Open-software powerhouse Red Hat has struck a deal to buy StackRox, a developer of container and Kubernetes-native security that Red hat will use to boost the security capabilities of the Red Hat OpenShift hybrid cloud platform.
The acquisition comes as the adoption of container technology in general – and Kubernetes in particular – for cloud-native applications within production IT environments is accelerating.
It also comes on the heels of a massive cybersecurity breach that has impacted government agencies and leading IT vendors and raising concerns among many IT managers about potential vulnerabilities.
Red Hat said it expects to complete the acquisition during the first quarter of 2021, subject to customary closing conditions. The terms of the deal, including its price tag, were not disclosed.
StackRox develops the StackRox Kubernetes Security Platform that is used by DevOps and DevSecOps teams to secure the cloud-native application stack and operationalize full container life-cycle security.
The addition of the StackRox capabilities to OpenShift will help businesses and organisations to build, deploy and secure open applications across hybrid cloud environments, Red Hat said.
In the acquisition announcement, Red Hat cited a Gartner statement that container usage for production deployments in enterprises “is still constrained by concerns regarding security, monitoring, data management and networking.”
“Securing Kubernetes workloads and infrastructure cannot be done in a piecemeal manner; security must be an integrated part of every deployment, not an afterthought,” said Red Hat President and CEO Paul Cormier in a statement.
“Red Hat adds StackRox‘s Kubernetes-native capabilities to OpenShift’s layered security approach, furthering our mission to bring product-ready open innovation to every organization across the open hybrid cloud across IT footprints,” Cormier said.
The Red Hat statement said that StackRox software provides visibility across all Kubernetes clusters, by directly deploying components for enforcement and deep data collection into the Kubernetes cluster infrastructure, reducing the time and effort needed to implement security, and streamlining security analysis, investigation and remediation. The StackRox policy engine includes hundreds of built-in controls to enforce security best practices, industry standards such as CIS Benchmarks and NIST, and configuration management of both containers and Kubernetes, and runtime security.
With StackRox, Red Hat said it will “focus on transforming how cloud-native workloads are secured by expanding and refining Kubernetes’ native controls, as well as shifting security left into the container build and CI/CD phase, to provide a cohesive solution for enhanced security up and down the entire IT stack and throughout the lifecycle.”
The StackRox platform already supports the Red Hat OpenShift environment along with other environments including the AWS Elastic Kubernetes Service, Microsoft Azure Kubernetes Service and the Google Kubernetes Engine. Red Hat said it will continue to support those systems.
“We‘re thrilled to join forces with Red Hat, coupling the industry’s first Kubernetes-native security platform with the leading Kubernetes platform for hybrid cloud, multi-cloud, and edge deployments,” said StackRox CEO Kamal Shah in the statement. “This is a tremendous validation of our innovative approach to container and Kubernetes security. Red Hat is an ideal partner to accelerate our vision of enabling organizations to securely build, deploy and run their cloud-native applications anywhere.”