The Seiso team recently had the pleasure of virtually attending the 2020 iteration of KubeCon and CloudNativeCon. Even with the new virtual format, there were many great sessions that covered interesting new topics, tools, and practices for Kubernetes and other projects in the cloud native ecosystem.
Among those, we noted a handful of tools and themes that stood out to our team from an adoption and security perspective.
If you’d like to check out any of the talks, most are now available to watch freely on YouTube here.
Open Policy Agent
Open Policy Agent is a policy engine that is quickly becoming an integral part of the Kubernetes security ecosystem and standardization.
We think it’s likely Open Policy Agent will become the de-facto way to write Kubernetes security controls given the number companies that already seem to be adopting it with interesting use cases.
Runtime Container Security
One of our favorite projects at Seiso is Falco, an incubating CNCF project for providing runtime container security through monitoring of policies and automated responses.
We see Falco continuing to gain traction as a top contender for runtime monitoring and automated response of Kubernetes clusters.
Cloud Native Monitoring and Dependency Mapping
We noticed a couple projects pushing new advances in cloud native security monitoring and dependency mapping.
Container Image Scanning
Just as we recommend dynamic and static scanning of software, we’re excited to see solutions for security testing container images becoming more prevalent.