BLOG

Strengthening Container Security with EKS Anywhere and NGINX

Dave Morrissey サムネール
Dave Morrissey
Published November 07, 2023

Containers have taken the cloud by storm, becoming integral to modern application development and deployment strategies. Unlocking the full potential of the cloud to drive transformative innovation, containers empower organizations to operate workloads that are highly available, scalable, and self-healing.

While cloud-hosted web application servers can be deployed in various ways, deploying containerized applications using orchestration tools like Kubernetes is becoming increasingly common. This shift to Kubernetes enables businesses to modernize applications and streamline IT infrastructure for long-term portability and resiliency. Around 96% of companies are either using or considering the adoption of Kubernetes.1 Chances are, yours is among this majority.

Security Doesn’t Magically Happen

The evolving security landscape impacting operations highlights the importance of collaboration between security management, SecOps, engineering, and DevOps throughout the CI/CD pipeline. Security is no longer solely the responsibility of the CISO and SecOps teams. DevOps teams now play a critical role in accepting, testing, and deploying security policies to ensure that security measures are integrated at every development lifecycle stage. As the awareness of container security concerns continues to rise, 67% of organizations reported delaying or slowing down deployment due to Kubernetes security concerns.2

Prioritizing security from the outset ensures a comprehensive and robust approach across an organization's application development and deployment processes. Organizations are making strategic investments in:

  • Safeguarding valuable business assets
  • Meeting regulatory requirements
  • Ensuring business continuity
  • Maintaining customer trust
  • Reducing or eliminating breach costs

Bridging NetOps, SecOps, and DevOps, NGINX Plus and F5 solutions streamline collaboration and deliver application services that span code to end users.

Sharing Responsibility with Amazon Elastic Kubernetes Service (EKS) Anywhere

Getting and staying on the right side of this security equation is critical. Amazon Web Services (AWS), for example, focuses on meeting the stringent requirements of even the most security-sensitive organizations. In this regard, AWS follows a shared responsibility model, which encompasses both the security of the cloud and security in the cloud.

Security of the Cloud

On this side of the coin, AWS takes responsibility for safeguarding the infrastructure that supports AWS services in the AWS Cloud. This includes the Kubernetes control plane for Amazon EKS, with regular third-party audits to ensure the effectiveness of AWS security measures. Amazon EKS Anywhere, an AWS hybrid cloud service that allows customers to create and operate Kubernetes clusters on customer-managed infrastructure, provides the most trusted way to start, run, and scale Kubernetes.

With several flexible deployment options, including disconnected (air-gapped) environments, Amazon EKS Anywhere:

  • Simplifies on-premises Kubernetes management with default component configurations and automated cluster management tools.
  • Reduces the effort spent testing and managing self-managed Kubernetes versions.

Security in the Cloud

Customers, on the other side of the coin, hold responsibility for various operating aspects, such as configuring the data plane, including security groups for traffic between the Amazon EKS control plane and customer virtual private cloud, managing nodes and containers, maintaining the node's operating system, and other associated application software. Additionally, customers are responsible for setting up and managing network controls, handling platform-level identity and access management, and adhering to data sensitivity, company requirements, and relevant laws and regulations.

The F5 portfolio, including NGINX Plus, consists of automation, security, performance, and insight capabilities that enable AWS customers to develop adaptive applications in the cloud that reduce costs, enhance operations, and prioritize user protection.

Proactive Vulnerability Management Improves Hybrid Cloud Security Posture

While setting the baseline environment is an excellent start to ensuring its security posture, software environments are still prone to vulnerabilities and exposed to sophisticated attacks. Tracking these vulnerabilities and attacks against applications and infrastructure—and mitigating them—can be tedious and time-consuming.

30% of organizations identified vulnerabilities as their biggest worry for their container and Kubernetes environments.3 Helping to relieve these concerns, F5 NGINX Plus and F5 NGINX Ingress Controller provide a cloud-native, easy-to-use reverse proxy, load balancer, and API gateway that makes resolving vulnerabilities faster and easier.

Securely Run Hybrid Container Workloads Anywhere

By incorporating Amazon EKS Anywhere, which expands the benefits of Amazon EKS to on-premises infrastructure, organizations gain the flexibility to securely run Kubernetes workloads consistently across both cloud and on-premises environments, enabling seamless application deployment and management.

To learn more, visit f5.com/aws.


Sources:

1 CNCF Annual Survey 2021, Cloud Native Computing Foundation, February 2022

2,3 Red Hat State of Kubernetes Security Report, Red Hat, April 2023