The Red Hat security roadmap

Josh Bressers, security strategist for Red Hat, laid down the law for the current state and future of security at Red Hat in today’s roadmap session. When talking roadmaps, nothing is definite–Josh stressed that on several occasions and offered some guidance on when we might see some of these advancements. Still, nothing is certain until it’s certain.

5270987711_d18c4b98d0_b
Photo by Marc Falardeau

Foundation > Platform > Technologies > Usage

Security is big. Really big. Especially within the past year, we’ve seen lots of security issues and vulnerabilities exposed, freaked out over, and resolved. It’s on everyone’s mind and the answer to all of this isn’t a silver bullet. Security is not a single solution, but everything in your infrastructure working together–along with your users. If you don’t use it securely, it doesn’t matter how secure it is at the bottom.

Foundational security

Josh went into depth on the many technologies that Red Hat uses, throughout the stack, to make everything secure. There’s too much to cover in a single post, but I’ll hit some of the highlights.

The foundation of Red Hat Enterprise Linux has crypto, split into 3 major groups: maintenance, deprecation, and vision. Maintenance consists of security updates, bug fixes, certifications, and modification of defaults. Deprecation includes: watch research, proactive deprecation

And taking an active role looking at what’s out there and determining what people need, what they don’t need, and then taking away the unneeded to minimize attack areas.

A great example of this approach is the DROWN vulnerability, which attacked SSL v.2. This is something that many customers no longer use and ignore. Bad idea. Red Hat’s security approach is to disable this and look for other things to disable to keep our customers secure. Things have changed and the old approach of “Don’t need it? Forget it.” no longer works.

The third part of this, vision, is looking to the future, seeing what’s coming, and anticipating the security needed. Think new algorithms, better system management, and library improvements.

“You’re compliant for a day–if you’re lucky.”

Compliance is a big deal for some, but it’s going to be increasingly more important as we go forward. Red Hat spends a lot of time ensuring compliance so you have that much less to worry about when it comes to maintaining compliance in your business. Josh stressed that Red Hat knows how hard this is and is working to make it easier. 

“We’ll keep getting those certifications for you because we care and we know some of you need this. If we get these, we’re doing something right.”

Containers

6994968467_6e737f0925_b
Photo by Ian Brown

This is where things get interesting and exciting in the world of security. Containers are huge, obviously, and this technology is still very new. New technology doesn’t start our solid and Red Hat understands that. The security team is looking at solutions to keep your containers secure. Red Hat is giving you the ability to scan your containers before you ever run them. Look for problems, then run.

“Containers come from all over. Some you build. Some you find. Would you eat a sandwich you found on the ground?”

Regardless, if you did eat that sandwich and if you do run containers from who-knows-where, you can scan them, fix issues, and feel more secure. Red Hat CloudForms has this built-in. Try it, already. (But, seriously, don’t eat that sandwich, okay? )

Security
Photo by Henri Bergius

More security than you can shake a stick at

Like I said, Josh covered a lot. He talked network-bound disk encryption, SVIRT, SCAP, Red Hat documentation and response, as well as identity management. The session was recorded, so be sure to check that out once it’s posted to learn more.

One more thing

I’d be remiss if I didn’t mention smart analysis. To me, this is some of the coolest and more powerful stuff that Red Hat’s doing for our customers. Red Hat Insights is a proactive tool that can analyze your environment against our knowledge and provide feedback and suggested improvements and fixes. Think beyond security to performance, as well. It’s extremely powerful and will only get more so. Fix your to-be problems before they’re OMG problems.

CEO Jim Whitehurst opens Red Hat Summit 2016

27350369983_9d02380501_z

“Our ability to harness and distill the best ideas will determine human progress for the next century.”

Jim Whitehurst, Red Hat’s President and CEO, delivered the opening keynote to a crowd of more than 5,000 Tuesday morning. The 2016 Red Hat Summit theme: The Power of Participation. His message: Participation and innovation are tightly linked. Helping communities innovate beyond the sum of their individual members is the leadership challenge of our time.

Here’s why we should welcome our robot overlords

Richard
Richard Hulskes, co-founder of Wevolver, an online platform for collaborative hardware development

When Richard Hulskes (@Rieshuls), co-founder of Wevolver, was a kid, he spent endless hours building rockets and robots―often unsuccessfully. Today, he prints them.

Richard says hardware development is radically changing―in part because the open source mindset is moving to hardware. Wevolver users are building drones that explore the deep ocean, creating low-cost prosthetics, and even sending satellites into space.

But Richard’s favorite project on the Wevolver platform could benefit thousands of children.

Lessons using Ansible at J. Crew

Ansible, Ansible, Ansible. Oscar González, principal engineer at Sawyer Effect, gave a unique presentation today about J.Crew’s use of DevOps and Ansible Tower by Red Hat. As you may know, Red Hat acquired Ansible earlier this year and the addition has been phenomenal. Ansible gives your business simple, agentless automation technology.

“I’m a developer. I’m sorry.”

In 2015, Sawyer Effect was brought out to J. Crew to help improve their deployment process. They had a problem: A deployment would take 4-5 hours and had to be done overnight. What’s more, the entire process was like having a Rube Goldberg machine–lots of small moving parts which would, at some point, fail. The worst part of all of this was the toll it was taking on the teams. The human price was steep. Oscar likened this to Sisyphus–doing something over and over, learning nothing, not progressing, and keeping innovation from ever happening.

Something had to be done.

I’ll cut to the chase. J. Crew used Ansible, a DevOps approach, and their current tools and infrastructure to completely revolutionize their deployments. Oscar broke this down into 10 lessons.

At Summit: Elwin Loomis hails from the Store of the Future

27684460990_2cf5120602_c

Title says it all

Elwin Loomis isn’t your everyday Director of Engineering. In fact, he’s not the Director of Engineering. He’s Target‘s Senior Director, Store of the Future. This unique title is important to him, because it symbolizes doing things differently. And Loomis is all about doing things differently.

Elwin is an engineer, a creator, a doer. But he’s no longer just hacking code—he’s hacking culture. Doers like Elwin get to ask the questions that he was asking the Summit 2016 crowd:

“What does your ideal workplace look like? What is the work that you do? Who do you want to work with, mentor, and be mentored by? What causes do you support?”

How business used to be

In the past, if you wanted your business to grow large, it took considerable investment in physical and digital resources. Infrastructure was the barrier to entry that kept the competition at bay. For a retail business like Target, these barriers included the supply chain, real estate, and relationships with manufacturers.

Today, these barriers are breaking down. The internet and other technologies bring improvements to manufacturing, creating, and funding businesses that make it possible to start up cheaply. And the amplification effect—how Loomis describes the ability of small teams to behave like big teams through repeatable processes, self-service, and automation—lets even tiny organizations appear quite large. If big companies cannot match these nimble upstarts, they will die.

Open Source Stories short film series continues at Red Hat Summit

e-NABLE: An open source design, a 3D printed prosthetic hand, and a very happy child

Not long ago, Richard Van As, a carpenter in need of a prosthetic hand, had an idea. He contacted a special effects artist and puppeteer, and began working on a prototype that would revolutionize how prosthetics are made for young adults. What came of that idea—an affordable, 3D printed prosthetic that moves and articulates like a robotic hand—simply would not exist without the collaborative work of a team of dedicated open source makers.

We felt this was open source thinking at its best. So we made a movie about it.

Stop by the Open Source Stories Theater at Red Hat Summit (Moscone West, Level 3) to see our award-winning short, e-NABLE: Open technology, faster progress.

Summit sneak peek: Container and object storage

Storage, containers, and objects

Isn’t it funny how storage, containers, and objects mean something quite different in the IT world than they do in everyday life? You can find all 3 at Red Hat Summit in San Francisco. Key announcements at this year’s event include object storage with Red Hat Ceph Storage, and container-native storage with Red Hat Gluster Storage. Learn more about new features, enhancements, and technology previews at the Red Hat Storage Blog.