SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Red Hat shares OpenShift security and compliance updates
Wed, 8th Feb 2023

Red Hat has introduced new security and compliance capabilities for Red Hat OpenShift, the a top enterprise Kubernetes platform.

The new features, available with the general availability of Red Hat OpenShift 4.12, are designed to help organisations more efficiently scale workloads across the hybrid cloud without compromising security, the company states.

According to Red Hat’s 2023 Global Tech Outlook, security remains the top IT funding priority across all regions and almost all industries, with 44% of respondents calling it a top 3 funding priority 8 points higher than the second highest priority, cloud infrastructure. In the same survey, security overtook innovation when respondents were asked about top priorities for digital transformation.

IT security remains a constant concern for CIOs, especially as security-related challenges risk stalling hybrid cloud innovation.

Digital transformation demands a shift in how organisations approach software security, and for organisations to embrace new cloud-native technologies, they need solutions that provide more seamless, integrated security and compliance features.

The new enhancements available in Red Hat OpenShift 4.12 are designed to help organisations mitigate risks and meet compliance requirements across increasingly complex IT environments.

Enhanced oversight and compliance for workloads spanning the hybrid cloud Red Hat OpenShift 4.12, based on Kubernetes 1.25, introduces three new Operators and an update to the Compliance Operator, designed to enhance workload consistency and management from the datacenter to the edge.

The new Security Profiles Operator enables users to more easily distribute and use security profiles like Seccomp or SELinux in a Kubernetes cluster, the company states.

Replacing what was previously a more manual process, the Security Profiles Operator is designed to simplify Seccomp or SELinux profile creation while managing profiles across nodes and namespaces.

This helps IT teams to craft security profiles that give only the necessary privileges to container processes. New enhancements were introduced to the Compliance Operator which helps Red Hat OpenShift administrators run compliance scans and provide remediations for the issues found.

With the introduction of PriorityClass, admins now have better control of their compute and memory resources and can prioritise which pods to scan first, enabling more accurate results and helps ensure each cluster stays compliant.

The new Ingress Node Firewall Operator allows users to configure firewall rules at the node level. This helps administrators control from which interface and remote hosts the Kubernetes API server can be accessed, better controlling network traffic in and out of the node for enhanced security.

The new Network Observability Operator, provides observable network traffic metrics, flows, topology and tracing for a more complete understanding of network traffic.

The operator helps simplify identification of network bottlenecks and assists with troubleshooting connectivity issues, providing for enhanced network performance optimisation in Red Hat OpenShift clusters.

Increased flexibility and options with a common foundation Red Hat OpenShift provides a more consistent foundation for organisations to run applications wherever it makes the most sense while using their preferred tools to build, deploy, run and scale applications with a focus on security. Red Hat OpenShift 4.12 delivers even greater choice in how organisations deploy Red Hat OpenShift and enables IT teams to better meet dynamic technology requirements.

New features supporting this expanded flexibility include:

  • Support for Red Hat OpenShift on Arm now includes support to deploy Red Hat OpenShift on Arm-based instances in Microsoft Azure.
  • Agent-based installer for disconnected deployments provides an easy and repeatable way to deploy edge Red Hat OpenShift clusters at scale into production with limited or no additional hardware. The agent-based installer is optimised for disconnected and air-gapped Red Hat OpenShift deployments for bare metal, vSphere, and agnostic platforms. Using the agent-based installer, organisations can deploy all supported Red Hat OpenShift topologies including single node clusters, three-node compact clusters or standard high availability clusters.
  • Extended lifecycle support with an additional six months of extended update support on even numbered Red Hat OpenShift releases on the x86_64 architecture.
  • Starting with Red Hat OpenShift 4.12, users will now have 24 months of support so users have even more flexibility to plan and operationalise upgrades.

Joe Fernandes, Vice President and General Manager, Hybrid Cloud Platforms, Red Hat, says, "IT security is a demand that spans all organisations, regardless of region or industry, especially as they seek to balance cloud-native innovation with hardened IT infrastructure.

"Red Hat is committed to making this choice a non-factor for our customers, providing the capabilities that allows them to embrace cloud-native technologies with greater operational confidence.

"With Red Hat OpenShift 4.12, organisations can better scale applications across clouds with integrated tools with an expanded suite of capabilities to meet stringent security and compliance requirements no matter where they run on the hybrid cloud."