VMware’s acquisition of the Kubernetes security startup Octarine reflects a shift in cybersecurity, driven by containerization of applications.
"The focus is no longer about machines, but about securing applications," Gou Rao, CTO at Portworx, a VMware partner that works on container security, told DCK. "Data center managers should start thinking about all aspects of their infrastructure from a Kubernetes lens."
Another recent VMware acquisition, of Carbon Black, also reflects this shift.
VMware plans to bundle Octarine’s technology into the cybersecurity platform by Carbon Black, which it bought seven months ago for $2.1 billion, and into Tanzu, the Kubernetes platform built on technology developed by Pivotal. VMware bought Pivotal in January for $2.7 billion.
The company announced the Octarine deal the VMware Connect 2020 conference last week, held virtually, where it also announced a next-gen SOC alliance with Splunk, IBM, Google, Exabeam, and Sumo Logic to integrate SIEM and SOAR solutions with Carbon Black’s endpoint protection system.
According to Patrick Morley, general manager and senior VP of VMware's security business unit, Octarine's technology helps companies secure containers in their Kubernetes clusters and simplify DevSecOps.
"Just over seven months ago, VMware acquired Carbon Black and announced our plans to be a major security provider with our intrinsic security strategy – protecting any application, running on any cloud, on any device," Morley said in a keynote presentation last week. "We’ve established a strong starting position. Today’s announcement reaffirms VMware’s continued commitment to investing in security.”
Octarine scans containers when they are built and when they're running. "You will see us over the coming quarters pull that workload security capability onto our core platform," he said.
Thomas Hatch, CTO and co-founder of the cybersecurity company SaltStack, said the move was indicative of a broader trend: tighter collaboration and integration of the application development, deployment, and maintenance pipeline, also known as DevSecOps.
"They are acquiring Octarine to ensure that they can be leaders in DevSecOps," he told DCK. "They seem to want to be more involved in the development phases of the entire lifecycle."
VMware has not said how much it will pay for Octarine.
Data center cybersecurity will improve because firms running VMware will need fewer security sensors in their stack.
In February, for example, VMware said Carbon Black’s integration would do away with the need to install agents for antivirus protection or endpoint detection and response.
Zachs Equity Research said the Octarine deal and its other recent acquisitions and engineering work around containers will help boost its cloud subscription and Software-as-a-Service revenue over the long term.
Grand View Research projects the global application container will reach $8.2 billion by 2025, with a compound annual growth rate of 26.5 percent.
"Everything is moving to Kubernetes," said Frank Dickson, research director for worldwide security products at IDC. "It's becoming the de-facto cloud standard."
VMware's Kubernetes containers aren't just for cloud deployments, he added. "If you have virtualized data centers running VMware on-prem, it would be useful there as well. VMware has some work to do to get it integrated and working. But if they execute well, it's a new market and a new opportunity."
Container security is a big deal for VMware, and the company has demonstrated that it’s willing to invest to make it happen.
"They've spent close to $5 billion on Carbon Black and Pivotal alone," he said. "They're going to big in the space, and they're spending to do it."
VMware isn't alone in this approach.
According to Daniel Elman, analyst at Nucleus Research, IBM is also rebuilding its entire application portfolio to be containerized. This was the point of its blockbuster $33 billion Red Hat acquisition.
And with the work-from-home migration caused by the COVID-19 pandemic cloud use will only accelerate, Elman told DCK.
"For data center managers, ensuring the infrastructure is compatible with the major container types will be crucial," he said. "Customers are seeing the benefits to containerizing, especially as they look to hybrid and multi-cloud environments. Instead of configuring an app to the specific cloud, developers can containerize the app so it runs agnostic of the underlying infrastructure. Any data centers that don’t equip themselves to serve this customer need will be left behind."