Today, Red Hat announced its intent to acquire Stackrox. This is a very exciting development in the world of cloud-native security!
First and foremost, congratulations to Stackrox, an early participant in the container security space. This acquisition is a great outcome for Stackrox given their nascent scale and on-premises offering. It also validates the massive opportunity unfolding in the security world as Red Hat realizes security and compliance are major barriers to cloud-native adoption and the importance of security for successful container platform deployments. However, while Stackrox will provide Red Hat a security solution that works for OpenShift, over time customers may be faced with a choice between an embedded, uniplatform approach versus a broader multi-cloud, open security approach. We, of course, believe that the future of security is open, multi-cloud, and SaaS.
There are a few other key takeaways from the Stackrox news:
The Red Hat Stackrox relationship, and the earlier acquisition of Twistlock by Palo Alto Networks and of Octarine by VMWare, underscore a couple of key takeaways:
- Container and Kubernetes security require a ground-up design and retrofitting existing security tools simply doesn’t work.
- Large companies will pay a large multiple once it is clear a market will yield huge revenue growth. The container security market is taking off like a rocket.
1. Container security starts with solving the visibility challengeThere is no security without visibility. Containers are black boxes, dynamic, and short-lived, which blocks visibility and makes traditional security tools ineffective. Cloud security teams need tools that provide granular visibility with service-level context, integrated across their DevOps workflow. This visibility needs to extend beyond image scanning and runtime detection and include detailed activity records for forensic investigations.
2. The future of security is openOpen source is everywhere. The CI/CD tool chain is predominantly open source and Kubernetes is the clear standard for container orchestration. The benefits of open source are particularly relevant for security.
- Open source innovates faster.
- Open source standardization provides consistency you can count on.
- Adhering to open standards protects an organization’s investment.
3. The future of security is multi cloudIf you are not on multiple clouds yet, you will be soon. According to a 2020 Stage of the Cloud report, 93% of enterprises have a multicloud strategy. An effective approach to security requires consistency across various Kubernetes platforms. Our customers value our integrating and testing with all of the cloud container platforms such as EKS, AKS, GKE and IKS, as well as the various on-premises container platforms such as RedHat OpenShift, VMware Tanzu, and SuSe/Rancher.
4. Security needs to be simpleOrganizations choose the cloud because of the speed and flexibility it delivers; however, security can be a challenge. “The attention to security in cloud-native workloads is warranted not only by the complexity of the technology stack and changing nature of the threat landscape, but also by customer demand,” said Fernando Montenegro, Principal Security Analyst at 451 Research, a part of S&P Global Market Intelligence. “451 Research’s Voice of the Enterprise: DevOps, Workloads 2020 survey, for example, indicates that 45% of respondents picked security as one of the primary hurdles for those adopting cloud-native workloads.” As a SaaS-first platform, we provide enhanced scalability and flexibility to ease our customers’ operational burden.
Congratulations to Stackrox and Red HatStackrox was an early participant in the container security market and we are excited for the Stackrox acquisition by Red Hat, a company we have enjoyed partnering with on several integrations. Even as we compete in container security, we look forward to jointly driving container adoption by making containers more secure for the industry at large.
On our side, we remain committed to offering the most advanced platform for Kubernetes security in the industry. We will continue to aggressively produce innovations that are used as reference in our field. We will do this as an independent industry leader that our competitors, the community, and our users can trust and rely on.