What one thing should you do to secure your Kubernetes environment?

Tom Allen
clock • 2 min read
What one thing should you do to secure your Kubernetes environment?
Image:

What one thing should you do to secure your Kubernetes environment?

Lack of resources is a massive blocker, so you'll need to prioritise

Containers are a fantastic way for DevOps teams to break their toolchains down into a series of microservices, making it easy to swap a particular product out of the pipeline without needing to entirely rebuild it from scratch. Kubernetes is one of the most popular container platforms, but protecting a Kubernetes environment can be a daunting prospect.

Rory McCune of Aqua Security spoke about getting started with Kubernetes security at Computing's recent Deskflix: DevSecOps event, where he attempted to answer the question, 'What's the one thing I could do to try and improve my Kubernetes security?'

The first thing to think about, said McCune, is the available resources. Of course, in an ideal world you would have everything you need, with multiple teams to handle any issues. In reality, many IT leaders lack full-time employees who can focus exclusively on Kubernetes security. So where should you assign this limited resource?

"You talk to security people and you'll hear them say, 'You should do all these things, otherwise you're not going to be secure.' That's not the real world. The real world is we all have day jobs and many of them are not in security, so we need to try and work out where to apply our security."

When it comes to assigning priorities, McCune advised thinking about your threat model, or, 'Who's going to attack me and how?' He names three main threat models to consider:

  • External attackers. There are increasingly more of these, acting faster; some vulnerable honeypots Aqua Security left exposed as research on the open internet were compromised within 50 minutes.
  • Compromised containers. You could have as many as a thousand applications on a single cluster, so there is a real threat if just one is compromised. This threat model might not apply to every cluster, but could be a serious risk.
  • Compromised credentials. As ever, attackers can use compromised credentials to access your network.

In addition to the threat model, you need to think about the attack surface. There's an obvious example when it comes to Kubernetes: network ports. "The main services run by Kubernetes all have a network port, so that's part of the attack surface," said McCune. But there are also non-obvious parts; for example, if you have a lot of containers running they are part of the attack surface, as you can assume an attacker will get access to one of them.

So: who, how and where are people going to attack?

This is only a summary of the first part of McCune's talk, which is a must-watch for anyone with a Kubernetes environment.

Related Topics

You may also like
Nutanix: We're staying true to open source

Open Source

Nutanix: We're staying true to open source

HCI vendor promises to support CNCF projects 'across all environments'

clock 23 May 2024 • 4 min read
Even CERN has to queue for GPUs. Here's how they optimise what they have

Big Data and Analytics

Even CERN has to queue for GPUs. Here's how they optimise what they have

'There's a tendency to say that all ML workloads need a GPU, but for inference you probably don't need them'

clock 17 April 2024 • 4 min read
Journey to greener cloud apps: Deutsche Bahn's optimisation successes with Kubernetes

Green

Journey to greener cloud apps: Deutsche Bahn's optimisation successes with Kubernetes

30X emissions reductions and 4X cost savings could be achievable, says platforms chief Gualter Barbas Baptista

clock 05 April 2024 • 5 min read
Tom Allen
Author spotlight

Tom Allen

View profile
More from Tom Allen

National Grid is turning analogue to digital - Ctrl Alt Lead podcast

IT Essentials: Southgate the servant leader

Most read
01

SAP to cut 10,000 roles by 2025

24 July 2024 • 2 min read
02

ChatGPT maker OpenAI could lose $5bn in 2024, report

26 July 2024 • 2 min read
03

CrowdStrike outage to cost $44m per Fortune 500 company, report

26 July 2024 • 3 min read
04

UK and India announce joint Technology Security Initiative

26 July 2024 • 3 min read
05

CrowdStrike updates caused Linux outages in April

22 July 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

'Gay furry hackers' breach conservative US think tank behind Project 2025
Security

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity
Security

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read
Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs
Security

Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

142 holes plugged this month

John Leonard
John Leonard
clock 10 July 2024 • 3 min read