Strengthening Container Security with EKS Anywhere and NGINX

The evolving security landscape impacting operations highlights the importance of collaboration between security management, SecOps, engineering, and DevOps throughout the CI/CD pipeline. Security is no longer solely the responsibility of the CISO and SecOps teams. DevOps teams now play a critical role in accepting, testing, and deploying security policies to ensure that security measures are integrated at every development lifecycle stage. As the awareness of container security concerns continues to rise, 67% of organizations reported delaying or slowing down deployment due to Kubernetes security concerns.²

Prioritizing security from the outset ensures a comprehensive and robust approach across an organization's application development and deployment processes. Organizations are making strategic investments in:

• Safeguarding valuable business assets
• Meeting regulatory requirements
• Ensuring business continuity
• Maintaining customer trust
• Reducing or eliminating breach costs

Bridging NetOps, SecOps, and DevOps, NGINX Plus and F5 solutions streamline collaboration and deliver application services that span code to end users.

Getting and staying on the right side of this security equation is critical. Amazon Web Services (AWS), for example, focuses on meeting the stringent requirements of even the most security-sensitive organizations. In this regard, AWS follows a shared responsibility model, which encompasses both the security of the cloud and security in the cloud.

Security of the Cloud

On this side of the coin, AWS takes responsibility for safeguarding the infrastructure that supports AWS services in the AWS Cloud. This includes the Kubernetes control plane for Amazon EKS, with regular third-party audits to ensure the effectiveness of AWS security measures. Amazon EKS Anywhere, an AWS hybrid cloud service that allows customers to create and operate Kubernetes clusters on customer-managed infrastructure, provides the most trusted way to start, run, and scale Kubernetes.

With several flexible deployment options, including disconnected (air-gapped) environments, Amazon EKS Anywhere:

• Simplifies on-premises Kubernetes management with default component configurations and automated cluster management tools.
• Reduces the effort spent testing and managing self-managed Kubernetes versions.

Security in the Cloud

Customers, on the other side of the coin, hold responsibility for various operating aspects, such as configuring the data plane, including security groups for traffic between the Amazon EKS control plane and customer virtual private cloud, managing nodes and containers, maintaining the node's operating system, and other associated application software. Additionally, customers are responsible for setting up and managing network controls, handling platform-level identity and access management, and adhering to data sensitivity, company requirements, and relevant laws and regulations.

The F5 portfolio, including NGINX Plus, consists of automation, security, performance, and insight capabilities that enable AWS customers to develop adaptive applications in the cloud that reduce costs, enhance operations, and prioritize user protection.

While setting the baseline environment is an excellent start to ensuring its security posture, software environments are still prone to vulnerabilities and exposed to sophisticated attacks. Tracking these vulnerabilities and attacks against applications and infrastructure—and mitigating them—can be tedious and time-consuming.

30% of organizations identified vulnerabilities as their biggest worry for their container and Kubernetes environments.³ Helping to relieve these concerns, F5 NGINX Plus and F5 NGINX Ingress Controller provide a cloud-native, easy-to-use reverse proxy, load balancer, and API gateway that makes resolving vulnerabilities faster and easier.

By incorporating Amazon EKS Anywhere, which expands the benefits of Amazon EKS to on-premises infrastructure, organizations gain the flexibility to securely run Kubernetes workloads consistently across both cloud and on-premises environments, enabling seamless application deployment and management.

To learn more, visit f5.com/aws.