Luna HSM: TalkingTrust Video Series

Luna HSM: TalkingTrust Video Series

Secure your devices, identities and transactions with
Thales Luna HSMs and ecosystem partners – the foundation of digital trust

TalkingTrust with Thales and Red Hat - Securing Containers and DevOps

TalkingTrust with Thales and Red Hat - Securing Containers and DevOpsContainers and DevOps are being embraced as critical elements of enterprise digital transformation strategies, as this new paradigm provides development teams with an efficient way to build and deploy applications across hybrid cloud environments at scale. Red Hat and Thales have partnered to enable the benefits of DevSecOps to ensure code runs securely and data can be protected effectively. Thales and Red Hat discuss in this video how to enable a secure and scalable DevOps platform to deploy new services efficiently.



Join Red Hat and Thales in a discussion about how Containers and DevOps are critical elements of enterprise digital transformation, and how they have partnered to ensure code runs securely and data can be protected effectively.

David Madden, Director of Business Development at Thales
Cameron Skidmore, Associate Solutions Architect at Red Hat

Review all integrations and supporting documents for Thales with Red Hat.
Thales Technology Partner:

Partner website:

Red Hat


Video Transcript

TalkingTrust Series – Thales and Red Hat - Securing Containers


00:10 Hello.

00:11 My name is David Madden from Thales and

00:14 I'm here today to talk about securing

00:16 containers and DevOps.

00:17 We're glad to have Cameron Skidmore,

00:20 Associate Solutions Architect at Red Hat

00:22 with us,

00:22 who's an industry expert in containers

00:24 and open source,

00:26 to help us understand the critical and

00:28 emerging market. Microservices and

00:30 containerized architectures are being

00:32 embraced as a critical element of

00:34 enterprise digital transformation,

00:36 as a container platform offers

00:38 developers teams an efficient way to

00:40 build and deploy

00:41 apps across hybrid cloud environments

00:44 really at scale.

00:45 However, what is missing typically is a

00:47 security element.

00:49 Red Hat and Thales can help ensure

00:51 code runs securely

00:53 and data can be protected effectively. So

00:56 today

00:56 as a result of all of this we're going

00:58 to talk a little bit more about how Red

01:00 Hat and Thales

01:00 can enable a secure and scalable DevOps

01:04 platform to

01:05 deploy services. So with that let's get

01:07 started

01:08 with a short history and background on

01:10 DevOps containerization.

01:11 Cameron, can you share a few details with

01:14 us so we can better understand?

01:16 Sure Dave, I'd love to. So this idea of

01:19 DevOps I think it really

01:21 came out of a need to solve a problem

01:23 and that problem was that code just

01:25 wasn't getting

01:26 built and even deployed quick enough

01:30 and that there was this massive

01:31 inefficiency in the process.

01:33 For me the best way I know how to kind

01:35 of describe this within a metaphor

01:37 is it's like a relay race right with

01:39 batons. And, you've got one runner

01:42 running up to hand it off to the next

01:43 runner but of course the other runner

01:45 starts running before they get there

01:47 so both are kind of working together in

01:49 that moment and there's not this hard

01:50 stop,

01:51 where the person has to from nothing

01:53 start with the baton again.

01:55 I think it's a similar kind of idea with

01:58 DevOps because

01:59 you want there not to be this hard

02:02 demarcation point

02:03 where the Dev team then has to throw

02:05 code over to the Ops team

02:07 and it just kind of creates this massive

02:09 amount of 

02:11 inefficiency in the process right? Yeah

02:15 and I think that you know this is

02:16 something people have been working on

02:18 for a while. DevOps isn't really

02:19 a new idea at this point but there's a

02:21 lot of let's say technological

02:23 innovation going on right now, right?

02:25 There's a whole lot of stuff in the

02:26 field of automation

02:28 in cloud technology and I think

02:31 you and I talked about this before, but

02:33 DevOps is really a function of

02:35 the cultural adoption of DevOps. But then

02:38 you got to combine that with all this

02:39 technology

02:40 and the primary technology being adopted

02:43 to drive that

02:44 is really the automation. And that's kind

02:47 of what

02:47 you know add those two together and

02:49 you're gonna end up getting

02:51 the amount of success that your teams

02:53 are looking for in DevOps.

02:56 Makes sense. So how are modern

02:58 organizations then leveraging

03:00 open source DevOps and containers as a

03:02 core part of these digital

03:04 transformation plans? Sure that's a great

03:07 question

03:08 and when you're talking about the 

03:10 digital transformation or you're talking

03:12 about things like IoT

03:13 or cloud, fundamentally more and more

03:16 what I think that

03:17 ends up being is a conversation around

03:20 container technology

03:21 right? Because all these are kind of

03:23 converging within that and the container

03:25 technology

03:26 is different than legacy infrastructure

03:29 because,

03:29 and we were talking about this before,

03:31 but it was built

03:33 with DevOps already in mind. Right.

03:35 We can

03:36 see that and how they put together

03:38 these solutions and these technologies.

03:40 It's not where you're having to, you know,

03:42 shoehorn the teams to work together in

03:44 ways that

03:44 the environment was never designed to.

03:46 It's more about

03:48 from jump, you can see oh it's the you

03:50 know, the Devs teams are flowing really

03:52 well into the Ops team

03:54 and it's just kind of a natural

03:56 progression from that.

03:58 And so I read how we talk about the

04:00 digital transformation a lot

04:02 and DevOps is really key to digital

04:04 transformation

04:05 because fundamentally with digital

04:08 transformation

04:09 that's something where the

04:12 the company itself right is trying to

04:15 reinvent their processes, their business

04:17 processes. They're trying to

04:19 put technological innovation first and

04:21 foremost

04:22 and I think at first when people hear

04:25 digital transformation, they may think

04:27 okay we're going to transform digitally.

04:28 We're going to move into the

04:30 the cloud space. We're going to adopt

04:33 all this technology

04:34 but it's not just one big sprint, it's

04:36 more of a marathon.

04:38 Right. You're going to have

04:39 to constantly

04:41 get your developers what they need and

04:42 keep the pace up over

04:44 the next year and decade even.

04:47 And there's going to be a huge

04:48 advantage for companies that are able to

04:49 do that and

04:50 leverage this kind of technology.  Makes

04:53 sense.  And so it sounds like

04:55 you know development, IT, operations

04:58 they're going you know from a service

05:01 provider approach to almost a core part

05:03 of the whole digital value creation

05:05 process.

05:06 So, this is really now a core asset of

05:08 any business in a digital economy

05:10 would you agree Cameron? I certainly

05:12 would agree,

05:13 and I think that also a

05:16 big aspect of maybe

05:20 the perceived risk going into this new

05:22 paradigm especially with all this new

05:24 technology,

05:25 is that there's this hesitation

05:29 on the part of, well maybe I don't really

05:31 know everything about

05:32 Kubernetes or I don't know everything

05:34 about

05:34 how security works in Kubernetes.

05:37 We found in our

05:38 research is that a big blocker for this

05:40 digital transformation

05:41 is mainly those two things.

05:45 Which is why I think it's really

05:46 important for companies like Thales and

05:48 Red Hat to work together

05:49 because helping meet people where their

05:53 IT skills are and you know implementing

05:56 top tier enterprise ready

05:58 security on top of it, I think that we

06:00 can really

06:01 lower the barrier to entry for digital

06:03 transformation together.

06:07 Makes sense. So in terms of 

06:10 security

06:11 it's like a platform

06:13 almost and then leveraging

06:15 Red Hat really drives things as a

06:17 platform where

06:18 you can you can take these elements and

06:21 apply them in

06:22 across your organization if you will, so

06:24 it enables things.

06:26 Obviously if it's not there

06:28 you've got a considerable risk

06:30 from both your platform running

06:32 smoothly,

06:33 efficiently as well as making

06:35 sure things you're not

06:37 missing an element as you roll from

06:40 development to

06:41 production. So how would you

06:44 architect this with Red Hat open

06:47 shift,

06:48 and how do you implement it across

06:49 containers? Can you describe

06:51 a little more detail for us?  Yeah

06:53 absolutely, I can give a quick flyby of

06:55 the architecture behind OpenShift.

06:57 So as it always does it really starts

07:00 with the OS.

07:01 Our goal with the OS that all

07:03 this is going to be running on

07:05 is to give you the ability to draw from

07:08 any kind of platform right,

07:09 if it's your own personal data center,

07:12 if it's a cloud environment, we want

07:16 it to feel all like it's cut from the

07:18 same piece of cloth,

07:19 right?  Because that's going to also help

07:21 this cooperation in DevOps without

07:23 everybody having to

07:25 work with different types of you know

07:28 starting points and core OS

07:30 How we've been able to do that

07:33 and core OS

07:34 for the points of security here, it's

07:36 it's a very

07:37 special operating system because for one

07:39 it can scale of course but

07:41 for two it's designed with the smallest

07:44 amount of surface area for attack

07:45 possible.

07:46 And once it's built it can't really be

07:49 altered. So it's unalterable as an OS,

07:51 makes it very secure from a security

07:53 point of view.

07:56 The only other the really quick main

07:58 point that I also want to make

08:00 is that Kubernetes is OpenShift. I

08:03 think sometimes people hear OpenShift

08:04 and they're like OpenShift versus

08:06 Kubernetes, but really OpenShift

08:08 is built on top of Kubernetes.

08:10 That's really the movement

08:12 behind it we just have a lot of other

08:14 things to again going back to what we

08:16 were saying before,

08:17 perceived lack of talent on

08:21 the part of

08:21 certain companies wanting to adopt this

08:23 technology that's why we built OpenShift.

08:25 We

08:26 make it easier to install wherever you

08:27 want to install it.

08:29 We make it easy whether it's in a

08:31 cloud or an on-premise environment.

08:33 Auto scaling is determined through

08:37 the actual OpenShift GUI, so it's a lot

08:39 simpler and a lot more approachable.

08:42 We even have one-click updates as

08:45 well, so you're not constantly

08:47 tasking your administrators with the

08:49 kind of overhead

08:50 that might come with administering a

08:52 Kubernetes vanilla

08:56 environment all by themselves. 

08:58 That's another big part of it.

09:00 We also have services that exist like

09:03 code ready workspaces

09:04 and Istio service mesh and all these

09:07 other things to kind of help round out

09:09 the sharper edges of Kubernetes

09:10 environment that you might have just on

09:12 its own.

09:13 I think that's an important point as

09:14 well.  We kind of lay that out here in the

09:17 in the in the top section with the

09:19 application services and stuff,

09:21 but yeah, Kubernetes effectively

09:24 deployable in the enterprise by

09:26 providing all these

09:28 you know Red Hat value ads beyond just

09:30 the core OS.

09:31 Absolutely, and that's really

09:34 why people have kind of gravitated

09:37 toward OpenShift and we've been

09:39 working on this offering in parallel

09:41 with Kubernetes for five years now. We've

09:43 been an active participant

09:45 in the Kubernetes upstream. Kubernetes is

09:48 of course open source; you can't think

09:50 Red Hat without thinking open source, so

09:52 we've been on this and we've really

09:54 been trying to make it

09:56 as approachable, easy, safe and

09:58 secure as possible. You know just

10:00 taking an open source project off the

10:02 shelf there's a whole lot of

10:04 worry that can happen with that as far

10:06 as it being enterprise and hardened and

10:08 secure behind it. So we do offer of

10:10 course things like

10:11 continuous security patches as well

10:15 which is kind of standard for any of the

10:16 open source enterprise offerings at this

10:18 point.

10:20 Brilliant. You know one thing I heard the

10:22 other day I thought was interesting from

10:23 our friends at IDC.

10:25 They found that teams that were

10:26 leveraging

10:28 OpenShift and your OpenShift container

10:30 platform

10:31 and using application

10:33 delivery and DevOps were in much better

10:35 position to use software

10:36 innovation agility to impact their

10:38 organizations in their response to the

10:40 crisis

10:41 as they were able to roll out these new

10:43 releases in a much shorter time

10:45 and help drive the shift to their

10:47 digital business from you know

10:49 physical businesses. I thought that

10:50 was a really interesting thing and what

10:52 you're giving them here is

10:53 the tools to enable them to do that as

10:54 you say. People don't necessarily have

10:56 all the skills and capability

10:58 in that previous slide. That was the

10:59 number one issue, along with security,

11:01 in making sure people can move to a

11:03 digital world.

11:04 You're just helping them you know

11:06 given that roadmap if you will,

11:08 and all the tools to get there

11:10 quickly and efficiently.

11:11 Absolutely. We want to make people feel

11:14 safe to move 

11:14 quickly, I think would be the best way to

11:16 describe OpenShift.

11:18 We want you to be able to innovate

11:19 quickly, to answer whatever

11:21 comes your way, like for example, the

11:23 pandemic. Which I love hearing that. It

11:25 really

11:26 makes me proud to work at Red Hat with

11:27 examples like that.

11:29 But that's the key, you want to be

11:31 able to feel like you're not

11:33 sticking your neck out every

11:34 time you really sprint forward in your

11:36 own digital

11:37 innovation and creating these new

11:38 digital assets.

11:41 So yeah, absolutely cool. So I guess to

11:44 your point, these are

11:45 digital crown jewels if you

11:46 will, as you're changing your whole

11:48 business and putting it online.

11:50 So how are we going to approach security

11:51 together with Red Hat, 

11:53 and how can we help customers prepare as

11:56 they build their

11:57 containerized environments?

12:00 Yeah absolutely. So we've spoken

12:04 already about

12:05 DevOps, but it's something that you

12:08 know we've been working on

12:09 lately and especially with Thales as well

12:11 is this idea of DevSecOps.

12:13 So the question becomes,

12:15 we've broken the silos down over the

12:17 last decade especially with the

12:18 automation technology

12:20 of developers and ops people, but

12:24 where does security fit in that

12:25 message? So in order to kind of

12:28 answer that, we've been developing out

12:30 DevSecOps as a as kind of philosophy,

12:33 but also something to hang the

12:34 technology on,

12:36 and it's a framework that focuses again

12:39 on what's most important on speed of

12:41 innovation.

12:41 But making sure that speed of

12:43 innovation is working in step

12:45 with the security team and not just you

12:48 know stepping on each other's toes as it

12:49 were right,

12:52 because we've seen that you're right.

12:53 Cameron, you know where you know dev

12:55 developed something,

12:56 then they try and get it to operations

12:58 but security pops in at the last second

12:59 says wait a minute.

13:00 You know you got to go back to square

13:02 one if you will

13:03 because the code isn't secure and of

13:06 course then they have to redo it whereas

13:07 if as you say if it's all part of that

13:09 that DevOps process you know as you say

13:12 DevSecOps.

13:13 It flows together and you don't have

13:15 those hiccups at the

13:17 in the last you know yard right?

13:20 Absolutely,

13:20 and I was just on a caller earlier

13:22 today Dave,

13:24 and we were talking about security

13:26 and we made the point

13:28 where Red Hat really isn't a security

13:30 vendor. We're not trying to be. We're

13:31 trying to be the platform and the tools

13:33 and the

13:34 infrastructure to build out whatever you

13:35 need, but we really do need the partner

13:37 ecosystem with partners like Thales

13:39 who can step in and fill out the

13:42 parts of this

13:43 DevSecOps pipeline to really bring

13:46 it to next level security and make

13:47 it ready for the enterprise.

13:49 I think a big question that a lot of

13:51 people have

13:53 about hesitancy to digital

13:55 transformation, security was one of them.

13:57 I think people feel really safe in their

13:58 legacy environments because they know

14:00 how to get the compliances they want

14:02 and how to do that, and when this new

14:05 kind of paradigm with cloud native

14:07 Kubernetes, they're like I don't really

14:08 know.

14:09 How is this going to get me there?

14:11 I think that's what Thales

14:13 can really bring to the table. Do you

14:15 want to talk any about how

14:17 Thales is helping fill out the

14:19 security points along this

14:21 DevSecOps? That would be great

14:24 actually.

14:25 And, you know to your point, we've

14:27 seen that time and again where

14:28 you know somebody's ready to roll

14:30 something out and you know they go, wait

14:32 a minute…

14:32 I'm not putting my crown jewels online.

14:35 Are we going to make sure this

14:36 is going to still be compliant?

14:38 Are we going to meet GDPR? All

14:40 these standards, PCI,

14:42 and that's as you know that's what

14:44 we've been doing for the past 20 years.

14:46 And so you know as you say we're a

14:48 partner focused on security,

14:50 we've done it in the old world you know

14:52 together with Red Hat, we're helping to

14:53 move to a digitally transformed

14:55 modern world and really what Thales does

14:57 when you look at this

14:58 is we provide a couple of core elements

15:01 that integrate through your open API’s

15:04 and open source from Red Hat

15:05 and OpenShift in your container

15:07 platform where

15:08 we sign the containers, make sure

15:11 that they're

15:12 the ones that they're supposed to be,

15:13 that they haven't been you know

15:15 tampered along the way or over time. 

15:17 You prove that they're from

15:19 your enterprise entity. We've got

15:22 the processes to do that

15:23 in a secure manner. We also help with

15:26 managing keys,

15:27 protecting sensitive data, you know

15:29 credit cards, personal information,

15:32 or even just private data you

15:34 want to make sure that stays private

15:36 even if it's being stored up in the

15:38 cloud or in a hybrid cloud environment.

15:40 So as you look through this process that

15:42 Cameron has here you know

15:44 in the flow, our goal is just to tie into

15:47 that whole platform that Red Hat is

15:49 offering with OpenShift and your

15:52 automation

15:52 to make sure that you can not only

15:54 automate you can automate at scale

15:56 because now with these secure hardware

15:59 routes of trust storing keys

16:00 protecting them it enables you to scale

16:03 your DevOps

16:05 in a way that gets rid of the manual

16:08 interrupts to make sure, can I sign this

16:10 code, who can sign it?

16:11 If this has already been configured in

16:13 advance it all flows smoothly

16:15 you know around the world and really

16:17 protects against fraudulent keys and

16:19 usage.

16:20 Our goal is really to help work with

16:23 Red Hat to enable our enterprise

16:25 customers together

16:27 to scale their existing assets to the

16:30 cloud, modernize them,

16:32 and then move them to a micro service

16:34 and containerized environments. And

16:36 we really appreciate the partnership,

16:38 together we've got

16:40 thousands of enterprise customers that

16:41 are doing this and really our goal is

16:43 just to

16:44 hopefully make their lives a little

16:45 easier and a little more secure

16:48 as they take this migration to

16:50 the cloud and

16:51 digital transformation. Absolutely. Anything else

16:54 you want to add

16:55 Cameron that I might have missed? I

16:57 think I'm good. I just want

16:58 to kind of hammer home this ecosystem

17:00 and that you know

17:01 this, there's no silver bullet

17:04 when it comes to answering these

17:05 questions of DevSecOps and

17:07 digital transformation. It's best

17:09 practices right,

17:10 to have secrets management handled by a

17:12 third party like Thales.

17:14 So I think it's a strong message to

17:17 have

17:17 to present all this together in united

17:19 front and help people feel confident to

17:21 take that next step toward digital

17:22 transformation.

17:24 Great. Well Cameron, I’ve got to say on

17:26 behalf of all of us here at Thales and

17:28 our customers listening today,

17:29 thank you very much for coming on

17:31 as our expert from Red Hat to

17:33 explain containers DevOps, DevSecOps and

17:37 a little more detail

17:38 with us. If people have more

17:40 questions, I'm sure they do because

17:42 this is really just a high level to give

17:44 people a sense of where the world's

17:45 going what our customers are doing

17:47 together.

17:48 We've got a bunch of materials that you

17:49 can review in more detail, and

17:51 reach out to our organizations. 

17:53 We hope everybody's staying safe

17:56 out there and building secure

17:58 environments and changing the world in

17:59 the process.

18:00 Absolutely it's been a pleasure to be

18:02 here. it's always fun talking shop with

18:04 you guys.

18:05 Have a great day, everybody stay safe.

Securing Emerging Technologies with Thales Luna HSMs - Solution Brief

Securing Emerging Technologies with Thales Luna HSMs - Solution Brief

In today's digital world, enterprise and government are in a state of flux. Organizations are optimizing by taking workloads to the cloud, or forging ahead transforming, taking advantage of a wide variety of emerging technologies. They are revisiting their strategies due to...

Luna Network HSM

Luna Network Hardware Security Module - Product Brief

Secure your sensitive data and critical applications by storing, protecting and managing your cryptographic keys in Thales Luna Network Hardware Security Modules (HSMs) - high-assurance, tamper-resistant, network-attached appliances offering market-leading performance and...

OpenShift Container Platform with Luna HSM and Luna Cloud HSM - Integration Guide

OpenShift Container Platform with Luna HSM and Luna Cloud HSM - Integration Guide

OpenShift Container Platform brings together Docker and Kubernetes, and provides an API to manage these services. OpenShift Container Platform allows you to create and manage containers. Containers are standalone processes that run within their own environment, independent of...

Red Hat Certificate System - Luna HSM - Data Protection on Demand - Integration Guide

Red Hat Certificate System - Luna HSM - Data Protection on Demand - Integration Guide

This document guides security administrators through the steps for securing Red Hat Certificate System Subsystem private encryption keys inside of a Thales Luna HSM or Thales Data Protection HSM on Demand (HSMoD) service. This guide covers the necessary information to install...