This article was originally published at: https://www.magalix.com/blog/the-rise-of-secdevops-embedding-security-into-devops-workflows

Overview

One of the most challenging aspects of implementing a secure Cloud-Native environment is keeping up with the constant rate of change. As your teams gain familiarity and momentum with the basics, keeping track of everything going in and out of your stack becomes overwhelming and unmanageable.

The Cloud-Native landscape itself is constantly evolving making it extremely challenging to understand what to govern and how to govern it. …


This article was originally published at: https://www.magalix.com/blog/3-simple-steps-to-get-started-with-security-and-compliance-in-fintech

Overview

Cloud Native technologies present a huge opportunity for businesses and organizations across several sectors, most notably, within the Finance and Banking fields.

During the past year, the adoption of Cloud-Native technologies has rapidly increased among various sectors and geographies. According to recent studies by CNCF, there has been an increase of 10 percentage points in the implementation of containers, in the last 12 months. Container orchestration tools are logically receiving more attention as well, showing a 7 percentage point increase in the last year.

451 Research projects that the overall market for containers…


This article was originally published at: https://www.magalix.com/blog/shift-left-to-ensure-robust-kubernetes-security

At a glance, Kubernetes is a powerful solution that solves many problems. So, it’s no surprise that Kubernetes is dominating the container orchestration market.

But working with it isn’t always easy as things can quickly become complicated. The same applies to Kubernetes security. Kubernetes isn’t secure by default. There are several attack pathways, but there are also concrete tactics to secure your services and infrastructure.

According to the State of Kubernetes and Container Security report, as much as 87% of organizations now manage some part of their container workloads leveraging Kubernetes. …


This article was originally published at: https://www.magalix.com/blog/breaking-down-the-complexity-of-cloud-native-security-for-leadership

Overview

One of the most challenging aspects of implementing a secure Cloud-Native environment is keeping up with the constant rate of change. As your teams gain familiarity and momentum with the basics, keeping track of everything going in and out of your stack becomes overwhelming and unmanageable. Besides, the Cloud-Native landscape itself is also constantly evolving making it extremely challenging to understand what to govern, and how to govern it. For those that are considering the push towards Cloud-Native, or even those that are well into their journey, Cloud-Native and Kubernetes have seemed to…


This article was originally published at: https://www.magalix.com/blog/securing-cloud-native-applications-is-the-new-foundation-to-digital-transformation-success

Overview

It seemed like just recently simply transforming your monolith into a Cloud-Native application was the way to digitally transform your business and organization into an ever scaling, highly functioning machine. Leveraging DevOps, organizations have continuously delivered new features quickly and reliably. For some, the mastery of DevOps is still an ongoing adventure but for the many that have figured it out, the next level of their transformation within Cloud-Native and DevOps has emerged. Incorporating Cloud-Native security into your existing practices is now becoming the new standard.

The Cloud-Native space is evolving. As with…


This article was originally published at:
https://www.magalix.com/blog/how-shifting-left-helps-organizations-mitigate-cloud-native-security-risks

Image for post
Image for post

This is an excerpt from the Magalix Whitepaper
“Shift-Left Cloud-Native Security with a DevOps Mindset”.

Enterprises have Embraced Containerization.

The cloud-native ecosystem has steadily grown over the past decade with the promise of faster deployments, cost-efficient infrastructure, and auto-scalability spurring its growth. Businesses are now developing and deploying easily scalable, cost-efficient, and more resilient applications, thus delivering innovative solutions faster and more efficiently.

Built on containers and microservices, cloud-native applications have a myriad of advantages: faster time-to-market, simplified innovation, easier scalability, and reduced risk.

New digital experiences can be developed, deployed, and ‘shipped’ to a customer in days rather than months — the most significant appeal to organizations of all sizes. …


This article was originally published at: https://www.magalix.com/blog/enforce-ingress-best-practices-using-opa

In this section of our OPA series, we define policies that ensure that no bad Ingress definitions will be deployed to our cluster. If you haven’t already done so, please go through our previous articles in this series to learn more about OPA, and how it can be integrated with Kubernetes to enforce policies. This article assumes that you have a working knowledge of Kubernetes and OPA, and that you already have admin access to a Kubernetes cluster that has OPA deployed. …


This article was originally published at: https://www.magalix.com/blog/enforce-that-all-kubernetes-container-images-must-have-a-label-that-is-not-latest-using-opa

Welcome to a new article in our OPA series. This article is part of a series. To follow along, you should at least know what Open Policy Agent (OPA) is and how you can use Rego to describe policies. If all this seems foreign to you, we’ve got you covered. In the first few articles of this series, we cover what OPA is, how Rego language is used, and also how to integrate the agent with Kubernetes using the OPA Gatekeeper project as well as through kube-mgmt sidecar containers. …


This article was originally published at: https://www.magalix.com/blog/how-to-force-kubernetes-namespaces-to-have-resourcequotas-defined-using-opa

The Problem With Not Setting Container Requests And Limits

In Kubernetes clusters, effective resource utilization should not be taken lightly. Even in the smallest environments, you need to ensure that:

  1. You are consuming the maximum capacity of the nodes (no underutilization).
  2. No Pods are halted (pending) waiting for an available node (no overutilization).

One way of achieving this is by ensuring that all of your Pods (or at least most of them) define CPU and memory resource limits. Simply put, resource limits define the minimum and maximum amount of resources pods may need. This way, the scheduler knows beforehand which node Pods…


This article was originally published at: https://www.magalix.com/blog/how-to-enforce-kubernetes-network-security-policies-using-opa

This article is part of our Open Policy Agent (OPA) series, and assumes that you are familiar with Kubernetes and OPA. If you haven’t already done so, or if you need a refresher, please have a look at the previous articles published in this series.

Today we are going to use OPA to validate our Kubernetes Network Policies. In a nutshell, a network policy in Kubernetes enables you to enforce restrictions on pod intercommunication. For example, you can require that for a pod to be able to connect to the database pods, it…

Mohamed Ahmed

Magalix Co-Founder, dad, and learner @MohamedFAhmed

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store