Capital One Financial released a beta version of its Critical Stack container orchestration platform promising increased security compared with traditional offerings.
Critical Stack allows organizations in regulated industries to take advantage of containerization and the cloud while maintaining strict security protocols. The product includes tools that allow for enforcement of common compliance and regulatory controls specifically around container execution, container networking, logging, and role-based access control (RBAC). It also handles failover and updates.
“For the time being we are launching with support for the latest revision of Kubernetes, however one of the reasons that we use this language is that [Kubernetes] is a rapidly moving target – [Kubernetes] hasn’t maintained compatability with itself between versions,” Randall explained. “Our abstraction layer has really empowered our development teams. Folks are free to leverage [one-to-one] compatibility with [Kubernetes] and still know that their security and compliance abstractions are portable.
Critical Stack does employ a number of proprietary components. These include the graphical user interface (GUI), command line interface (CLI), market place, installer, and a container optimized operating system (OS). Randall did note that the market place does include installers for “dozens of standard open source components.”
The genesis of Critical Stack came from a startup company of the same name that Capital One acquired in 2016. The deal was made under the pretense of accelerating the bank’s public cloud capabilities. Randall was a co-founder at Critical Stack and joined Capital One following the acquisition.
The Critical Stack launch tackles often-discussed challenges surrounding the robustness of container deployments.
Containers are considered secure because of their basic construct. They are small and they often exist for only a brief period of time. Plus specific platforms can be deployed to further bolster container security throughout their existence. These include container security services from vendors.
In a recent report, Gartner explained that container security concerns are often due to the deployment method and not necessarily the technology itself.
“Containers are not inherently unsecure, but they are being deployed in an unsecure manner by developers, with little or no involvement from security teams, and little guidance from security architects,” the analyst firm said. “Traditional network and host-based security solutions are blind to containers.”
Security has been a primary component of Kubernetes updates. The most recent included granting “stable” support for RBAC. This is designed to allow cluster administrators to dynamically define roles to enforce access policies through the Kubernetes application programming interfaces (APIs).
Randall said Kubernetes is a good first step for organizations looking to tackle container orchestration. However, it continues to lack the depth of support for more detailed deployments.
“Kubernetes solves the first half of the container orchestration challenge for the enterprise,” Randall said. “If you’re an enterprise, you’ve got a whole host of other concerns that remain unanswered that you must solve – security, compliance, and enterprise integration.”