Updated: Jan 30
Hardened Container Deployments Help Minimize Cyber Attacks during Runtime
TEL AVIV – January 28, 2020 — Portshift, a leader in identity-based workload protection for cloud-native applications, today introduced a simplified and intuitive pod security policy (PSP) implementation for Kubernetes. Portshift’s PSP implementation allow users to harden their Kubernetes clusters security settings, with an agentless approach eliminating the need to deploy a daemonset (software agent) on all Kubernetes nodes.
Portshift’s PSP solution simplifies the way administrators configure and use policies by enabling users to define granular policies (per pod/group of pods) based on potential risk even when they share the same service account attributes. With this capability Portshift enables the setting of flexible secured deployment configuration policies free of the need to tie it with the Kubernetes RBAC mechanism and service account granularity limitation.
Kubernetes pod security policies provide a framework to ensure that pods run only with the assigned privileges, with access only to predetermined resources (e.g. volumes and network). Security and DevOps teams operating Kubernetes clusters leverage them to control pod creation with the desired security context. Kubernetes role-based access control (RBAC) is used together with PSP to verify that the pod’s security configuration meets the defined policy.
However, there are several limits to implementing Kubernetes policies, including overlapping policy conflicts and the inability to deliver granular security in a complex K8s environment at scale.
With this release, Portshift adds a simple and intuitive policy layer of security to pods solving duplication conflicts and RBAC constraints, allowing users to configure their desired security settings from predefined PSP profiles or to use their home-grown profiles.
Portshift addresses the existing challenges of Pod Security Policy by extending its capabilities at scale to address more pod elements than previously possible. It also allows Portshift to leverage the existing architecture to provide seamless policy enforcement to users without performance degradation — which is typically associated with the deployment of agents (daemonset) on each Kubernetes node (host).
“Portshift has simplified PSPs to provide DevOps with an intuitive and simplified option to benefit from Kubernetes pod security policy and deliver more robust and secure pod deployments by leveraging Kubernetes native tools,” Zohar Kaufman, VP, R&D and Co-Founder, Portshift. “This new capability extends the pod’s security, helping to better defend against cyber attack.”
To learn more about Portshift, please visit https://www.portshift.io/product/
Tweet this: @Portshift Details 2020 Security Best Practices for Kubernetes Deployments
To learn more about Portshift:
Become a Trusted Portshift Partner: https://www.portshift.io/partners/
Visit Portshift at https://www.portshift.io
Follow Portshift on Twitter at http://www.twitter.com/portshift
Follow Portshift on LinkedIn at https://www.linkedin.com/company/portshift/
Portshift is an identity-based cloud workload protection platform that secures applications from CI/CD to runtime. Portshift enables organizations to know which applications are running on their cloud environments, to see and enforce how the applications communicate and to easily find information that is associated with their development and deployment cycles enabling DevOps teams to orchestrate security as part of their day-to-day job. Portshift’s unique model introduces a security framework that is decoupled from network and operations, allowing for accelerated software delivery at any scale. Portshift was spun out of think tank and company-builder Team8.
Go to portshift.io for more info.
– END –
Public Relations for Portshift
Other Portshift News:
Portshift Announces Five Security Best Practices for Kubernetes Deployments
Portshift Syncs Kubernetes Policies to Container Vulnerabilities in CI/CD Pipelines for Remediation
- submit Press Releases to: firstname.lastname@example.org