In order to create an end to end resilient data pipeline in Kubernetes, you have…
July 31, 2019
Our thoughts on the July 2019 Capital One data breach
The 2019 Portworx Container Adoption Survey revealed that security was the number one barrier to container adoption generally and that data security was the number one security concern. The news that cloud customers were exposed in an AWS breach, while not specifically container related, is a reminder to the cloud native community of the importance of data security for cloud native applications. Still it serves as a poignant case study of the vigilance required to combat insider and external threats.
In the coming days and weeks, we will learn more about the specifics of the incident and undoubtedly there are people, process and technology solutions that will need to be implemented to prevent future breaches from happening.
To the many Portworx customers who are running important applications in containers, this blog serves as a reminder of some of the technology steps they can take today to secure their mission-critical data.
As a company, we recognized early on that providing persistent storage for containers alone was not enough to enable enterprises to run mission-critical applications in containers. Because of business requirements around sensitive user data, performance SLAs, disaster recovery and business continuity, the Portworx Enterprise Data Platform has grown in the last few years to encompass solutions not just for persistence storage but for data security, data mobility, and disaster recovery more broadly.
Here is a reminder of the security capabilities that Portworx brings to bear on the problem of securing mission-critical data in cloud native environments.
Customer Controlled Encryption
Providing a platform that can allow stateful applications to consume storage quickly, efficiently in a performant manner is one thing, but providing trust is another and just as important. Kubernetes has a large surface area and Portworx PX-Security allows customers to lock down the data layer and its APIs from bad actors. Critically, the encryption that Portworx provides is:
- Distinct from cloud provider encryption, ensuring that just because a user has infrastructure permissions to a node, they can not access critical data
- Cluster-wide or Container-granular ensure a fine-grain level of control
- BYOK (bring your own key) ensuring that only you, the customer, can decrypt your data
Role-based access controls
By integrating with a customer’s Active Directory or LDAP environment, Portworx enables a customer to specify Authorization, Authentication and Ownership of their data, ensuring a fine-grain level of control on who can access data and for what purpose.
Moving to the cloud, including cloud native architectures on-premises, needs to be approached in a holistic way. Data security for cloud-native applications is a complex, multi-faceted topic, that requires tying together operations (access, security, availability, control) into a single cohesive Kubernetes-driven platform. We hope that with these security features in place, our customers can move quickly in a cloud native manner, while at the same time acting securely.