Capital One Debuts Beta of Critical Stack Container Orchestration Platform

Critical Stack, a division of Capital One, rolled out a beta program for its containerization management software and at least 41 Fortune 500 enterprises have signed up to take part. An application container orchestration platform, Critical Stack is designed to help enterprises manage secure containerized infrastructure at scale in the cloud. Capital One became the first U.S. bank to move its core processing to the public cloud after it purchased Critical Stack in 2016.

In August, Gartner predicted that “by 2020, more than 50 percent of global enterprises will be running containerized applications in production, up from less than 20 percent today.” So timing and Critical Stack’s positioning may explain the Fortune 500 interest. Critical Stack was designed for large enterprises, especially those in highly regulated industries, to help automate compliance and security controls, orchestrate streamlined deployment and configuration of apps and infrastructure in the cloud and automatically scale to meet varying demands.

“We are really moving things toward a declarative approach,” says Liam Randall, co-founder of Critical Stack. “Our general UI philosophy is: Easy things should be obvious and hard things should be possible. A declarative [command] just defines the end state. What we’ve done with Critical Stack is taken this powerful declarative model that Google’s Kubernetes supports, and we’ve extended it to support security as code as well. So not only can you define your application’s operational parameters, you can also slot in your security and network policies for execution, too.”

Capital One has adopted a cloud-first and open-source-first approach to software development and has standardized on RESTful APIs, microservices and containerization in the cloud. So, does the financial services company have skin in the game with the Critical Stack beta software?

Securing Containerization

“We’ve got a couple hundred developers [operational] at any given time,” Randall says. “There are only 12 nodes deployed right now but we’ve had days when we saw over 600 containers executing at any one time. We put Critical Stack into production inside the bank. We have had the alpha running internally for almost a full year as we prepared for the launch the beta. A few months ago we started to migrate production workloads in the security department to the bank. And these production workloads are supporting Capital One-wide backend operations. Over the next few months, we have very ambitious plans to continue to migrate our internal applications at Capital One.”

Containerization appears to be a Yellow Brick Road leading to modern infrastructure, an elastic environment and help with security and compliance in the cloud, at least it would seem with Critical Stack. What’s the big change in mindset needed to move into containerization?

“What’s happening with this move to containers and microservices is a change in the security boundary for enterprises,” Randall explains. “In today’s world, it’s the virtual machine. We are all relatively comfortable with virtual machines being the security boundary, and we enforce that via CPU mechanisms. But as we move to a containerized infrastructure, the security boundary becomes the kernel. What that means in a large enterprise setting is that we need to rethink our controls. How do we keep those applications from stepping on each other’s toes? Those are the kinds of challenges we’re taking on with Critical Stack. It’s the fact that the security boundary shifts with containerization that drives the [need] to automate security and compliance policy for the enterprise.”

Scot Finnie

Avatar photo

Scot Finnie

Scot Finnie is an award-winning business and technology journalist, reviewer, columnist, editor, and manager. He was the editor-in-chief of Computerworld for 10 years. He's been a Windows and macOS operating system expert for two decades. He torture-tested laptop PCs. Was ZDNet's first editor.

scot-finnie has 14 posts and counting.See all posts by scot-finnie