Author: Anurag Jain, Developer Advocate Lead, Thales
Bio: Anurag Jain have around 16 years of experience in software development, design, and implementation including product management. With Thales, I am working as a developer advocate where I am working directly with the developer community by offering them various tools to successfully adopt data security in their application deployment ecosystem. I am also working with internal product teams to make sure that Thales tools remain developer friendly and are backed by easy-to-follow documentation.

Whether you are an application developer or a member of a DevOps team, you are now tasked with a requirement where sensitive containerized data needs to be protected in a way that meets compliance requirements and provides your customers confidence in your tool. Where do you start? Is it possible to avoid changes to your code?

Data security is a complex topic. Putting security into the forefront of the DevOps process is not always straightforward and can be something DevOps teams struggle with especially if they do not have cryptographer skillsets. It involves a lot of moving parts—such as securely managing encryption keys implementing sufficient user-based access control policies, or securely managing secrets: the credentials that act as a key to unlock protected resources or sensitive information in tools, applications, containers, DevOps and cloud-native environments.

These are the kinds of complexities that make the life of a developer tough if they must address them in their code. To stay up to pace with data privacy compliance requirements, cryptographic algorithm standards, and key management concepts places a huge overhead on development teams.

This overhead impacts the velocity of all the aspects of the development lifecycle including development, testing and DevOps. Now imagine you can reduce this drag from months to days by simply adding another pod in your environment. Fortunately, Thales offers several ways to infuse security into the DevOps cycle itself to protect data in containers without making changes to your code. And this can be done for free using a community edition.

Protect Data – Kubernetes is an open source container orchestration software solution that facilitates efficient application deployment and management. Containers are essential to getting cloud software and services to operate at scale. In these environments, data is stored in persistent volumes for stateful applications. Protecting this data at rest is vitally important since it is otherwise vulnerable to breaches or unauthorized access. However, using Kubernetes is not always easy and typically involves a steep learning curve. Kubernetes faces significant challenges in terms of security due to its intricate nature and susceptibility to vulnerabilities and misconfigurations. Inadequate monitoring can impede the identification of these issues, particularly when deploying multiple containers, making it arduous to detect potential risks. Consequently, this creates an opportunity for malicious hackers to exploit weaknesses and gain unauthorized access to your system.

Thales CipherTrust Manager Community Edition helps DevOps Teams easily protect data in their Kubernetes clusters. This community edition is free to use and comes with tools like Thales Data Protection Gateway and Thales CipherTrust Transparent Encryption for Kubernetes. Thales Data Protection Gateway is a sidecar container that can be run in your Kubernetes environment that can intercept your REST APIs and protect JSON payload on the go based on the policies. Thales CipherTrust Transparent Encryption for Kubernetes can protect the files you want to store in your persistent volume without changing any code.

Protect Encryption Keys – Digital certificates and their associated keys offer data-in-motion security by enabling secure communications using HTTPS-based communication protocols. DevOps Teams often use this method to securely connect to applications, servers, and cloud resources. To protect certificates and their associated encryption keys, IT Teams initially use Thales CipherTrust Manager Community Edition.

There are many automation tools available to DevOps. If the IT Team already has Red Hat Ansible Automation Platform, then they can also freely leverage the Thales CipherTrust Ansible collection, to perform configurations faster and more efficiently. This enables DevOps Teams already using Ansible for their infrastructure deployment to manage keys more easily and securely from a centralized console.

Protect and Automate Secrets – In today’s development landscape many DevOps and Security Teams are struggling to wrangle their “secrets sprawl”. You can take advantage of a 90-day free trial to see how to protect and automate access to secrets across DevOps tools and cloud workloads to ensure dynamic and protected access to credentials such as certificates, API keys, and tokens. This trial also enables comprehensive secrets management including static secrets, dynamic secrets, secrets rotation, SSH keys management, auditing, and analytics, across DevOps and hybrid multi-cloud environments, via a scalable as-a-service deployment.

To learn more about how to seamlessly integrate data security into your development process, join us at KubeCon Europe 2024, March 19-22. Download free-forever Thales CipherTrust Manager Community Edition and check out a no code change approach to your data security updates.

To learn more about Kubernetes and the cloud native ecosystem, join us at KubeCon + CloudNativeCon Europe in Paris from March 19-22.