Weaveworks acquires Policy as Code Startup Magalix to secure Kubernetes applications
Adding Magalix’s security capabilities to GitOps enables trusted delivery, strengthening customers ability to deploy Kubernetes applications through "Security by Pull Request".
LONDON and SAN FRANCISCO - January 26, 2022 - Weaveworks, the GitOps company, today announces the acquisition of Magalix, an innovator in cloud native security. With this acquisition, Weaveworks is raising the bar on secure DevOps. By bringing Magalix’s powerful policy as code to Weave GitOps, Weaveworks will further its vision of automating Kubernetes application and infrastructure operations. Secure GitOps pipelines throughout the entire software life cycle are imperative for resilient cloud native service delivery that accelerates innovation, speed and agility. Terms of the deal were not disclosed.
Shifting Cloud and Kubernetes Security Left
The transformative trend of GitOps continues to gain broad mindshare with cloud platform teams as they automate continuous delivery and operations of applications and infrastructure. However, according to IDC's 2020 survey, 67% of breaches in the cloud are caused by misconfigured applications or infrastructure. Trusted delivery adds policy as code to GitOps, enforcing security within the DevOps workflow.
"Policy as Code is a significant trend, underpinning security, compliance and guardrails efforts for enterprises adopting Kubernetes-based distributed systems", said James Governor, co-founder of RedMonk, "GitOps is a natural workflow for policy between developers and operators, and Weaveworks has acquired Magalix to accelerate its capabilities in this area."
GitOps Trusted Delivery will benefit Weaveworks’ customers:
- Policy as code enforces security and compliance from source to production: Magalix’s policy engine enables DevOps teams to apply consistent policies and best practices across multiple Kubernetes environments. Customers can now bridge the gap between developers, DevOps and security teams by introducing developer guardrails.
- Runtime policy and drift management guards protect production deployments: Magalix’s KubeGuard agent ensures any runtime drift is detected and automatically remediated. Customers are assured that policies are being enforced across all deployments and are immediately aware of any violations.
- Embedding security in GitOps workflows: Magalix simplifies DevSecOps and enables cloud-native environments to be more intrinsically secure, by integrating directly into source, build and deployment stages of the software lifecycle.
“Enterprise customers have made it clear that trusted application delivery is critical to the success of their increasingly complex cloud native platforms,” said Alexis Richardson, CEO of Weaveworks. “With the acquisition of Magalix, Weaveworks introduces customizable policies, compliance capabilities and comprehensive risk visibility into GitOps workflows, ensuring only authorized applications are deployed and there are no nefarious activities.”
Magalix was founded in 2017, focusing on security-as-code for teams running cloud-native applications. Magalix specializes in applying the DevOps mindset with codified security through policy lifecycle management, enforcement, and actionable insights. With Magalix’s security capabilities customers can easily control and enforce policies, using the same declarative approach as Kubernetes, to scale their applications while maintaining regulatory requirements and security best practices.
“We are seeing an increase in customers who run a zero-trust security model turning to GitOps to bring DevOps to cloud-native application development and IT operations,” said Mohamed Ahmed, founder, and CEO of Magalix. “Similar to how DevOps disrupted infrastructure management, we believe that integrating security into GitOps pipelines brings considerable agility and speed, preventing errors and protecting against attacks that could shut down the entire platform. Imagine securing your platforms 100 times faster with very high confidence while evolving them. Weaveworks and Magalix share that joint mission to make it easy to innovate fast without jeopardizing security and stability.”
Weaveworks intends to fully integrate Magalix into Weave GitOps Enterprise, delivering end-to-end Kubernetes security, enhanced visibility and resilience across the entire cloud native life cycle in hybrid cloud, multi-cloud and edge environments.
- Commentary from Alexis Richardson, CEO, Weaveworks
- Commentary from Mohamed Ahmed, CEO, Magalix
- Magalix website
- Weave GitOps Enterprise
“Infrastructure automation enhances application delivery, supporting on-premises and cloud topologies. GitOps and policy-as-code approaches and tools, supplemented by vulnerability prioritization technology platforms, will drive assessment and enforcement of security and compliance mandates. " Gartner®, Hype Cycle™ forHype Cycle for I&O Automation, 2021, Chris Saunderson, 16 July 2021
*GARTNER and HYPE CYCLE are registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Weaveworks helps teams adopt cloud native computing, managing cloud native infrastructure and applications quickly, reliably, and at scale. The company helps infrastructure and platform teams build and operate their own Kubernetes application platform whether in the cloud, at the edge, or on-premise. Its products and solutions are community built and enterprise approved. Weaveworks was one of the first members of the Cloud Native Computing Foundation and is one of its top 10 contributors. For more information, visit weave.works.