Our core mission at Alice&Bob is to help customers embark on the most secure, fastest and most successful cloud journey possible. That's why we are constantly exploring the best ways to secure application workloads. Today, our customers face the challenge of providing the highest level of traditional IT security while taking advantage of revolutionary new technologies and architectures enabled by the power of the cloud.

We firmly believe that defense in depth is the best approach to address these challenges. While traditional data center security has relied on perimeter security, a cloud-native approach can (and must) provide security in every aspect of your cloud and application lifecycle. That's why customers often come to us with the question: How can we deliver state-of-the-art serverless and containerized workloads while meeting (and exceeding) our security requirements?

Regular readers of our blog know our mantra "people, processes and tools" to deliver a comprehensive cloud security strategy. That's why we'd like to introduce our new partner today: Aqua Security (Aqua). Aqua is the largest pure cloud-native security company and provides a security tool belt that protects your entire DevOps application lifecycle, be it for Kubernetes, serverless functions like Lambda or VMs. (Be sure to check out our other blog posts on the Security Champions Program, which focus on people and processes).

Before we begin, however, we would like to provide a little additional context.

A brief history of containers

Unless you live behind the moon, you've probably noticed the rise of container technologies over the last eight years or so, starting with the release of Docker in 2013. However, Docker didn't invent containers, and in the time since it brought the possibilities of containerized workloads to a wider audience, several competing container runtimes have emerged.

It became immediately clear that while containers are very practical for managing the entire lifecycle of a single application, organizing a fleet of containers to deploy a microservice architecture is not significantly more practical than using traditional VMs. No one should or has considered going back to monolithic architectures just to use containers.

And lo and behold: the dawn of the container orchestrators

There was a brief period when several orchestrators competed to provide the usability of containerized applications on clusters of any size. Docker itself developed "Swarm" and "Docker-Compose", Apache integrated container orchestration into its Mesos project and Google released Kubernetes as an open source version of its internal orchestrator Borg. Today, Kubernetes is the clear winner among orchestrators and its development has been transferred to the Cloud Native Computing Foundation. With a dedicated organization behind it, containers and their ecosystem are maturing quickly, yet it is still a cutting-edge technology and many pitfalls still need to be overcome.

Kubernetes of the next level

Anyone who has tried to run Kubernetes in production has quickly realized that running it securely is quite difficult. Whether it's vanilla Kubernetes or managed Kubernetes like EKS on AWS, anyone who has tried to implement a comprehensive security strategy has quickly realized that this is still in its infancy.

Although AWS offers many sophisticated security tools, Aqua offers the same level of security within a Kubernetes cluster as AWS does for its native cloud services.

At Alice&Bob, we are often approached by customers who want to help them close this gap. While traditional and AWS-native workloads can utilize the extensive range of AWS security services, securing workloads in EKS/Kubernetes is entirely your responsibility. While we are always eager and open to new challenges and cutting-edge technology, implementing your own security framework in a greenfield project is a difficult endeavor for any organization subject to industry standards and certifications. For these reasons, we are very proud to announce this partnership.

Introducing: Aqua

Aqua is the perfect solution to bridge the gap between the comprehensive security experience of cloud-native AWS services and the containerized world, providing the same level of security both inside and outside your Kubernetes cluster. Aqua enables Alice&Bob to meet all your security needs at every step of your containerized application lifecycle, tightly integrated with your AWS setup and toolchain, as Aqua is an AWS certified advanced technology partner.

"As an Advanced APN member and Container Competency technology partner, Aqua provides highly integrated security controls for cloud-native applications on AWS and supports managed container services such as Amazon ECS for container orchestration, Amazon EKS for Kubernetes-based deployments, AWS Fargate for on-demand container scaling, AWS Lambda for serverless functions, and Amazon ECR for storing and managing container images."

https://www.aquasec.com/solutions/aws-container-security/

To give you an idea of what Aqua has to offer, we'd like to highlight some of its features that give you the next level of Kubernetes security.

Superpower no. 1: Scanning and securing image vulnerabilities

Aqua prevents unauthorized images from running in your AWS environment. It continuously scans images stored in Amazon ECR to ensure DevOps teams are not introducing vulnerabilities, misconfigurations or secrets into container images. Get actionable recommendations to remediate security issues.

Superpower no. 2: Cloud VM security and compliance

Aqua protects workloads running on Amazon EC2 instances and ensures they are properly hardened. Scan for vulnerabilities and malware, apply File Integrity Monitoring (FIM), verify configuration against the CIS Benchmark for Linux, and monitor user access and activity. Create a command-level audit trail for compliance and forensics.

Superpower #3: Risk assessment and mitigation for serverless functions

Aqua continuously scans Lambda functions in AWS accounts to ensure developers don't introduce vulnerabilities into function code, leave access keys in environment variables, or create overly permissive roles. Define security policies for AWS Lambda functions and warn against or prevent the execution of tasks that violate the policies.

Superpower no. 4: Protect applications at runtime

Aqua prevents unchecked containers from running in your Amazon ECS, EKS and Fargate environments. Automatically create security policies based on container behavior and ensure that containers only do what they are supposed to do in the application context. Detect and prevent policy-violating activities and defend against container-specific attack vectors.

Superpower #5 (last but not least): Deep integration into your environment

The final superpower we'd like to mention is that Aqua integrates with almost every CI/CD, SIEM, monitoring and collaboration tool worth mentioning. Therefore, Aqua will quickly become a reliable companion on your cloud journey.

All this is just a small part of the features Aqua offers and we are proud to have them on our side. Together we will revolutionize the way customers deploy, secure and control their applications and provide you with a powerful tool combined with A&B's expertise.

‍