Portshift Extends the Security of Pods with Simplified PSP Deployment

By on

According to a new press release, “Portshift, a leader in identity-based workload protection for cloud-native applications, today introduced a simplified and intuitive pod security policy (PSP) implementation for Kubernetes. Portshift’s PSP implementation allow users to harden their Kubernetes clusters security settings, with an agentless approach eliminating the need to deploy a daemonset (software agent) on all Kubernetes nodes. Portshift’s PSP solution simplifies the way administrators configure and use policies by enabling users to define granular policies (per pod/group of pods) based on potential risk even when they share the same service account attributes. With this capability Portshift enables the setting of flexible secured deployment configuration policies free of the need to tie it with the Kubernetes RBAC mechanism and service account granularity limitation.”

The release continues, “Kubernetes pod security policies provide a framework to ensure that pods run only with the assigned privileges, with access only to predetermined resources (e.g. volumes and network). Security and DevOps teams operating Kubernetes clusters leverage them to control pod creation with the desired security context. Kubernetes role-based access control (RBAC) is used together with PSP to verify that the pod’s security configuration meets the defined policy. However, there are several limits to implementing Kubernetes policies, including overlapping policy conflicts and the inability to deliver granular security in a complex K8s environment at scale. With this release, Portshift adds a simple and intuitive policy layer of security to pods solving duplication conflicts and RBAC constraints, allowing users to configure their desired security settings from predefined PSP profiles or to use their home-grown profiles.”

Read more at PRweb.

Image used under license from Shutterstock.com

We use technologies such as cookies to understand how you use our site and to provide a better user experience. This includes personalizing content, using analytics and improving site operations. We may share your information about your use of our site with third parties in accordance with our Privacy Policy. You can change your cookie settings as described here at any time, but parts of our site may not function correctly without them. By continuing to use our site, you agree that we can save cookies on your device, unless you have disabled cookies.
I Accept