State of Security for Kubernetes with Twistlock & Nirmata

Read the Transcript

Male Voice: Hello, and welcome to “Keeping up with Kubernetes.” John Morello is chief technology officer at Twistlock, whose technology brings security to containers on Docker, Kubernetes, and beyond. Let’s listen as JoAnne McDougald speaks with John and to Nirmata’s own, Ritesh Patel, about the state of security for Kubernetes, as well as the close integration Nirmata and Twistlock have developed to bring container security to Nirmata’s powerful cross-provider container management platform.

JoAnne: Hi everyone, and welcome to another edition of “Keeping up with Kubernetes.” I am here live at the KubeCon 2018, Seattle. It’s raining outside, but it’s joyful inside. There’s so much going on. I think the keynotes are about to re-engage here, so at the end of this session you might hear some noise, and then we’re going to have to close it out, but I’m joined today by John Morello, the CTO at Twistlock; and Ritesh Patel, VP of Products for Nirmata.

We’re here. There’s so much going on. John, I just want to get a few words from you, your insights around security and Kubernetes and what it means for the enterprise. Ready, go.

John: Sure. Any time you adopt a new technology platform, security and manageability, I guess, are two really key aspects of that. So for us we look at security in the space as not just taking all the existing things that you’ve done in your old world and just somehow porting them over to work in this new world. Really, we look at it as an opportunity to do security in a fundamentally different way than we’ve been able to do in the past.

Containers, cloud native, Kubernetes, are all about a more consistent and more streamlined pipeline from development into production. If you do security right, you can take advantage of that pipeline to embed security earlier on, and that notion of shift-left, so you’re not dealing with security problems in production. You’re able to stop them in development. You’re also able to leverage the way to these containers and cloud-native apps work to develop models for what’s normal and automatically previous what’s abnormal, without having to create a bunch of rules and manual process.

So we look at this security thing as really more of an opportunity to improve security and make it more efficient, more effective. Not just taking the old stuff and making it stick into a Kubernetes world.

Ritesh: Awesome. So you mentioned briefly about security and management being two of the key aspects in terms of Kubernetes and this new world of containers. So what do you see as – in terms of integration and how integrated or closely aligned they need to be to make the whole system work?

John: Well, I think the way we look at it at least, from a Twistlock standpoint, is that UNIX philosophy of doing one thing and doing it really well. We do more than one thing; but in our platform, the platform’s focused on security, and we want to make sure that the information that we have and the ability to configure Twistlock and get that information out and see audits – that we’re doing that in a way that’s really cloud native itself and very open.

So you run Twistlock. It’s just a set of cloud native apps. Everything you do in the product UI is backed by a RESTful API. All the data is available in just standard JSON formats. So we look at – people ask us, can you integrate with X or Y or Z. The answer is pretty much always yes, because we’re just using JSON and REST and webhooks and standard protocols and data formats that make it easy to integrate with whatever that you’re doing.

So I think the story is really, yes; you should be able to swap and choose the right tools that work in your environment; but it’s not about a tight level of integration. It’s about standardizing those open platforms and data formats as a way to interchange data.

Ritesh I should just add to that that Nirmata works closely with Twistlock. We’ve actually successfully integrated. We deploy Twistlock through Nirmata and leverage some of the integrations around security management.

John: That’s right.

JoAnne: That’s what I think is so important about – the Nirmata philosophy is also very open, very agile; and very forgiving. You can have any application, any type of Kubernetes; and all these are going to change over time. That’s the whole point of open-source, right? We want the change. We want the flexibility. We want the new ideas. There’s nothing as a barrier. So today we’re looking back at 2018. What are the things that you think were big changes that happened last year, and then what’s your prediction? It’s December. It’s time for predictions. So you can take one look back, and then a broad look forward; and then Ritesh, I’m going to ask you the same question.

John: I would say the look back to me would be that, during the course of this year, you saw the question go from – is Kubernetes the platform that we’re going to use; or is it Docker Swarm, or is it – there was all this debate more than a year ago, the orchestrator wars and what platform to choose. You really just don’t hear that anymore.

I think everybody has recognized – and you can see through the products and the services that are available – that it’s Kubernetes. That’s the platform. There’s lots of different distributions and flavors of it, but it’s Kubernetes; and as long as you’re using standard Kubernetes, you can have a very consistent experience.

In terms of prediction, I think that which you saw in this year enables this prediction; which is, in 2019, I think you’re going to see a lot more acceptance and just realization that most enterprises are going to be intentionally multi-cloud. From the standpoint of wanting to have leverage over not just – you have the leverage over Amazon and Azure and Google and whomever else you do business with, so that you’re not all tied into one place. Now that you’ve got a consistent platform that you can run it on, you have the opportunity to actually take a workload and move it from AWS and put it on Azure or Google or on premises; because it’s the same basic platform.

You’ve really never realistically been able to do that in the past. It’s actually one of the things I think is neat about an opportunity for a company like Nirmata. You guys are an independent version of Kubernetes. You’re not the Microsoft distribution or the VMware distribution or Amazon. You can run Nirmata across all those places, like you can with Twistlock, and ensure that you’ve got that flexibility to run your applications where you want without being tied to a particular provider.

Ritesh Yes. Then add to that consistency. You want – from management standpoint you want consistency across all of these different environments. You want them to look alike. You want to standardize on security, logging, all of the other infrastructure components. So when applications are deployed on either of these clouds, you get the same similar behavior.

John: Exactly.

JoAnne: Well, thank you both. What I heard is – my takeaway is – for 2019, multi-cloud, consistency, for enterprise wide Kubernetes. We’re very excited. Thank you, John Morello from Twistlock. Thank you Ritesh Patel from Nirmata. I’m signing out from, again, the show floor here at KubeCon 2018. Have a good day – “Keeping up with Kubernetes.”

John: Thanks.

Ritesh Thank you.

Male Voice: Thanks for listening to “Keeping up with Kubernetes.” For more discussion on the latest in the world of Kubernetes, visit us at