Home SecurityApplication Security How Visa built its own container security solution

How Visa built its own container security solution

by ethhack

Like many large enterprises, financial services giant Visa has embraced containerization technologies that enable companies to move from legacy monolithic apps to microservice-based application architectures that are easier to maintain, update and deploy at scale on cloud infrastructure. But splitting apps into microservices also comes with the challenge of ensuring the containers hosting the various parts are properly monitored and protected from attacks.

Instead of deploying a combination of commercial solutions and spending resources on getting them to work for its environment, Visa’s security team went back to basics and created its own continuous monitoring solution that handles security policy enforcement, incident detection and remediation, a project that earned the company a CSO50 Award for security excellence. Called MASHUP (Micro-services based Adaptive Security Hardening and Usage Platform), the solution takes advantage of the native capabilities that already exist on container orchestration platforms such as cgroups, filesystem access controls, and SELinux policies, and it is primarily built on top of open-source tools and libraries.

Build vs. buy

Several factors led Visa to create its own security platform rather than go with commercial solutions from established vendors.

For one, many vendors that offer security solutions designed for container-based infrastructure and containerized apps are start-ups, so those products might not yet meet the maturity standards that large organizations expect.

Other products might include the monitoring and protection for containers as part of a much larger feature set that some organizations don’t need. Visa wanted to prevent the kind of feature creep that comes with buying a product of which they would only use 10% the features.

Another big factor in Visa’s build vs. buy decision was development flexibility and agility. Having full control over its platform meant Visa could quickly implement new features requested by internal teams or change the product roadmap based on new priorities and strategies dictated by management. The ability to fix identified bugs quickly was also a factor.

Copyright © 2020 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment