Data protection remains one of the top concerns for containers. Data needs to be encrypted to ensure both security and compliance.
I had the opportunity to speak with Maksim Yankovskiy, V.P. of Engineering at Zettaset about the enterprise move to containers and what enterprises need to do to secure their data and applications today.
According to Gartner, by 2023, 70% of organizations will be running 3+ containerized applications in production. Data continues to grow exponentially and has become more valuable than oil as it provides insights across all people and businesses.
IoT devices, containers, Kubernetes (K8s), and microservices are leading drivers of enterprise innovation and digital transformation but they also dramatically expand the number of attack vectors for bad actors and nation-states.
13.5 billion records have been stolen since 2013 at an average cost of $3.9 million per breach. In 95% of all breaches, the data is unencrypted. According to CNCF, 94% of enterprises running containers have experienced a security incident in the last 12 months and security is a top barrier to further container adoption.
Encryption is the last line of security for data; however, old perceptions die hard. According to the Ponemon Institute, the top six reasons why encryption is not broadly adopted are:
System performance and latency
Enforcement of policy
Support for cloud and on-premises development
System scalability
Management of keys
Integration with other security tools
Zettaset solves these problems with software-defined encryption that scales. It works seamlessly with container software and is scalable across any on-prem, cloud, or edge deployment. With employees working from home, companies can have peace of mind that the data their employees are accessing to do their jobs is protected.
Maksim suggests companies assume they will have vulnerabilities and build security into the DevOps process. Encrypt data throughout the process of collection, viewing, and manipulation at the source. Any sensitive data stored needs to be encrypted without the keys being stored in the same location. Zettaset has a virtual key manager that’s easy to use.
Find an encryption solution that is so easy to deploy there’s no excuse not to deploy and you do not need to change your development processes If it has a CLI there shouldn’t be a change to provision storage. Work with an encrypted system the same way you work with an unencrypted system.
Zettaset was recently certified as a Red Hat OpenShift Operator, providing capabilities for the encryption of data stored in Red Hat OpenShift container environments. Clients are experiencing one-click install from the Red Hat Marketplace for an automated and secure encryption ecosystem.
Key takeaways:
Ensure data protection in containers without the performance tax.
Secure DevOps procedures across your organization.
Ensure compliance in highly regulated industries.
Achieve internal or corporate security mandates.
To get value from data, you have to protect it and the people that are producing the data.