Enterprise Times caught up with Liz Rice, Technology Evangelist, Aqua Security and Sugu Sougoumarane, CTO, PlanetScale Data at the Cloud Native Computing Conference and KubeCon in Copenhagen. We talked about Vitess, the open source database clustering system which is now a CNCF project. At the same time we talked about the challenge of container security, a subject that was popular among many conference attendees.
Vitess started out as a project to improve the performance of YouTube. Early on, Google required Vitess to be moved into Google Cloud which meant porting the entire project. Although it was ported it was also kept as an open source project.
Porting applications across platforms has never been easy. As companies struggle with multi-cloud and free movement of apps, how difficult was the move? Sugu said it was: “quite a challenge because the Google ecosystem is very different. It has a lot of custom APIs that are only internal to Google.” It forced the Vitess team to build a large number of adapters.
Data is the biggest challenge for companies moving to cloud. People have been scared to move data into the cloud due to the ephemeral nature of the cloud and because cloud APIs are not good at managing the movement of data.
There are other concerns with APIs. Many organisations are struggling to know how to review, curate, clean-up and publish APIs that are safe and secure. Rice agrees that there have been problems. Despite this there is work being done to make it easier to secure APIs.
Rice is particularly excited by runtime protection within the container world. Microservices, in particular, should be accessing limited services and APIs. If, Rice says, you can learn what those behaviours are like you can spot unusual behaviours. This is about hardening the security of container networks and is something that security teams need to get involved in.
The conversation looked at several other issue with databases in containers and the work being done to secure containers. Rice also talked about other projects taking place inside the CNCF. Many of these are security related and for those who are worried about containers and security, Rice talks a lot about the solutions that are coming along.
To hear what else Liz and Sugu had to say, listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there.