There is no one-size-fits-all solution for
security in the cloud, but these best
practices can lighten the load on
organizations trying to build up their
Kubernetes resources.
In just a few short years, Kubernetes has evolved into a mainstream technol-
ogy. The open-source container orchestration project has over 1,500 contrib-
utors and is ninth in number of commits on GitHub. Most enterprises have
moved beyond experimentation, and are now planning to operationalize the
deployment of workloads and consumer applications to their Kubernetes clusters.
But before they do, they need to get their container security practices under
control. In a Cloud Native Computing Foundation survey, organizations using
Kubernetes listed security as their top container related challenge.
There are reasons for this. The orchestration platform is such a huge open-
source project, with so many contributors and so much change taking place
every day, it is hard to keep pace with security issues. Standard security pro-
cedures and practices that work well in traditional environments are less effec-
tive in Kubernetes, where traffic is dynamic and you need to secure a wide
array of pods, containers, nodes and images.
If you do not properly secure your Kubernetes environment, you will be expos-
ing your organization to a number of risks. Attackers could execute a “con-
tainer takeover,” where they compromise controls in one container and spread
their attacks to others. They could strike against Kubernetes services by
bypassing traditional security controls. Or they could acquire actual Kubernetes
administrative logins and use their privileges to inflict harm on the system.
To get the most out of their container environments, organizations need to
understand the end-to-end picture of how to operationalize Kubernetes secu-
rity. Here are best practices teams can follow to upgrade security in four key
areas:
• The containers themselves
• Identity Access Management (IAM)
• Infrastructure
• CI/CD automation
FALL 2018 | THE DOPPLER | 37