Kubernetes security: 4 strategic tips

Kubernetes security: 4 strategic tips

Kubernetes security experts share the tips that will help you avoid trouble – and maybe even build support for security across your organization

up
16 readers like this

on

May 20, 2019
Shadow IT CIO

As with all things security-related, “fingers crossed!” isn’t exactly a confident posture. Kubernetes offers a lot of powerful security-oriented features, and the community has shown a strong commitment toward the security of the project. But it’s always best to be proactive, especially if you or your teams are still relatively new to containers and orchestration.

The fundamentals of security hygiene still largely apply, as we noted in our recent article, Kubernetes security: 5 mistakes to avoid. There’s also some new learning to be done to ensure you’re proactively managing the risks inherent in any new system, especially once it’s running in production.

[ Want to help others understand Kubernetes? Check out our related articles, How to explain Kubernetes in plain English and How to explain Kubernetes Operators in plain English. ]

Earlier this year, we shared four important tips for managing the security of your Kubernetes environment. We went back to the experts to ask for more, and they obliged. So let’s expand our strategies with four more tips for proactively managing the security of your Kubernetes implementation.

1. Know what you don’t know

When we dug into some of the common mistakes teams make in the early phases of their Kubernetes deployments, one big one came up repeatedly: People plow into production – often under unrealistic deadline pressure from above – without really testing or understanding the security implications.

“To improve Kubernetes security, seek out expertise,” says Matt Wilson, chief information security advisor at BTB Security. “Plenty of great information is already available from the usual sources, such as CIS Benchmarks, and also directly from Kubernetes. Download them, read them, apply what you can. Then, before you put production applications or data up there, conduct some security testing to validate you’ve done enough.”

We’ll throw a couple of other items for your Kubernetes syllabus:

In terms of knowing what you don’t know – a healthy starting point for any learning curve – the CIS Benchmark for Kubernetesis a good starting point. The open source tool kube-bench, developed by Aqua Security, will check your deployment against the 100+ checks in the CIS Benchmark for Kubernetes.

2. Optimize native Kubernetes controls

Another one of the initial mistakes some teams make is to assume that just because Kubernetes has powerful security controls, those features are optimized out of the gate. They’re not. So ensure you’re adequately tuning those features for your particular organization and its risks.

“Upgrade to the latest version of Kubernetes as frequently as possible [or] practical, [and] enable native controls and learn the optimum settings to make them as powerful and effective as possible,” says Wei Lien Dang, VP of product at StackRox.

Ensuring your software current is an ageless best practice. As for optimizing native features, Dang offers a few examples:

  • Configure network policies to segment deployments and restrict allowed ingress and egress traffic.
  • Create separate namespaces across deployments for isolation.
  • Avoid granting cluster-wide permissions and enable certain powerful permissions only for trusted users to avoid issues, such as a recently disclosed DoS vulnerability.

Some organizations may want to consider augmenting native controls with standalone security tools, particularly if they have a compliance requirement such as PCI. Commercial platforms can also be helpful in this regard.

Pages

15 comments

Howdy, just ended up mindful

Howdy, just ended up mindful of your blog through Google, and found that it is extremely enlightening. I'm going to keep an eye out for brussels. I will be thankful on the off chance that you proceed with this in future. Many individuals will be profited by your composition. Good wishes!
https://www.cdrreport.org/rpl-report-for-ict-project-manager/
https://www.cdrreport.org/rpl-report-for-ict-quality-assurance-engineer/

The article is more

The article is more informative. This is more helpful for our software testing certification course in chennai. Thanks for sharing

Kubernetes security its very

Kubernetes security its very important questions in many field of business . You can set up your personal security through router login Thanks for the post

Bangalore Independent Escorts

Bangalore Independent Escorts a leading fashion model in Bangalore Escorts Bangalore Escorts

Thanks for the information

Thanks for the information post. im glad to share this news to my friends..
192.168.1.1

how to pair apple watch with

The Bangalore Escorts

The Bangalore Escorts Services also spots connected as your girlfriend and far half inside the make any difference of sex, but, the only variance they received’t wait to meet ambitions, it’s their position to form you full, while they additionally wish to entertain some mixture of thoughts to shape intercourse additional hot and extensive, and that they Furthermore elect to see you appreciate performing abilities in bed on security she’s On top of that women.

Bangalore Escorts Services
Bangalore Call Girl
Bangalore Escort
Escorts in Bangalore
Bangalore Female Escorts
Bangalore Escort Service
Female Bangalore Escorts Services

Bangalore Escorts Services
Bangalore Call Girl
Bangalore Escort
Escorts in Bangalore
Bangalore Female Escorts
Female Bangalore Escorts Services

Bangalore Escorts Services
Bangalore Call Girl
Bangalore Escort
Escorts in Bangalore
Bangalore Female Escorts
Female Bangalore Escorts Services

We offer first class Escorts

We offer first class Escorts Services in Goa. People of Goa are having a clamouring logbook for the length of the day. From each and every one of those wild exercises, they require a kind of slackening up. Solitary breeze up clearly discourteous once in a while due to the above kind of weight and exercises for the range of the day. We offer such adoring and objecting to young ladies who will swing your point of view and effect you to cherish them also.
Goa Escorts
Goa Call Girl
Goa Escort Service
Escorts in Goa
Goa Female Escorts
Female Goa Escorts Services

Whitefield Escorts Escorts
Whitefield Escorts Call Girl
Whitefield Escorts Escort Service
Escorts in Whitefield Escorts
Whitefield Escorts Female Escorts
Whitefield Escorts Escort Service
Female Whitefield Escorts Escorts Services

Electronic city Escorts
Electronic city Call Girl
Electronic city Escort Service
Escorts in Electronic city
Electronic city Female Escorts
Female Electronic city Escorts Services

Thanks for the information

Thanks for the information post. im glad to share this news to my friends..
192.168.0.254

Pages

Kevin Casey writes about technology and business for a variety of publications. He won an Azbee Award, given by the American Society of Business Publication Editors, for his InformationWeek.com story, "Are You Too Old For IT?" He's a former community choice honoree in the Small Business Influencer Awards.

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Kevin Casey
June 26, 2019

If AI is going to have deep impacts on the human workforce, it stands to reason that human resources will need to play a vital role in how organizations adapt. That’s no small task.

Submitted By Eric Brown
June 26, 2019

The candidates you're interviewing could be the smartest people in the world when it comes to creating machine learning systems, but if they don't have this one soft skill, they won't be as successful. 

Submitted By Stephanie Overby
June 25, 2019

These two age groups will be an important part of IT teams for the foreseeable future. New Mercer data shows how to recruit and retain both.

x

Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.