FEATURE
CHECK POINT
AIRTIGHT KUBERNETES SECURITY POLICY Written by: Saad Nizam, Cloud Security Architect at Check Point Software Technologies, Middle East
K
ubernetes gives developers a lot of power in terms of automating the deployment, management, scalability, and availability of containerized apps. According to data from 2021, the industry's preferred container orchestration engine is now used by over 5.6 million developers. Kubernetes and containerization, on the other hand, present additional complexities that pose new security challenges. Security remains the top concern in container strategy, according to Red Hat's 2021 State of Kubernetes Security study, with 94 percent of respondents reporting at least one security incident in their Kubernetes settings in the previous 12 months. It's vital to employ Kubernetes within the framework of an appropriate security strategy to retain the agility obtained by containerized development and to ensure security issues don't creep into production environments. But how would such a policy be implemented? Read on to get four top tips for ensuring airtight Kubernetes security.
Saad Nizam Cloud Security Architect, Check Point
Detected misconfiguration: The declarative nature of container orchestration lends to significant misconfiguration risks that opportunistic threat actors could exploit. These risks may increase the attack surface for your cloudnative applications or even expose sensitive data.
WHAT ARE KUBERNETES’ MOST COMMON SECURITY CONCERNS? Returning to the Red Hat report mentioned earlier, real-world data sheds light on the most prevalent security risks with Kubernetes. The four most prominent security issues with Kubernetes environments mentioned by DevOps, engineering, and security experts were:
30
JUNE 2022
www.VARonline.com
Security incident during runtime: The second most prominent concern makes sense given that many of the misconfiguration errors in the build phase will only become evident during runtime after containers have been deployed. Major vulnerability to remediate: Major vulnerabilities are severe flaws that could lead to the worst business outcomes, such as data loss/breach or extended application downtime. Failed audit: An audit of Kubernetes logs can uncover compliance issues in your container ecosystems.
WHY YOU SHOULD CARE ABOUT KUBERNETES SECURITY The first reason to be concerned about Kubernetes security is that it directly influences your work as a developer. When security concerns start interfering with build and deployment procedures, the agility promised by container orchestration soon diminishes.
