Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production
Sysdig, the secure DevOps leader, announced support for Google Cloud Run for Anthos as a launch partner. Cloud Run is a serverless compute platform that automatically scales stateless containers.
Anthos, which Sysdig was a launch partner for in April 2019, is a managed Kubernetes offering that enables enterprises to run and manage workloads across multiple clusters, clouds, and hardware — including managing environments that mix public clouds and on-premises hardware.
With the Sysdig integration, cloud, DevOps, and security teams have the security, control, and auditing capabilities needed to confidently run cloud-native workloads in production, including serverless applications.
Cloud Run for Anthos abstracts away all infrastructure management — provisioning, configuring, and managing servers and the serverless framework — so developers can focus on building applications without having to worry about the platform.
With the general availability of Cloud Run, announced today, enterprises are able to run Functions as a Service (FaaS), a serverless way to execute modular pieces of code on the edge, packaged as containers.
As a launch partner for Google Cloud Run, Sysdig and Google Cloud have tested and validated that the Sysdig Secure DevOps Platform supports Cloud Run serverless environments in Anthos and Google Kubernetes Engine (GKE).
The ability to scale services up and down within seconds on serverless environments presents visibility and security challenges that render legacy tools ineffective. Sysdig provides the secure DevOps capabilities enterprises need to successfully run containers on Kubernetes and serverless platforms.
“Cloud Run gives enterprises the best of both worlds. They have the simplicity of a serverless platform with the portability of containers. Whether enterprises are running microservices in Google Cloud, the private cloud, on-prem, or a mix, Sysdig enables enterprises to embed security, maximize availability, and validate compliance,” said Suresh Vasudevan, Sysdig Chief Executive Officer.
“As enterprises continue to adopt new cloud-native architectures, we are here with the tools they need to consistently operate secure and reliable containers in Kubernetes and serverless frameworks.”
Key benefits of the Sysdig integration with Cloud Run
Serverless vulnerability scanning: As the number of serverless images, along with the number of image versions and builds proliferate, the ability to control what software is being used and whether software updates are being applied is lost.
Sysdig Secure allows enterprises to scan for image vulnerabilities during the delivery pipeline or from container registries, enabling faster vulnerability identification and remediation.
Runtime security for serverless on Kubernetes: While many security concerns can be addressed pre-deployment, there are code injection techniques or serialization attacks that can happen during the short time containers are active that aren’t preventable during the build and deployment stages.
During runtime, Sysdig can detect and alert on abnormal behavior, and automatically block threats.
Security policies ensure protection at runtime, but creating these policies can be tedious. With Sysdig’s out-of-the-box policies library and editor, teams have the ability to leverage application context to understand the role of each function and apply the right security policy. This saves time and ensures a secure environment.
Auditing, incident response and forensics: In a serverless, autoscaled-on-demand environment where containers are constantly replaced and disappear, visibility and security are major challenges. If something occurs inside a serverless container, by the time it needs investigation, Kubernetes has killed off the container along with its data.
Sysdig Secure captures container activity, including commands and network connections, and correlates the information with application context from Kubernetes. Additionally, DevOps teams can capture all activity information into a capture file for incident response, forensics and audit, even if the serverless function has finished and the container no longer exists.
An open by design approach to serverless
Cloud Run is based on Knative, an open source project created by Google with over 400 contributors associated with over 80 different companies. Knative is an open API and runtime environment built on Kubernetes.
Confident that open source-based platforms like Cloud Run will standardize the modern stack, Sysdig has heavily invested in open source technologies, including introducing an open source engineering team in August.
Sysdig has created multiple open source tools, including Falco, the open source Kubernetes runtime security project started by Sysdig and donated to the CNCF.
When using Sysdig Secure DevOps Platform and Google Cloud Run together, enterprises know they have a security solution that is open by design, with the scale, performance, and usability enterprises demand.