Yeshwant Kamat advises customers on Multi Cloud Security- CSPM, CWPP, and Cloud Intelligence through Check Point’s CloudGuard platform. He is an AWS certified solution architect, AWS Certified security specialist and a Certified Kubernetes Administrator. Prior to this, he worked with Middleware and financial services, primarily on digital transformation initiatives.
In this exclusive expert interview, get premium insights into Kubernetes security considerations. This is information that you won’t want to miss.
For those who may not be familiar, can you share a bit about the importance of containers?
Containers are executable software units that include application code, libraries and dependencies packaged in common ways so it can be portable and can run anywhere. Containers help development teams remain agile, deploy efficiently, and scale.
Containers are a great fit for transitioning apps from past monolithic architectures to a modern micro services-based architecture. It is much easier to run containers on-premise or in public clouds. This allows for portable workloads and a multi-cloud strategy. Finally with the availability of container orchestrators such as Kubernetes, containers are easy to manage and scale for production applications.
Disadvantages of cloud container orchestration use?
Container orchestration tools such as Kubernetes are designed for web scale applications. They introduce complexity for simple applications.
Initial ramp-up time and cost could be high. Support life cycle and the need to keep Kubernetes infrastructure updated introduces additional operational overhead.
What are the main cloud container orchestration security challenges that teams are contending with?
Containers and orchestration tools, such as Kubernetes, provide a lot of agility. However, securing them can be complex to manage. Some of the challenges organizations are dealing with today are:
- Lack of visibility into their Kubernetes cluster artifacts.
- Avoiding misconfiguration exposures.
- Hardening the Kubernetes cluster to make it continuously compliant with your organizations Security Posture.
- Because container orchestration represents a broad attack surface, dealing with code and image security across the container lifecycle.
- Ensuring new deployments are scanned to be compliant with your organization’s policy prior to being persisted on the cluster.
Finally there is a need for runtime security, monitoring and prevention of malicious activities.
How can organizations conquer cloud container (K8s) security?
CNCF recommends a layered approach to cloud native security. Risk has to be carefully managed in each area, whether it’s the underlying cloud (or on prem if you are running on prem), cluster, container and your code.
- Consider using a managed Kubernetes offering from cloud providers, where most of the burden of securing and managing the control plane is now shifted to the cloud provider. It also reduces overall operational burden for IT teams.
- Consider a cloud security posture management and container security solution that provides you with deep visibility into your cloud/container assets, helps you continuously assess how you have set up the managed Kubernetes service on the cloud provider, and that provides an in-depth assessment of your Kubernetes clusters compliance posture with frameworks such as CIS or NIST.
- Use container image scan across the image lifecycle, from when the image gets created to when it gets checked into a registry, to the actual runtime image scan. Do static code analysis using SAST tools to scan your code.
- Kubernetes admission control policies can help you enforce deployment time guardrails for compliance by preventing misconfiguration before it happens.
Finally runtime protection (signature-based and profile based) can help you deal with any malicious activities that may happen during runtime.
Anything else that you wish to share with the Cyber Talk audience?
Container orchestration adoption has increasingly become mainstream in enterprises. While adopting containers has huge benefits, the challenge now is to manage the risks of this new, agile landscape by using a cloud native posture management and container security solution.
If you’d like to receive more thought leadership content like this, sign up for the Cyber Talk newsletter here.