Individual engineering teams care about security, but typically for the platform or application architecture they’re working on. CISOs on the other hand must care about all security that’s happening inside of an organization. From infrastructure teams to application teams, the CISO is ultimately responsible.
When it comes to Kubernetes, it’s no different.
In this blog post, you’ll learn about the top five security measures that CISOs should be thinking about for any Kubernetes implementation.
Secure Authentication Solutions
When a Kubernetes cluster is created, or five hundred Kubernetes clusters are created, one of the first questions that come to every CISOs mind is “how are engineers and users going to authenticate to this Kubernetes cluster?”.
Out of the box, there are RBAC roles and permissions, which authenticate users and system components (like service accounts) to allow access to specific Kubernetes resources. However, this may not be enough.
Instead, there may be more pressing considerations to think about like oAuth and SSO for Kubernetes. Depending on where you’re deploying Kubernetes, some solutions work natively and others will need to be implemented.
In, for example, a cloud-based Kubernetes service, like Azure Kubernetes Service (AKS), engineers get Azure Active Directory out of the box that they can enable and implement for all AKS clusters across the organization. Active Directory is a tried and true method for user authentication, and it can work with the same success across all Kubernetes clusters running inside on AKS.
If you’re using a Kubernetes environment that doesn’t have a native solution like Active Directory, there are plenty of supported options around OpenID Connect (OIDC). For example, Okta and AuthO have integrated Kubernetes authentication solutions available.
There are plenty of security habits that can mitigate a ton of security risks right away when first implementing Kubernetes.
The first is single-tenancy and multi-tenancy clusters. When thinking about single-tenancy or multi-tenancy from a Kubernetes perspective, it could be anything from how many users have access to a cluster to what applications are running on the cluster. Taking it from a user perspective, Kubernetes clusters can be set up for dev environments that only one user has access to, which would mean every user could get their own Kubernetes cluster, mitigating multi-tenancy risks. If multi-tenancy is needed, which in many cases it is, setting up proper RBAC permissions for users is a crucial starting point. That way, users only have access to what they need.
When it comes to Kubernetes, every resource that’s being interacted with is part of the Kubernetes API. Where there’s an API, there are logs, metrics, and traces. A proper log aggregator or an observability combo, like Prometheus and Grafana, can retrieve security logs from a Kubernetes cluster which would help teams mitigate any risk that comes their way. They can also set up alerts for these logs so they know about them right away.
From a segregation perspective, it’s important to set up proper Namespace habits from the beginning. Depending on access levels, users may have the ability to deploy applications and resources across any namespace, including the Default or even kube-system, which houses the core Kubernetes Pods needed to run the cluster. Instead of that being an issue, users and service accounts should only have access to deploy apps to specific Namespaces.
K8s Shift Left
Shifting left to ensure that security risks are caught and properly mitigated even before containers reach Kubernetes can save a ton of headache for CISOs and engineering teams later down the line.
For example, let’s say your engineering teams are using a CICD platform to build container images from applications. With a shift left scenario, you can ensure that engineering teams are properly scanning the application binaries that are going into the container image, and once the container image is built, you can use security platforms like KSOC to scan container images that are deployed to a Kubernetes cluster. Once the container images are scanned and verified, they can then be deployed to Kubernetes.
One of the biggest shift left approaches for Kubernetes is shifting all the way left, even before Kubernetes is in the mix.
- Application binaries are scanned
- Container images are scanned
- All container images are verified
Can save teams time, effort, and manual fixing later on, ensuring that the applications can be deployed to Kubernetes in a proper timeframe and go-to-market strategy cycles are properly met.
Hike Up Compliance Audits
Whether you’re using outside auditing consultants to help meet HIPPA, PCI, PHI, and SOC2 compliance needs, or you’re performing audits with internal team members, or a combination of both can be a major benefit to your organization's Kubernetes environment.
Kubernetes moves fast, as do all cloud-native platforms, resources, and platforms. Because of that, there’s no possible way to catch every little thing that can happen and cause a security risk at every point of the day. There must be proper audits in place, whether they’re performed internally, from outside parties, or both.
The audits can come in the form of:
- Full environment scanning
- Full application scanning
- Individual Kubernetes cluster scanning
- Full Kubernetes environment scanning
- Logs generated by Kubernetes
- Real-time Kubernetes vulnerability analysis
- All of the above
Auditing and finding vulnerabilities mean mitigating risk before the risk can become a larger problem for engineering teams and leadership teams, possibly impacting the entire organization.
The final piece is multi-environment flexibility and ultimately, what that can look like for your organization.
As the cloud-native approach continues to grow, there are now three forms:
From a single-cloud perspective, CISOs are worried about securing the components and resources inside of one cloud. This is a big lift in itself. However, when it comes to multi-cloud or hybrid-cloud, that means your resources are not only in multiple places, but communication is occurring across networks.
For example, let’s think about the hybrid-cloud approach. Hybrid-cloud typically means some of the infrastructure is on-prem and some of it is in the cloud. That means you must think about securing the infrastructure, securing the internal networking on-prem, securing the cloud infrastructure, securing cloud services, and securing the communication between on-prem and the cloud.
From a multi-cloud perspective, it’s all about not only securing the cloud services running in each cloud, but securing the communication between clouds.
Because hybrid-cloud and multi-cloud are becoming much more popular than in previous years, thinking about a single environment is no longer a reality. Instead, CISOs must think about what environments look like when there are multiple, spanned across clouds and hybrid environments. Much like how CISOs must think about environments that are spanned across multiple datacenters.
To learn more about securing your Kubernetes environment with KSOC, visit www.ksoc.com.