Open source security approaches enable organizations to secure their applications and networks while avoiding expensive proprietary security offerings.
An open source approach allows organizations to secure their applications across cloud providers and other platforms using platform-agnostic APIs. These APIs are written by contributors to the open source software code while cloud providers may use open source code that allows the open APIs to connect to the cloud.
Open source approaches, for security or not, also bring in collaboration across an industry. It isn’t just one organization that benefits from a program or technology, but everyone who contributes to and uses it.
The open source projects and programs used as examples in this article come from two major open source entities: The Linux foundation and the Cloud Native Computing Foundation (CNCF). The two also work closely together to further the projects under their purview.
Open source security approaches include encryption, software-defined security orchestration, secure software update systems, cloud-native policy control, and cloud-native runtime security programs. This list is not exhaustive but is meant to provide a look at a selection of foundational to specific security elements that have open source options
Encryption-Enabled Open Source Security — Let’s Encrypt
Encryption is the foundational element of cybersecurity. It is used in both open source and proprietary applications and services. It is where legible data, known as plaintext, is converted into ciphertext, which can’t easily be accessed by someone or something not authorized to view the data. Typically, there are two types of keys used in encryption, public and private. They are algorithms used to turn plaintext into ciphertext and back.
The open source program Let’s Encrypt from the Internet Security Research Group (ISRG) is an open source program that uses encryption. Let’s Encrypt is an open source certificate authority (CA). The Let’s Encrypt CA allows server administrators to set up an HTTPS server and automatically have the server be certified as browser-trusted. It is capable of domain validation in addition to certificate issuance and revocation.
Software-Defined Security Orchestration — Open Security Controller
Software-defined security orchestration is used in many networks as a way to automate the deployment of virtualized security functions. For example, the functions could include next-generation firewalls (NGFWs), intrusion prevention systems (IPSs), and application data controllers. Automation is a major aspect of SDNs such as in data centers or SD-WANs.
Network administrators can use software-defined security software to centralize and automate security tools. This virtualized form of security can be used in the data center or SD-WAN.
Virtualization makes the security functions automatically scalable. It also decouples the security functions from proprietary hardware devices in favor of commercial off-the-shelf white boxes. The latter type of device is commonly associated with open source programs because open source is another way to avoid proprietary products.
The Open Security Controller (OSC), from the Open Security Controller Project, has several functionalities. They include:
- Automation and orchestration of virtualized security functions.
- Centralized coordination of security policy across multiple cloud environments.
- Abstraction for infrastructure interactions for security managers.
- Dynamic autoscaling of security services.
- No vendor lock-in.
- Policy alignment to application workloads.
- Separation of duties
Virtualized security functions from multiple vendors can be fully provisioned, de-provisioned, and distributed within the network perimeter by using the OSC. This controller coordinates security policies that determine the security functions’ behavior across multiple SDN environments.
The OSC is an abstraction layer between the security function managers. The managers do not have to be integrated into every SDN controller or virtual infrastructure manager (VIM) in an organization’s network.
Depending on workload requirements, the OSC can scale up or down the instances of the security services to ensure workloads are kept secure. The open source nature of the OSC means that it has an open API model that allows it to work with any vendor’s security functions or SDN controllers.
Cloud Native Policy Control — Open Policy Agent
An organization uses policies that control cloud-native applications, processes, and management to ensure uniform behavior of code across cloud deployments. It is an automated way to ensure all programs do the same thing in a given situation.
Automation can also extend to deployment and policy enforcement in order to reduce human error. For example, as more microservices are added to an application, automated policy integration ensures the same exact policy code is applied to the new microservices instead of administrators manually configuring policies and make mistakes in the process.
By using an open source policy control system, an organization can have policy software that is agnostic to the products and services it uses. This limits the amount of different languages and APIs an organization would have to use in a diverse environment.
The Open Policy Agent (OPA) from Styra decouples policy decision making from policy enforcement. It uses a high-level declarative language so policy can be written as code and simple APIs can take over the task of policy decision making from the software. When software needs to make a policy decision, the software sends the OPA data about the scenario. The OPA creates policy decisions after reviewing policies and data and comparing those to the data it received as an input. The output is an answer to what the software should do, given the circumstance.
The cloud-native aspects of the OPA are that it can be used with microservices, Kubernetes, and continuous integration and continuous delivery (CI/CD) pipelines.
Cloud-Native Runtime Security — Falco
Cloud-native runtime security is security used by applications made for the cloud. This kind of security is used to ensure that an application’s running workloads are not tampered with.
The open source project Falco, originally developed by Sysdig, is primarily used for threat detection in Kubernetes. It detects abnormal application behavior and sends alerts while applications are running. Falco is able to continuously monitor and detect container, application, host, and network activity.
Falco is deployed as a long-running daemon. It is configured through two files. First is a rules file that tells Falco what to look for. The second is a general configuration file. The rules file is written in a language humans can read. Rules are written in a more general, high-level way that outlines the conditions that should activate an alert.
- Open source programs are typically platform-agnostic, allowing them to be used in nearly any cloud and run with any application.
- Encryption is a fundamental security feature.
- Open source programs like Let’s Encrypt use encryption to ensure website domains and other programs have secure communication protocols.
- Virtualized security functions are best used with software-defined security orchestration because that brings out benefits like automation and function scalability.
- By using an open source update system framework like TUF, attackers have a harder time manipulating the update system and corrupting software.
- An open source policy controller works across clouds and platforms and enables application policies to be more uniformly applied and enforced in those environments.
- A modern open source runtime security program can better protect a cloud-native application because it can work with many cloud-native applications across multiple clouds.