Secure Red Hat OpenShift Service on AWS clusters with Red Hat Advanced Cluster Security Cloud Service
Once you have your clusters configured the way you want to using Red Hat® OpenShift® Service on AWS (ROSA), another thing to consider is how they will be secured. As your clusters begin to pass vital information and data back and forth, it can be critical to ensure that the clusters are being maintained with some sort of platform security. This is where Red Hat Advanced Cluster Security (RHACS) Cloud Service comes in.
What will you learn?
- What is RHACS Cloud Service
- Why RHACS Cloud Service is important
- How to get started with RHACS
What do you need before starting?
What is RHACS Cloud Service?
RHACS Cloud Service is a pioneering Kubernetes-native security platform, equipping organizations to more securely build, deploy, and run cloud-native applications anywhere. The solution helps improve the security of the application build process, protect the application platform and configurations, and detect and respond to runtime issues. RHACS Cloud Service can lower operational costs by reducing the learning curve for implementing Kubernetes security and providing built-in controls for enforcement to reduce operational risk. In using a Kubernetes-native approach that supports built-in security across the entire software development life cycle, developers have the breathing room to be more productive without worrying over security concerns.
Why is RHACS Cloud Service important?
RHACS Cloud Service offers a variety of key features to keep your data safe through cloud data centers across the globe. With RHACS Cloud Service, you only need to manage the secured cluster service in your Kubernetes cluster. When our expert site reliability engineering (SRE) and engineering teams manage the RHACS application, you can focus on security implementation and enabling development speed.
Supply chain security
- Simplify DevOps processes by providing developers with security context in their existing workflows.
- Integrate security into your CI/CD pipelines and image registries to provide continuous image scanning and assurance.
- Scan images for both operating system (OS) and language-level vulnerabilities.
- Use existing security information and event management (SIEM) tools and notification platforms to facilitate remediation and response.
Infrastructure security
- Harden your organization’s environment to make sure the underlying infrastructure is configured to maintain security.
- Prevent configuration drift running compliance checks against CIS benchmarks or custom policies.
- Analyze existing role-based access control (RBAC) rules to prevent insecure access and authorizations.
- Connect with the Kubernetes API to watch for high-risk actions such as configmap changes or container exec commands.
Workload security
- Prevent high-risk workloads from being deployed or run by using out-of-the-box deploy-time and runtime policies.
- Harden workloads by enforcing network policies that adhere to the principle of least privilege—providing only the access privileges necessary to complete a task.
- Use allow-listing and behavioral modeling to detect anomalous application behavior indicative of a threat at runtime.
- Monitor known good behavior to configure custom policies and alerts for anomalous and malicious behavior.
How can RHACS Cloud Service be installed?
Check out the no-cost, 60-day getting started trial to gain hands-on access to Red Hat Advanced Cluster Security Cloud Service yourself. You can also purchase Red Hat Advanced Cluster Security Cloud Service directly through the AWS marketplace and be billed per use. If you prefer not to be billed through AWS, please contact Red Hat sales for more information.