 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Weaveworks has added security to its GitOps platform by delivering new policy as code capabilities to Weave GitOps.
The additional security will provide enterprises with secure GitOps pipelines throughout the software development and deployment lifecycle as Weaveworks continues its efforts to automate Kubernetes application and infrastructure operations.
Weaveworks added policy as code through its acquisition of Seattle-based Magalix, which specializes in building tools for developers and security teams to codify security and compliance in their software development lifecycle.
“Policy as Code is a significant trend, underpinning security, compliance and guardrails efforts for enterprises adopting Kubernetes-based distributed systems,” said James Governor, co-founder of RedMonk, in a statement “GitOps is a natural workflow for policy between developers and operators, and Weaveworks has acquired Magalix to accelerate its capabilities in this area.”
“We believe that GitOps is the right way to solve customers, cloud native application operations problems going forward,” Alexis Richardson, CEO of Weaveworks, said.
According to an IDC study from 2020, 67% of breaches in the cloud are caused by misconfigured applications or infrastructure.
“Infrastructure automation enhances application delivery, supporting on-premises and cloud topologies,” said Chris Saunderson, a Gartner analyst in a report from last year. “GitOps and policy-as-code approaches and tools, supplemented by vulnerability prioritization technology platforms, will drive assessment and enforcement of security and compliance mandates.”
Policy as code is all about codifying your security standards and best practices, said Mohamed Ahmed, founder, and CEO of Magalix.
“Magalix is all about adding the guardrails so that you move fast without breaking things,” he said. “Magalix is based on the open source Open Policy Agent (OPA). We have a set of comprehensive policy libraries. Number two is we have integrations with the DevOps tools that exist in the market. And the last piece that we bring to the table is the insights and the comprehensive reporting that we provide all key players in any organization building cloud native apps.”
By adding Magalix, Weaveworks delivers customizable policies, compliance capabilities and comprehensive risk visibility into GitOps workflows, ensuring only authorized applications are deployed and there are no nefarious activities, Richardson noted.
Magalix was founded in 2017, focusing on security-as-code for teams running cloud native applications. Moreover, with Magalix’s security capabilities customers can control and enforce policies, using the same declarative approach as Kubernetes, to scale their applications while maintaining regulatory requirements and security best practices, Ahmed said.
“We are seeing an increase in customers who run a zero-trust security model turning to GitOps to bring DevOps to cloud native application development and IT operations,” he said in a statement.
Weaveworks has received requests from many of its larger enterprise customers for additional security, Richardson said.
“Because the biggest customers are very advanced in terms of compliance requirements, many of them are regulated,” he told The New Stack. “Many of them have data which needs to be looked after. But what they haven’t done is adopt Kubernetes. At scale, they’ve done it at the POC [proof of concept] level. And what stopped them from doing it is just the sense of how do I make it safe? They want all the things that I describe, you know, safe, safe pipelines, baked in compliance, being able to stop bad things from happening before they happen, supply chain verification, etc. These are all constant questions from customers.”
One large customer, Deutsche Telekom, is using Weaveworks and GitOps to roll out Kubernetes optimized for cloud native 5G deployments.
“As soon as we empowered our internal Kubernetes platform team to move forward with Weaveworks’ support, they shipped a working system into production in a matter of months, and onto 5G in 2021,” said Abdu Mudesir, SVP Technology at Deutsche Telekom, in a statement. “All this has been possible through the GitOps model.”
Trusted delivery adds policy as code to GitOps, enforcing security within the DevOps workflow. GitOps Trusted Delivery means that:
Weaveworks is integrating Magalix into Weave GitOps Enterprise, delivering Kubernetes security, enhanced visibility and resilience across the cloud native life cycle in hybrid cloud, multicloud and edge environments.
