Audi uses Aqua to Protect Container Platform at Scale

The Audi Group is one of the most successful manufacturers of automobiles and motorcycles in the premium and luxury segment. The brands Audi, Bentley, Lamborghini, and Ducati produce at 21 locations in 12 countries. Audi and its partners are present in more than 100 markets worldwide. With its attractive brands and numerous new models, the group is systematically pursuing its path toward becoming a provider of sustainable, fully networked premium mobility.

In 2020, Audi created a container-based platform that ran exclusively on AWS and were using Red Hat OpenShift to build, deploy and manage applications at scale. The company looked to center their efforts on establishing a DevOps culture with a shift left approach that required developers to have a stronger focus on security. Sebastian Kister, product team lead at the Audi container competence centre, recalls that at the time, there were few companies in the space with solutions that could protect containerized applications at scale while ensuring the accountability by the development team in the way Audi needed.

The Audi team believes in a “security first” approach, –they needed a solution that incorporated security into development processes, while also delivering runtime protection after deployment. Aqua’s specialization in container security set it apart from other vendors. A certified container security platform for OpenShift, Aqua provided a full-stack security solution to deploy cloud native applications, extending native capabilities to offer image assurance, runtime controls, and protection against attacks, as well as increased visibility and compliance for containerized applications. 

Aqua could provide a solution regarding  securing containers, but more importantly, reduce friction between application developers and platform operations teams. Through the use of tools like Aqua Trivy developers were able to pre-scan their workload before pushing it to the Kubernetes cluster, where the Aqua security enforcers are deployed. In most cases, the work was able to be automated providing application teams a technical edge to accelerate their pace of innovation — an important metric on a DevOps journey. 

Audi uses Aqua to protect its containerized environments, that hosts all containers created after 2020. They find Aqua’s Platform effective at identifying vulnerabilities and keeping applications patched and updated. As Kister stated “it delivers important visibility into security maturity, so they can ensure applications, workloads and the infrastructure they are running on are all stable, robust, resilient, and secure.” The team found that Aqua has made it simple to respond to even the most critical vulnerabilities. The most serious example of this was when the world was grappling with the Log4j vulnerability, Audi was able to find it and fix it quickly securing their environments with just a click of a button while others struggled for weeks to find the vulnerability.  

“For my platform team, it was  just a look in our Aqua console and we got a clear, comprehensive overview about Log4J. That was pretty amazing actually, although with Aqua we were not used to anything different, to be honest. Aqua makes it easy to respond to vulnerabilities like this, so for our first experience with a major zero-day exploit in the media — it was a good experience.”  

Audi has automated CVE management with Aqua, which includes scanning, alerting and other actions, such as blocking. The platform team only checks the tool, not the projects, which allows for massive scale and effective protection. In fact, Audi has completely eliminated the critical CVE (Common Vulnerabilities and Exposures). With Aqua Enforcer, they have achieved 100% critical CVE mitigation. 

Aqua has also helped them on their DevOps journey because it reduces the time to market and makes it easier and faster for Audi to deliver a rock-solid container platform. Security is no longer a stalling factor in their development process.  

“We were measuring time to market in months, but with Aqua we can enable teams to literally deliver code within days, or sometimes hours. It has been a great benefit.” 

Developers can get through security checks faster, which makes them more productive. This is due to Aqua’s ability to automate various aspects of Audi’s processes, including security policies, alerting, container image scanning, container runtime scanning, configuration scans and guardrails. Aqua has made a significant contribution over the past three years and continues to secure the Audi standard platform for containerized applications on AWS to this day. 

Kister said that Aqua’s culture has been a real differentiator. He and his team feel like they have an impact on engineering, which isn’t the case at a lot of other companies. And the customer success team enables them to get the maximum value out of the Aqua solution, which has been crucial.  

With Aqua, Audi was able to protect its container platform and enable DevOps for faster, more secure development processes. Aqua offered:

• Certified container security platform for Red Hat OpenShift 
• Runtime controls and protection against cloud native attacks 
• Increased visibility and compliance for containerized applications 
• Automated workflows and security checks for development 
• Achieved 100% critical CVE mitigation