DevSecOps is a Process... A Continual One...
Security really is a process and not a series of products. We point to a series of recommended processes and best practices and point you to recommended products and services that simply get the job done. Done does not mean complete. Done means at that point in time. As the goalposts move, you have to be prepared to move with them.
We have left-shifted the security at both compile time and at run-time with Kubernetes Cluster security checks of running pods, run-time policy checks of attempted access within and external to the Kubernetes Clusters , and continuous Docker image scanning for common vulnerabilities and exposures (CVE) using quay.io.
As an open source provider, our wide use of open source components mandates a complete and thorough vulnerability and exposure scanning at source code compile time and subsequent Docker images builds of our Active-Active multi-cloud applications.
Additionally, for Risk Assessment purposes, all of our supported Docker images that we deliver are continuously scanned for Common Vulnerabilities and Exposures (CVE). Our Docker images are only built with carefully-controlled Red Hat Universal Base Images (UBI), providing a strong foundation using Red Hat software. When new vulnerabilities or exposures are identified, we will proactively alert your team and assist you by providing an updated image from our Eupraxia Labs Container Catalog (ELCC) on Red Hat's Quay.io registry .
We also shift left in the CI/CD cycle by deploying advanced security in your Kubernetes Clusters using Alcide.
Our CyberSAFEContinuum umbrella of solutions provides a series of applications distributed across multiple Cloud Service Providers (CSP), hybrid, or an on-premise private cloud that:
Includes a world class Identity and Access Management (IAM) product - XtremeCloud Single Sign-On (SSO) that also protects its own microservices endpoints with OAuth2 flows, as well as any third-party or homegrown APIs. With our latest 4.0 release of XtremeCloud SSO, we support FIDO2 and WebAuthN to allow passwordless logins. Strong authenticators like WIndows Hello, Apple TouchID, and the Yubico Yubikey are fully supported.
Includes relational databases that provide bi-directional replication (BDR) Active-Active multi-master replication (MMR) - XtremeCloud Data Grid-db with data-at-rest security provided by the Cloud Service Providers (CSP) with Hardware Security Modules (HSM).
A transport-level secure XtremeCloud Data Grid-web for fully distributed and replicated caches.
Provides a Lightweight Directory Access Protocol (LDAPv3)-based directory user store that provides: application settings, user profiles, group data, policies, and access control information - XtremeCloud Data Grid -ldap.
Provides integration with Microsoft Active Directory (AD) for federated user identity management.
Provides a clean Kubernetes Cluster, using Alcide, that dramatically reduces the surface attack vectors that can be exploited by malicious code.
With our deep knowledge of the various Cloud Service Providers (CSP) including Microsoft Azure, Google Cloud (GCP), Oracle Cloud (OCI), and Amazon Web Services (AWS), we can provide you with, or assist you with, the myriad of multi-layer security capabilities that are available to you.