Tech Topic

Red Hat OpenShift container security

Red Hat® OpenShift® delivers a modern, scalable approach to securing the entire application platform stack, from operating system to container to application.

Download technology brief

Containers at scale, with security at every stage

Lock icon Control


Control the trusted sources of content, testing, and deployments.

Lock icon Defend


Defend applications from attacks and vulnerabilities in all layers of the platform.

Lock icon Extend


Enable and extend secure services through standard interfaces and APIs.

Red Hat OpenShift enables continuous security

Defense-in-depth and secure software supply chain

Managing security is a continuous process. As applications are deployed or updated, it’s critical to provide dynamic security controls to keep the business safe. Red Hat OpenShift enables a secure software supply chain which ensures that applications are secure, without reducing developer productivity. Red Hat allows businesses to control, defend, and extend their application platform throughout the application lifecycle.

 

Security policy process procedures diagram

Trusted by over 90% of the Fortune 500, Red Hat builds on decades of security experience for today’s applications and into the future*

*Red Hat client data and Fortune 500 list, June 2017

Container host and platform multitenancy: Red Hat® Enterprise Linux® manages multitenancy of the container runtime: Using Linux namespaces, SELinux, CGroups, and Secure Computing Mode (seccomp) to isolate and protect containers.

Security and trusted content sources: With over 70% of public application content having a security vulnerability, it’s critical to work with trusted sources. Red Hat Container Catalog delivers validated application content from Red Hat Middleware and certified ISV partners.

The new Compliance Operator provides a declarative way to specify and achieve security compliance for the OpenShift cluster.

Securing the container registry: Registries play a critical role in the secure software supply-chain, frequently interacting across the application lifecycle. OpenShift provides an integrated container registry that allows applications to be scanned for vulnerability and cryptographically signed for trusted identification. When using OpenShift with Red Hat Quay with Clair for vulnerability scanning, vulnerability data is visible in the OpenShift console.

Securing the build pipeline: The Continuous Integration/Continuous Delivery (CI/CD) pipeline is at the core of a secure software supply chain. OpenShift integrates tightly with Jenkins and other standard CI/CD tools to manage builds, code inspection, and validation. OpenShift S2I allows for secure application builds directly on the platform.

Managing secure container deployments: By default, OpenShift prevents containers from running as root. In addition, OpenShift enables granular deployment policies that allow operations, security, and compliance teams to enforce quotas, isolation, and access protections.

Managing the secure container application platform: From Authentication to Authorization to Secrets Management, OpenShift integrates secure operational capabilities to ensure trust between users, applications, and security policies.

Secure container application platform on any cloud: OpenShift can be securely deployed across any cloud platform, including Bare-Metal, Virtualization, VMware, OpenStack, AWS, Azure, and GCP.

Defend the network: OpenShift provides secure multi-tenant networking and fine-grained network control. All traffic to the control plane is encrypted. Application traffic is encrypted with OpenShift Service Mesh.

Secure the data: OpenShift provides strong encryption controls to protect sensitive data including platform secrets and application configuration data. OpenShift optionally uses FIPS 140-2 Level 1 compliant encryption modules to meet security standards for US Federal departments.

Managing secure API endpoints and gateways: OpenShift integrates 3scale API Management platform to authenticate, secure, and rate-limit API access to applications and services.

Success Story


Macquarie

We can support peaks and high volumes of customers on the system–and grow—without drama. It’s a worry-free approach where everything works as expected, and we can monitor it all.

Luis Uguina, Chief Digital Officer, Macquarie

Watch video

Secure your container platform across the stack

Download technology brief

Ten Layers of Container Security