NRI Secure Technologies, a renowned cybersecurity company and a subsidiary of NRI (Nomura Research Institute), reportedly launched the first IT security assessment service of Japan for systems that have container orchestration. This security service utilizes Kubernetes, leading container orchestration tool. The newly launched service offers IT security assessment for systems through container orchestration technology from viewpoints of static analysis by interpretation of configuration files and dynamic analysis carried out by attempting simulated attacks. This assessment comprises of manual inspection done by engineers of the company having expert knowledge of the container orchestration and many tests that use auxiliary inspection tools. IT security service finds security issues through checking the validity of the data on the configuration file as well as the architecture configuration that is generated by container orchestration. Along with independent inspection, a highly accurate and comprehensive assessment is performed to determine whether the state of configuration is appropriate or not by looking at the complete architecture. This allows the company to detect security issues during the design phase that are generally overlooked by inspection tool alone. Followed by Kubernetes, the company plans to increase the number of container orchestration tools in relation to the IT security assessment service. Digital transformation has become extremely widespread in recent years. the demand for higher speed and flexibility in system development has witnessed growth. Also, the infrastructure technologies and design concepts that support these demands have also been evolving rapidly. Particularly, microservice, which creates applications by diving them into functions and services. Along with microservice, other systems that presuppose deployment of serverless and cloud-native architecture are becoming common as well. A technology that supports such architectures is container, an application execution environment. The rise of container orchestration tools that can automatically scale, deploy and complete other functions has increased implementation of containers when building the systems. On the other hand, as containers are a novel technology area, it is highly possible that the system is working with a weak configuration. This could happen because the security measures in containers are not yet entirely in place. To deal with increasingly strong cyber-attacks and threats, taking appropriate security measures is necessary. Security measures such as privilege and access management and vulnerability measures that focus on the container itself. Source credit: https://www.businesswire.com/news/home/20191128005588/en/NRI-Secure-Launches-Japans-Security-Assessment-Service