SBN

KubeSecOps: Kubernetes Security Practices You Should Follow

Where do you use containers? Organizations started using containers in development and test environments. Over the past couple of years, confidence has grown and we are seeing significant container growth in production environments. Organizations are adopting containers across the software development lifecycle.

Of course, this begs the question – how secure are your containers?

Kubernetes is one solution to deploying, managing, and scaling your containers. Karthik Gaekwad (@iteration1), a developer and cloud native evangelist at Oracle, lays out tips and tools to ensure Kubernetes containers are as secure as possible in his All Day DevOps presentation, KubeSecOps. 

While organizations are increasingly adopting containers, core issues still remain. According to a Cloud Native Computing Foundation (CNCF) survey, complexity, culture, training, and security are all challenges for organizations around containers. An Oracle survey shows that managing, maintaining, and updating the Kubernetes Control Panel and Data Plane, figuring out container network and storage, managing teams, and security continue to challenge organizations.

As examples, Karthik mentions a vulnerability stemming from unsecured K8s dashboards, resulting in the ability of attackers to use the cloud environments to mine cryptocurrency. Aviva, Weight Watchers, and Tesla were among those impacted. He highlights another one, affecting Shopify, where attackers gained access to any container in the infrastructure.

Claroty

Many complain that Kubernetes is too complicated. Karthik agrees, and realizes it can affect how users adopt sound practices. So, he lays out some tips to make administering Kubernetes easier and make the system more secure. He covers attack surfaces, security related features in K8s, and open source tools to help.

Reduce Kubernetes Attack Surfaces

Look at the host, the containers, and the Kubernetes cluster to reduce the attack surface.

For the machines you are running Kubernetes on, the goal is to minimize privileges to applications running (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Derek Weeks. Read the original post at: https://blog.sonatype.com/kubesecops-kubernetes-security-practices-you-should-follow