted Mon November 30, 2020 04:16 PM


It’s safe to say that many long-time IBM Aspera customers look at our transport technology as more than just the fastest way to move data over commodity IP networks. Security is in our DNA, as the fasp (Fast Adaptive Secure Protocol) implies. From the lowest level, Aspera ensures the security of your data by leveraging industry-leading cryptographic standards to encrypt every block of data sent over the wire. We’ve also baked in end-to-end encryption so that data can be encrypted both at-client and at-rest, with uncompromising ease and performance.  


Although encryption and protocol-level security provide the foundation for the most secure workflows, security best practices are only as good as the humans that implement them. It’s important to expose simple, reproducible methods of configuring, managing, and integrating security into your workflows.  


When evaluating the security of your deployment, ask yourself: 


  • How are security policies being applied in a consistent fashion across systems and sites? 
  • Are advanced security features integrated, easy to use, and efficient? 
  • Am I able to use the latest key-management strategies and tools? 
  • How am I tracing and auditing permissions and configuration changes across my deployment? 
  • What industry standard controls are in place to ensure that my data is being handled securely in -aaS environments? 


    In this series of posts, we’ll be looking at the latest capabilities and practices in cloud and cloud-native technology that can transform the security of your global data orchestration workflows.  


    First up, we’ll be focusing on an infrastructure trend that is top of mind for many of the technical operations teams and leaders responsible for maintaining IBM Aspera deployments: containers and the platforms that manage them. While most of the buzz around Kubernetes platforms like OpenShift focuses on advantages in availability and scalability, the less-discussed aspects are the benefits that it can bring in securing your cloud-enabled environments. 


    Kubernetes can enhance your security at many levels. In the Kubernetes community, these are known as the 4-C’s of Cloud Native Security: 

    Code: Running your code in a policy-secured Kubernetes environment requires alignment with principles of least privilege, support for endpoint encryption, and transparency about required port ranges. Adopting container-ready software packages helps to enforce a security baseline for your workflow components. 
    Container: Containers ensure that services running in your environment have both consistent software versions and consistent configurations. Software running in containers can be scanned for compliance and vulnerabilities on a continuous basis to ensure that you’re running the up-to-date version with the latest vulnerability patches. Containers are easily replaced and therefore not as susceptible to the manual reconfigurations that often leave openings for attackers.   
    Cluster: Managing your deployment at the cluster level means that authentication, authorization, secrets, security, and network policies are set in a single, well defined manner, through policies. Kubernetes ingress gives you a single point to manage and audit traffic, ensuring that you’re only exposing the interfaces that you choose.  
    Cloud (/ Co-Lo / Corporate Data Center): Take advantage of investments in highly compliant, SOC2 environments provided by the leading public cloud providers, ensuring that your Kubernetes infrastructure is run in a secure environment practicing important security controls. 

    Choosing the right container platform can also be an important factor leading to secure outcomes. While public cloud container services, like IBM Kubernetes Service or Amazon Elastic Kubernetes Service, provide a low-overhead entry point to deploy and manage in containerized environments, each of these platforms has its own interface for configuration, management, and development. For those looking to deploy in hybrid environments, including on-premise and multi-cloud environments, adopting a platform like RedHat Openshift can have a major upside in the area of security by providing consistent management and configuration interface, deployment and packaging strategies, and API interfaces in any environment. 


    Fortunately, IBM Aspera has you covered, with fully container-native deployment for our High-Speed Transfer Server as part of the IBM CloudPak for Integration on the OpenShift Platform.  Learn more here, and consider how evolving your global data orchestration deployment to a modern container orchestration platform can transform and modernize the security of your high value digital assets and workflows.  


    Watch for more posts in this series as we delve into a host of cloud and cloud-native security topics in coming weeks. Up-next will be an overview of the new IBM Aspera Bring Your Own Key (BYOK) integration!