Securing Multi-Cloud Environments with Anchore

Introduction

Many organizations today are currently leveraging multiple cloud providers for their cloud-native workloads. An example of such could be, a mix of several public cloud providers such as AWS, GCP, or Azure. Or perhaps a combination of a private cloud such as OpenStack, along with any public cloud provider. By definition, multi-cloud is a cloud approach which is made up of more than one cloud service, from more than one cloud vendor (public or private). At Anchore, we work with many users and customers who are faced with the challenge of adopting an effective container security strategy across the multiple cloud environments that they manage.

Anchore is a leading provider of container security and compliance enforcement solutions designed for open-source users and enterprises. Anchore provides vulnerability and policy management tools built to surface comprehensive container image package and data content, protect against security threats, and check for best-practices. All of this is wrapped in an actionable policy enforcement engine and language capable of evolving over time as compliance needs change. Flexible and robust enough for the security and policy controls regulated industry verticals need to effectively adopt cloud-native technologies at scale.

Deployment

Both Anchore Engine and Enterprise are shipped and delivered as Docker containers, providing tremendous deployment flexibility across every major public cloud providers managed Kubernetes service (Amazon EKS, Azure Kubernetes Service, Google Kubernetes Engine), container platform (Red Hat OpenShift), or on-premise.

Container Registry Support

Anchore natively integrates with any public or private Docker V2 compatible container registry including the major cloud providers (Amazon ECR, Google Container Registry, Azure Container Registry), or on-premise installations (JFrog Artifactory, Sonatype Nexus, Docker, etc.).

Continuous Integration

Anchore seamlessly plugs into any CI system, providing users with pre-production security, compliance, and best-practice enforcement checks directly in their CI pipelines. Users and customers can use Anchore’s native plugins for Jenkins and CircleCI, or integrate into the CI platform of their choice (Amazon CodeBuild, Azure DevOps, TravisCI, etc.).

Kubernetes Admission Control

Anchore provides an admission controller for Kubernetes to gate pod execution based on Anchore analysis and policy evaluation of image content. It supports three different modes of operation allowing users to tune the tradeoff between control and intrusiveness for their environments. Anchore Kubernetes Admission Controller supports integrations with the major cloud providers managed Kubernetes services as well as on-premise.

Multi-Tenancy Support

Anchore Enterprise provides full Role-Based Access Control functionality, allowing organizations to manage multiple teams, users, and permissions, all from a central Anchore installation. Security, Operations, and Development teams can operate separately. Maintaining full isolation of image scan results, policy rule configurations, and custom reports.

At Anchore, we understand the benefits of an effective multi-cloud strategy. However, we are also aware of the challenges, and risks development, security, and operations teams face when securing workloads across clouds. By utilizing a CI and container registry agnostic platform, Anchore users can easily adopt a refined container security and compliance practice across all of their public and private cloud environments.

Sign up for news and updates

The Anchore Drop is a newsletter that helps you keep up to speed with new features, tips & tricks, articles and more.  Just enter your name and email and we will take care of the rest.

Leave a Comment

Your email address will not be published. Required fields are marked *