News

Red Hat to Acquire StackRox

• By John K. Waters
• January 14, 2021

Red Hat, one of the world's leading providers of open source solutions, and the company behind the OpenShift Kubernetes container platform, announced plans to acquire Kubernetes-native security provider StackRox sometime in the first quarter of 2021. This will be the first acquisition since the company was, itself, acquired by IBM.

StackRox was founded in 2014 with the goal of "reinventing enterprise security," and has evolved over the past two years to focus on Kubernetes security. "Unlike first generation container security platforms, which were often container-centric offerings, StackRox differentiates with a Kubernetes-native security platform," Red Hat said in a statement. "With this, organizations can more easily control and enforce policies, using the same declarative approach as Kubernetes to scale their applications while still maintaining the necessary security."

Raleigh, NC-based Red Hat has long viewed Kubernetes as "the cornerstone of hybrid cloud computing," the company said in a statement last year. By bringing StackRox's capabilities to OpenShift, Red Hat is seeking to expand its leadership in this highly competitive market, and will "further its vision to deliver a single, holistic platform that enables users to build, deploy and securely run nearly any application across the hybrid cloud."

"For some time we've taken a layered approach to container and Kubernetes security," Kirsten Newcomer, director of Red Hat's Cloud and DevSecOps Strategy group, told AppTrends. "We're also continuously working to expand the capabilities our enterprise customers need. And security is clearly table stakes. We think it's important to have more to offer in that space, and we really like the way StackRox complements what we already have in place."

The StackRox software is designed to provide visibility across all Kubernetes clusters by directly deploying lightweight components for enforcement and deep data collection into the Kubernetes cluster infrastructure. It reduces the time and effort needed to implement security, and streams security analysis, investigation, and remediation. StackRox also helps customers "shift left" to secure containerized applications earlier in the development lifecycle and enable DevSecOps.

The acquisition is" a tremendous validation of our innovative approach to container and Kubernetes security," StackRox CEO Kamal Shah said in a statement. "Red Hat is an ideal partner to accelerate our vision of enabling organizations to securely build, deploy and run their cloud-native applications anywhere."

StackRox's Kubernetes-native architecture is a natural fit for Red Hat, said Ashesh Badani, SVP of Red Hat's Cloud Platforms Group, in a blog post. It provides a complementary capabilities that will strengthen the layered approach Newcomer mentioned to container and Kubernetes security Red Hat has been employing with its partners through OpenShift."

"With StackRox, Red Hat will focus on transforming how cloud-native workloads are secured by expanding and refining Kubernetes' native controls," Badani said. "StackRox's software provides visibility and consistency across all Kubernetes clusters, helping to reduce the time and effort needed to implement security while streamlining security analysis, investigation and remediation. We will also be working towards shifting security "left" into the container build and CI/CD phase, to identify and address issues earlier in the development cycle to provide more cohesive security up and down the entire IT stack and throughout the application lifecycle."

Newcomer says Red Hat's first acquisition as an IBM subsidiary is evidence that Big Blue will be keeping to its "statement of independence," which the company made when it acquired her company in 2019. "There's a common board and other elements where we're connected, of course," she said. "But this was absolutely and independent acquisition, and we're really pleased with our relationship with IBM."