In our recent webinar on air-gapped security, D2iQ VP of Product Dan Ciruli shared a new way of thinking about air-gapping, explaining how air-gapping could be applied in places that are not usually considered candidates for air-gapping.
In an exchange of insights with Paul Nashawaty, principal analyst at Enterprise Strategy Group, Ciruli explained how the need for air-gapped security has become more critical as more organizations move to the cloud.
As Ciruli points out, survey findings show that 87% of container images that get deployed contain critical vulnerabilities, which, he notes, is “a staggering number.”
The need to deploy air-gapped security is “a relatively new conversation” that is being driven by the widespread deployment of Kubernetes, which itself is relatively new, Ciruli explains. “Kubernetes and the move toward containers has really changed the way software gets deployed,” he notes.
In this climate, cybersecurity has become a major challenge for organizations, Nashawaty explains, “especially as they're looking to modernize and as they're looking to grow net new applications and existing applications.” Security breaches and attacks like ransomware can have a widespread effect, he notes, with “the entire ecosystem impacted by these challenges.”
Air-Gapping Comes in Many Shades
Although air-gapping can provide the strongest security, there is no single method of air-gapping. Or as Ciruli says, “It’s not a boolean, it’s a float.”
What this means is that there are many use cases and ways in which air-gapping can be performed, and deployment architecture can vary, depending on a number of variables.
To be fully air-gapped means to be completely isolated and disconnected from the Internet. You also can have intermittent connections to the Internet. As Ciruli points out, “There's a spectrum from fully air gapped to fully connected.”
Air-gapped use cases also vary. As Ciruli notes, Kubernetes is making its way from the data center to smaller and smaller clusters, and those clusters can be deployed in moving vehicles, including vessels at sea. In these instances, the clusters might have a limited time when they are connected to the Internet, such as when a ship is at port.
Paul Nashawaty notes that many commercial organizations believe air-gapping is only applicable to government networks. However, this is no longer true, he explains, because of the wide spectrum of use cases. As organizations modernize and deploy applications on Kubernetes in the cloud, he notes, “if you don't need to have those applications exposed, why expose them?”
How D2iQ Simplifies Air-Gapped Deployment
Ciruli explains why D2iQ customers like SAIC are able to quickly and easily deploy air-gapped environments. “As we were designing our software,” he says, “not only the way it runs, but the way it installs and the way it upgrades, we thought about air-gapped as a first class citizen.”
Because D2iQ had been working in the container orchestration space for quite a while, says Ciruli, “we understood a lot of the more high security and arcane use cases and realized that the ability to deploy air-gapping was going to be fundamental.”
Cluster API (CAPI) is an important enabler of easy air-gapped deployment within the D2iQ Kubernetes Platform (DKP). “With the cluster API as your primary API for interfacing with the serving infrastructure," Ciruli explains, “it makes it very consistent, it makes it very similar, and it means you get your speed to capability much, much faster.”
In closing, Ciruli invites his listeners to take advantage of D2iQ’s unique air-gapped capabilities and expertise. “When you're looking for a partner who can help you with this, especially when you've got interesting use cases, especially when you're thinking either hybrid or multi cloud, then I would say that we've got some unique capabilities on our side over at D2iQ.”
