VMware Delivers Advanced Cloud Workload Protection with Container and Kubernetes Security

Rhea-AI Summary

VMware (NYSE: VMW) has introduced enhanced cloud workload protection capabilities for containers and Kubernetes, aiming to bolster security from development to production across environments. This solution enhances visibility, compliance, and security amidst evolving threats as organizations migrate to cloud services. Key features include a Security Posture Dashboard, Container Image Scanning, and Compliance Policy Automation, facilitating collaboration between InfoSec and DevOps teams. The new capabilities are set to be available in April 2021, addressing increasing demand for secure operations in multi-cloud infrastructures.

Positive

• Expanded cloud workload protection capabilities enhance security for containerized applications.
• Facilitates collaboration between InfoSec and DevOps teams to identify risks earlier.
• Incorporates continuous integration and delivery (CI/CD) pipeline for early risk analysis.
• Security Posture Dashboard provides comprehensive visibility across Kubernetes workloads.
• Adoption set for April 2021 aligns with industry trends toward increased cloud usage.

Negative

• None.

VMware, Inc. (NYSE: VMW) today unveiled expanded cloud workload protection capabilities to deliver security for containers and Kubernetes. The new solution will help increase visibility, enable compliance and enhance security for containerized applications from build to production in public cloud and on-premises environments.

“Containers and Kubernetes are enabling organizations to develop and modernize applications faster than ever, but the innovation is also expanding the attack surface,” said Patrick Morley, senior vice president and general manager, Security Business Unit, VMware. “Our solution extends security to containers and Kubernetes to deliver one of the industry’s most comprehensive cloud workload protection platforms. With security built into the development and deployment of applications, we are bridging the gap between the SOC and DevOps teams to help our customers reduce the risks that come with running containers across clouds.”

For many organizations, migrating to the cloud has had to happen quickly and at a large scale to ensure business continuity amid the global pandemic. Development teams are looking to containers and Kubernetes for speed and the ability to scale application delivery. According to Gartner, “by 2025 more than 85 percent of global organizations will be running containerized applications in production, which is a significant increase from fewer than 35 percent in 2019.”¹ Organizations now need security for modern workloads to address a new set of threats and build resilient digital infrastructure.

Better Secure the Complete Lifecycle of Kubernetes Applications

Security is especially complex in multi-cloud infrastructures. VMware Carbon Black Cloud Container builds security into the continuous integration and delivery (CI/CD) pipeline to analyze and control application risks before they are deployed into production. Expanding the VMware Carbon Black Cloud Workload offering, the new capabilities will enable organizations to better secure containerized applications in Kubernetes environments. The solution shifts security left to protect the entire lifecycle of Kubernetes applications. InfoSec teams can now scan containers and Kubernetes configuration files early in the development cycle to address vulnerabilities with unparalleled visibility. The solution provides continuous cloud-native security and compliance to better secure applications and data wherever they live.

Enable Collaboration for InfoSec and DevOps Teams

Containers and Kubernetes offer development teams flexibility with an infrastructure-as-code approach. However, security is often a roadblock to faster production deployments and later bolted-on as an afterthought. The VMware container security module will empower InfoSec and DevOps teams to better collaborate and identify risks earlier in the development cycle with built-in security. The expanded offering will provide a new vantage point to allow cross-functional teams to detect and fix vulnerabilities to achieve simple, more secure multi-cloud Kubernetes environments.

VMware’s expanded cloud workload protection capabilities will deliver a comprehensive solution for InfoSec teams including:

• Security Posture Dashboard: Provides a combined view of vulnerabilities and misconfigurations to enable complete visibility into security posture across Kubernetes workload inventory. InfoSec and DevOps teams can gain deep visibility into workload security posture and governance to enable compliance, with the ability to freely explore Kubernetes workload configuration via customized queries.
• Container Image Scanning and Hardening: InfoSec and DevOps teams can scan all container images to identify vulnerabilities and restrict the registries and repositories that are allowed in production. Teams can set minimum standards for security and compliance, generate compliance reports and follow CIS benchmarks and Kubernetes best practices.
• Prioritized Risk Assessment: Vulnerability assessments allow InfoSec and DevOps teams to review images running in production and only approved images are deployed. Security teams can use the prioritized risk assessment to detect and prevent vulnerabilities by scanning Kubernetes manifests and clusters.
• Compliance Policy Automation: Infosec teams can shift-left into the development cycle, streamline compliance reporting, and automate policy creation against industry standards such as NIST, as well as the customer’s organizational requirements. This enables the integrity of Kubernetes configurations through control and visibility of workloads that are deployed to an organization’s clusters. Customizable policies help enforce configuration by blocking or alerting on exceptions.

The Future of Intrinsic Security with VMware Carbon Black and Tanzu

The container security module compliments the VMware Tanzu portfolio. Select Tanzu editions include a global control plane for centralized management of all aspects of cluster lifecycle, including policies for access, data protection, and more. Customers can now add powerful security for containers and Kubernetes applications while simplifying operations for InfoSec and DevOps teams.

Customer Quote

DoubleVerify powers the new standard of digital marketing performance, ensuring viewable, fraud-free, brand-safe ads.

“It’s important that we have full visibility into the risk of our entire Kubernetes workload environment, as well as the ability to detect and prevent vulnerabilities before containers are deployed,” said Roy Berko, Senior Director of DevOps, DoubleVerify. “With VMware’s container security offering, we now have instant visibility to help reduce risk of our containerized applications all from a single dashboard.”

Analyst Quote

IDC is the premier global market intelligence firm, examining consumer markets by devices, applications, networks, and services

“Kubernetes has become the de-facto best practice standard for developing cloud-native applications, yet developers are still leveraging siloed and inefficient tools with limited cross organization visibility,” said Frank Dickson, Program Vice President, Security & Trust at IDC. “VMware’s container security offering provides an opportunity for security and DevOps teams to work more closely together to leverage the power of Kubernetes and better secure the unique lifecycle development processes of container-based applications.”

Product Availability

VMware container image scanning and CI/CD integration capabilities are expected to be available in April 2021. Runtime security for detection and response will be available later this year. For more information, please visit our website.

Additional Resources

• Blog: Automate DevSecOps for Full Lifecycle Container Security
• Blog: Securing Containers and Kubernetes-Orchestrated Environments

Sources:

1. Gartner, Best Practices for Running Containers and Kubernetes in Production, Arun Chandrasekaran, August 2020.

About VMware

VMware software powers the world’s complex digital infrastructure. The company’s cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough technology innovations to its global impact. For more information, please visit https://www.vmware.com/company.html.

VMware Carbon Black, and Tanzu are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and other jurisdictions.

View source version on businesswire.com: https://www.businesswire.com/news/home/20210407005397/en/

FAQ

What new capabilities has VMware announced for cloud workload protection?

VMware announced expanded cloud workload protection capabilities focused on enhancing security for containers and Kubernetes applications.

How does VMware's new solution help security teams?

The solution facilitates collaboration between InfoSec and DevOps teams, enabling them to identify and address risks earlier in the development cycle.

When will VMware's new container security features be available?

The new container security features are expected to be available in April 2021.

What is the significance of containers and Kubernetes in cloud security?

Containers and Kubernetes allow rapid application development and deployment, but they also expand the attack surface, necessitating enhanced security measures.

How does the Security Posture Dashboard enhance visibility for Kubernetes workloads?

The Security Posture Dashboard provides a comprehensive view of vulnerabilities and misconfigurations, allowing for improved governance and compliance.