Containers have taken the cloud by storm, becoming integral to modern application development and deployment strategies. Unlocking the full potential of the cloud to drive transformative innovation, containers empower organizations to operate workloads that are highly available, scalable, and self-healing.
While cloud-hosted web application servers can be deployed in various ways, deploying containerized applications using orchestration tools like Kubernetes is becoming increasingly common. This shift to Kubernetes enables businesses to modernize applications and streamline IT infrastructure for long-term portability and resiliency. Around 96% of companies are either using or considering the adoption of Kubernetes.1 Chances are, yours is among this majority.
The evolving security landscape impacting operations highlights the importance of collaboration between security management, SecOps, engineering, and DevOps throughout the CI/CD pipeline. Security is no longer solely the responsibility of the CISO and SecOps teams. DevOps teams now play a critical role in accepting, testing, and deploying security policies to ensure that security measures are integrated at every development lifecycle stage. As the awareness of container security concerns continues to rise, 67% of organizations reported delaying or slowing down deployment due to Kubernetes security concerns.2
Prioritizing security from the outset ensures a comprehensive and robust approach across an organization's application development and deployment processes. Organizations are making strategic investments in:
Bridging NetOps, SecOps, and DevOps, NGINX Plus and F5 solutions streamline collaboration and deliver application services that span code to end users.
Getting and staying on the right side of this security equation is critical. Amazon Web Services (AWS), for example, focuses on meeting the stringent requirements of even the most security-sensitive organizations. In this regard, AWS follows a shared responsibility model, which encompasses both the security of the cloud and security in the cloud.
Security of the Cloud
On this side of the coin, AWS takes responsibility for safeguarding the infrastructure that supports AWS services in the AWS Cloud. This includes the Kubernetes control plane for Amazon EKS, with regular third-party audits to ensure the effectiveness of AWS security measures. Amazon EKS Anywhere, an AWS hybrid cloud service that allows customers to create and operate Kubernetes clusters on customer-managed infrastructure, provides the most trusted way to start, run, and scale Kubernetes.
With several flexible deployment options, including disconnected (air-gapped) environments, Amazon EKS Anywhere:
Security in the Cloud
Customers, on the other side of the coin, hold responsibility for various operating aspects, such as configuring the data plane, including security groups for traffic between the Amazon EKS control plane and customer virtual private cloud, managing nodes and containers, maintaining the node's operating system, and other associated application software. Additionally, customers are responsible for setting up and managing network controls, handling platform-level identity and access management, and adhering to data sensitivity, company requirements, and relevant laws and regulations.
The F5 portfolio, including NGINX Plus, consists of automation, security, performance, and insight capabilities that enable AWS customers to develop adaptive applications in the cloud that reduce costs, enhance operations, and prioritize user protection.
While setting the baseline environment is an excellent start to ensuring its security posture, software environments are still prone to vulnerabilities and exposed to sophisticated attacks. Tracking these vulnerabilities and attacks against applications and infrastructure—and mitigating them—can be tedious and time-consuming.
30% of organizations identified vulnerabilities as their biggest worry for their container and Kubernetes environments.3 Helping to relieve these concerns, F5 NGINX Plus and F5 NGINX Ingress Controller provide a cloud-native, easy-to-use reverse proxy, load balancer, and API gateway that makes resolving vulnerabilities faster and easier.
By incorporating Amazon EKS Anywhere, which expands the benefits of Amazon EKS to on-premises infrastructure, organizations gain the flexibility to securely run Kubernetes workloads consistently across both cloud and on-premises environments, enabling seamless application deployment and management.
To learn more, visit f5.com/aws.
Sources:
1 CNCF Annual Survey 2021, Cloud Native Computing Foundation, February 2022
2,3 Red Hat State of Kubernetes Security Report, Red Hat, April 2023