Red Hat’s announcement of a deal to purchase container-security startup StackRox earlier this month — the enterprise software giant’s first acquisition since its takeover by IBM in 2019 — looks like a good move from all angles.
The Mountain View, California-based startup’s technology has security capabilities that are missing from Red Hat’s OpenShift Kubernetes platform. That’s important because both Red Hat and IBM are betting the farm on hybrid multi-cloud deployments built around the container orchestration engine.
In the short term, however, it may be more important to Red Hat watchers (including companies that compete with IBM while doing business with Red Hat) that the deal doesn’t appear to have been forced by its new owner. It looks entirely like the sort of deal Red Hat would’ve made as a standalone company.
Last year, several months after IBM’s Red Hat deal closed, DCK asked Paul Cormier, then Red Hat’s newly minted CEO, whether the company’s promised autonomy extended to acquisitions. He indicated that any acquisitions would be initiated by Red Hat and not by its new owner, even though he would have to seek IBM’s approval first.
We are working on looking at a few things, and that will have to be run through them because they’re the bank now,” he said. “They’re a partner, but they’re also our shareholders.”
It’s doubtful that Red Hat would have to go to the IBM bank to finance this purchase. Although no details of the deal were made public, most media reports are putting the price tag at just north of $100 million, far less than the $250 million it paid for CoreOS in 2018.
As to be expected from Red Hat, which has traditionally insisted that all of its software be open source, Red Hat plans to open source StackRox’s proprietary software after the acquisition closes sometime in the first quarter of 2021. Red Hat said it will continue to support the existing KubeLinter open source community, as well as the new communities that form around StackRox’s other offerings as soon as they are open sourced.
In many ways, the deal builds on the CoreOS acquisition, which among other things gave Red Hat the container registry Quay to integrate with OpenShift. In a similar fashion, the technology that Red Hat gets from StackRox will be integrated with Quay and with application pipelines, including customers’ existing image scanning and CI/CD tools.
For even more inclusive security, Red Hat will take advantage of KubeLinter, StackRox’s recently released open source software for analyzing Kubernetes YAML files and Helm charts for correct configurations, which enables integrated security earlier in the development process.
“Securing Kubernetes workloads and infrastructure cannot be done in a piecemeal manner; security must be an integrated part of every deployment, not an afterthought,” Cormier said in a statement when the acquisition was announced. “Red Hat adds StackRox’s Kubernetes-native capabilities to OpenShift’s layered security approach, furthering our mission to bring product-ready open innovation to every organization across the open hybrid cloud across IT footprints.”
The startup’s technology fits well within the hybrid multi-cloud paradigm, since it’s designed to work with both managed Kubernetes services running in the cloud and platforms running on premises, on bare metal. This means that when the technology is integrated into the Red Hat Advanced Cluster Management for Kubernetes control plane, any cluster registered with ACM will have access to centralized security controls.
Importantly, the StackRox technology will not be confined to Red Hat and OpenShift. The company says that StackRox will continue to support multiple Kubernetes platforms, including Amazon Elastic Kubernetes Service, Microsoft Azure Kubernetes Service, and Google Kubernetes Engine.
In addition to its technology, Red Hat will be gaining StackRox’s customers, which include the likes of Splunk, Sumo Logic, Fidelity, and Lockheed Martin.
“We’re thrilled to join forces with Red Hat, coupling the industry’s first Kubernetes-native security platform with the leading Kubernetes platform for hybrid cloud, multi-cloud, and edge deployments,” Kamal Shah, StackRox’s CEO, said in a statement. “This is a tremendous validation of our innovative approach to container and Kubernetes security.”