• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • The root cause of major attacks and security breach is granting permission to assets that must not be accessed by all.

    Kubernetes is one of such digital infrastructures where these issues surface. The cloud-native software deployed via legacy data centers needs end-users and administrators to detect and mitigate misconfigurations like granting high-level privileges to wrong programs and people.

    IBM Study concluded that about 95% of online security breaches that they investigated were contributed or caused due to human errors, including those by software developers. Furthermore, the remaining ones were majorly due to technical faux pas.

    Subsequent disclosures regarding security breaches have also cited similar findings with digital tools of all kinds.

    In Kubernetes, privileges are often granted through role-based access controls. It can allow full-cluster administrative permissions mistakenly, even when it is not required. The fact that Kubernetes can enable large-scale and automated infrastructure permissions, it also sets the ground for attacking containers, applications, and abusing permissions.

    The issues include many in-built security features as well, but not all of them are enabled in the tool by default. As Kubernetes fosters rapid application rollout and development, the control might get in your way during fast development.

    Once you deploy your applications, making it available for your users, permissive security configurations multiply the possible risks.

    Security strategies for cloud-native tools

    To secure cloud-native tools using containers, you need a different strategy other than those used for legacy infrastructure systems. With the growing adoption of cloud-native tools, there are two security approaches, mainly – Kubernetes-centric and container-centric.

    In a container-centric security approach, the focus is to secure container runtimes and images. It uses control techniques like shims and inline proxies to control communications across containers.

    Kubernetes-centric approach, on the other hand, leverages the in-built scalability and flexibility of Kubernetes. It operates at Kubernetes layers and advances its enforced policies. Hence, you need to let it control both your infrastructure and security.

    What makes a security tool Kubernetes-native?

    The characteristics that make a security tool Kubernetes-centric or Kubernetes-native is a mix of what they perform and how. Firstly, you need to integrate your infrastructure and workloads with Kubernetes API and assess vulnerabilities.

    Make sure you base your security functions upon Kubernetes resources, including services, deployments, pods, and namespaces. You also need to utilize the in-built security features of Kubernetes. As a result of this deep integration, all your Kubernetes environment, vulnerability management, configuration management, network segmentation, incident response, compliance, and threat detection can be covered.

    Why are Kubernetes-centric tools superior for containers?

    Kubernetes-centric security platforms are considered superior if you are working with containers. The reason can be formulated in three ways.

    Firstly, they provide better protection with the help of rich insights within the containers and Kubernetes itself. They also leverage declarative data to contextualize risk and inform visibility.

    Secondly, Kubernetes security platforms provide enhanced operational efficiency, which enables quick threat detection as well as risk assessment in priority level. It keeps everyone in your team on the same page to troubleshoot issues and work faster.

    Thirdly, your operational risk can be reduced by using the native controls of Kubernetes, facilitating scalability and adaptability. Additionally, no conflict could arise between the orchestrator and external controls.

    Hence, Kubernetes’ native capability of security can better protect container ecosystems. If your infrastructure security and DevOps teams manage to harness the full potential of these capabilities, you can continue detecting threats and stop them when you still have the time.

    Check out the original post here.