Container Security: Protect SaaS Offering and Meet Customer Requirements at DevOps Speed
Container security — at DevOps Speed!
Join the DZone community and get the full member experience.Join For Free
When it comes to enabling video production and understanding video performance, Mux is in a class by itself. The company provides streaming video infrastructure and monitoring technology for developers and publishers of online video. Chances are, if you’re watching a video from one of your favorite content providers, they’re using Mux to understand your viewing experience. The young company has evolved to deliver a range of managed video infrastructure services including hosting, transcoding, streaming, future-proofing, monitoring, and analytics.
Seeking Cloud-Native, Container-Focused Security
Mux aims to make high-quality video streaming accessible to every developer. Their SaaS model lends itself to that, but they needed an agile and powerful infrastructure that aligned with their business strategy. The video production space is highly competitive and characterized by rapid innovation. Starting from a DevOps mindset, the team built their platform entirely in containers from the outset. As the platform has matured, so have their needs for container security and compliance. An early stage company, Mux doesn’t have the headcount to build their own container security solution (they started with a one-person infrastructure “team”). Given the race they’re in to meet a wide range of customer and partner requirements, using staff time effectively is always of the essence.
Looking to sustain their trajectory and customer confidence, Mux sought a cloud-native solution to protect to protect their microservices and container environments in Amazon Web Services (AWS) and Google Cloud Platform (GCP). They required an integrated approach to meeting compliance requirements, hardening Docker and Kubernetes infrastructure to reduce the attack surface and detecting and stopping threats at runtime. Securing containers and microservices across the entire lifecycle — build, deploy, and run —requires solutions that support multiple platforms across the ecosystem, including Kubernetes and Docker as well as Amazon EKS, Microsoft AKS, Google Kubernetes Engine, and Red Hat OpenShift.
Security for a New Paradigm, at the Speed of DevOps
The emergence of GDPR obligations and the launch of Mux’s SaaS offering, in particular, increased their security and compliance concerns. They needed a broad set of protections that worked with their existing systems and skill sets and empowered them to be more proactive. To keep up with their growing security and compliance challenges, Mux needed real-time visibility into their entire container environment to identify latent risks, define a prioritized list of issues to address, and alleviate the security burden on their engineering team. They were quickly outgrowing their networking-based security practices of isolation and segmentation.
Companies like Mux that holistically embrace DevOps success because they can execute rapid iterations toward optimized application performance and service delivery. The deployment of microservices and containers is fundamental to these supercharged innovation cycles. But to sustain this pattern of evolution and success, security has to move at the same speed as DevOps. To achieve that speed, security solutions have to leverage the inherent agility, granularity, and orchestration capabilities of the containerized DevOps environment. When security is layered in separately, developers tend to find ways to go around it as soon as it starts to slow things down. As an API-first platform, Mux needed peace of mind that the core of their hosting and streaming service was fully protected.
Container-Centric Runtime Detection and Multi-Cloud Protection
Guided by their security and compliance goals and a long list of customer requirements, Mux searched for a holistic, Kubernetes-friendly, container-centric security solution, which they found in the StackRox Container Security Platform. Without making any changes to their infrastructure, Mux was able to quickly move the solution from proof of concept into production, delivering the immediate ability to identify critical alerts. Coincidentally, one of Mux’s engineers had unintentionally broken into a production container the first day the solution had been fully deployed. With StackRox, the issue was immediately highlighted, and the Mux team resolved the problem quickly. The incident, on view too much of the company, garnered immediate enthusiastic support for the StackRox platform.
Runtime detection capabilities were critical in empowering the Mux team to identify and isolate threats quickly, with minimal staff investment. Upon deployment, their solution instantly provided a stack-ranked view of risk assets in the environment, enabling the company to remediate vulnerabilities and reduce overall risk. Mux is now better equipped to support multi-cloud deployment and readily demonstrate compliance for their SaaS customers.
Extending Security to Customer, Expansion, and Data Operations
Going forward, the Mux team is exploring more way to use their container security tools to optimize and enforce DevOps best practices and mitigate risk introduced by customer activities. The company uses open source tools and ingests thousands of customer files that could potentially contain malicious or vulnerable components. These kinds of issues can be detected only during runtime, which is why prevention-oriented strategies are not sufficient for microservices and container environments.
As Mux continues to expand its installed base and service offerings, the company’s strategy is to stay infrastructure agnostic via multi-cloud arrangements. For multi-cloud to be feasible, the team has to run the same internal monitoring tools everywhere. Hence the focus on Kubernetes, which provides a common layer for applying security configurations. Choosing a security solution built to work natively with Kubernetes environments is key to securing the kind of distributed applications, data ingestion, and multi-cloud deployments that comprise the operations of innovative digital companies like Mux.
Digital-first, cloud-native companies like Mux are at the forefront of grappling with container security challenges — and finding the gems of opportunity hidden in the powerful complexity of emerging technologies like Kubernetes and service mesh. As more enterprises embrace these computing and application models, container security solutions that address the full lifecycle of build, deploy, and run, and put Kubernetes security at the core of their architecture, will be increasingly central to the work and wonder of digital transformation.
Opinions expressed by DZone contributors are their own.