Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Zettaset Launches Software-Defined Encryption for Kubernetes Environments

Kubernetes-specialist Zettaset has introduced software-defined encryption for Kubernetes-managed containers, improving DevSecOps, enhancing data protection, and enabling compliance.

Kubernetes-specialist Zettaset has introduced software-defined encryption for Kubernetes-managed containers, improving DevSecOps, enhancing data protection, and enabling compliance.

The use of Kubernetes is growing. A January 2020 survey by the Cloud Native Computing Foundation (CNCF) found that 78% of respondents are using a Kubernetes container orchestration and management platform within their enterprise (up from 58% last year). This increasing use of Kubernetes requires increased and more widespread data protection — and when it isn’t always clear exactly where data is stored (Kubernetes containers are maintained wherever it makes best sense to do so) encryption of that data is the best solution. 

Zettaset Logo

The fluid nature of cloud storage requires a software rather than hardware solution — and Zettaset has announced its software-defined XCrypt Kubernetes Encryption offering. “The rapid adoption of cloud-native technologies like Kubernetes is forcing IT teams and developers to reconsider the appropriate actions to secure data at-rest,” said Tim Reilly, CEO at Zettaset. “While Kubernetes is great for managing and orchestrating containers, it does not inherently address data protection.”

Secrets, included since version 1.7 of Kubernetes, allows for encryption of secret data, such as passwords, OAuth tokens, and ssh keys. But it doesn’t provide general encryption of data. “XCrypt Kubernetes Encryption,” continued Reilly, “will bring organizations beyond the base encryption functionality of Kubernetes Secrets to help safeguard all sensitive data in these emerging environments, not just tokens and passwords.” Secrets protects secrets, while XCrypt protects data.

Zettaset’s offering provides a granular approach to encryption for even complex Kubernetes environments. It integrates directly with Kubernetes with an encryption key for each container volume and automated encryption policy management. The three primary advantages in this approach are easing the transition from DevOps to DevSecOps, improving data protection, and ensuring data compliance.

DevOps is outstripping firms’ ability to build in security. “With XCrypt Kubernetes Encryption,” says Zettaset, “developers can focus on building applications and driving innovation without worrying about compromising your organization’s overall security posture.”

And with increasing data protection legislation around the world, such as CCPA and GDPR, adding to the already heavily regulated healthcare and finance industries, encryption becomes a foundational element of ensuring compliance.

Mountain View, Calif-based Zettaset, founded by Brian Christian, Jeffrey Krone and Michael Dalton in 2009, has raised $13 million in funding, including a $10 million series B funding round in January 2013.

Related: Security a Top Concern as Containerization Gathers Pace 

Related: Public Bug Bounty Program Launched for Kubernetes 

Related: Zettaset Enables Encryption of Data-at-rest in Hadoop 

Related: Misconfiguration a Top Security Concern for Containers

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility