Securing Kubernetes – Nature and Nurture Plus Insurance
April 26, 2022

Gaurav Rishi
Kasten by Veeam

Just like health in humans where both nature (e.g., your genetic traits) and nurture (e.g., diet and exercise) play an important role; a healthy Kubernetes deployment too needs to have the right start with secure foundations, as well as secure operational practices to keep your clusters running. However, accidents do occur, and things go wrong unexpectedly, so it is critical to invest in an insurance policy with Kubernetes data protection.

Going to the Gym – Secure Operations

A recent report from the NSA provides a Kubernetes Hardening Guide that is a good example of best practices that serve as a defense against supply chain risks, malicious actors as well as insider threats.

Security hygiene practices of container scanning, encrypting data, segmenting networks, etc. are highlighted well in this guide. Implementing and adhering to these processes starts with organizations understanding the unique risks and challenges that come with securing Kubernetes clusters.

Old methods and tools that relied on securing perimeters and firewalls do not work in this growing cloud-native environment, so it is critical to invest in educating and retooling. Cloud-native applications, built as microservices employ a variety of open-source modules and are deployed in distributed environments, obsoleting the traditional notions of static IP address-based security and enforcement rules.

Building your DNA – Secure Foundations

What the NSA report doesn't cover though is that with the adoption of "Shift Left" principles, not only is security a shared responsibility, but we now also have very capable tools to embed security constructs and polices very early in the software development life cycle. Cloud-native development IDEs now make it a snap to incorporate the best security practices early. For e.g., Right at development time, when creating an object storage bucket, the developer can be auto reminded to ensure that the encryption options are turned on.

The Kubernetes community is also innovating with new constructs that make Policy-as-code easy to author and enforce without being locked into a single vendor solution. For e.g., using policy language authoring and enforcement tools, you can associate a backup policy as a pre-cursor to a stateful application being deployed into production. Kubernetes admission controllers can detect and enforce these policies with mutating web hooks. This follows the principle of security being a shared responsibility. Organizations that build these strong foundations upfront, will not find themselves in a potentially disastrous situation of production applications without backup policies handling mission critical data at run time.

Don't Forget Insurance – Kubernetes Backup and DR

As the deployment of Kubernetes applications increase in scale, so have the attacks from malicious actors. As an example, ransomware is a serious problem for enterprises and is now even expanding to the mid-market segment as this WSJ article highlights.

Organizations need to plan for these disruptions and invest in the right data protection tools. Just like the old perimeter-based approaches don't work in securing Kubernetes, similarly traditional hypervisor-based tools don't work for data protection. Invest and operationalize in the right Kubernetes-native solution that accommodates high-velocity application development cycles with distributed deployment where the infrastructure is abstracted away.

Follow these principles, and there is no reason why your Kubernetes applications will not have a long and health life!

Gaurav Rishi is VP, Product & Cloud Native Partnerships, at Kasten by Veeam
Share this

Industry News

October 03, 2024

Check Point® Software Technologies Ltd. announced its position as a leader in The Forrester Wave™: Enterprise Firewalls, Q4 2024 report.

October 03, 2024

Sonar announced two new product capabilities for today’s AI-driven software development ecosystem.

October 03, 2024

Redgate announced a wide range of product updates supporting multiple database management systems (DBMS) across its entire portfolio, designed to support IT professionals grappling with today’s complex database landscape.

October 03, 2024

Elastic announced support for Google Cloud’s Vertex AI platform in the Elasticsearch Open Inference API and Playground.

October 02, 2024

Progress announced the recipients of its 2024 Women in STEM Scholarship Series.

October 02, 2024

SmartBear has integrated the load testing engine of LoadNinja into its automated testing tool, TestComplete.

October 01, 2024

Check Point® Software Technologies Ltd. announced the completion of its acquisition of Cyberint Technologies Ltd., a highly innovative provider of external risk management solutions.

October 01, 2024

Lucid Software announced a robust set of new capabilities aimed at elevating agile workflows for both team-level and program-level planning.

October 01, 2024

Perforce Software announced the Hadoop Service Bundle, a new professional services and support offering from OpenLogic by Perforce.

October 01, 2024

CyberArk announced the successful completion of its acquisition of Venafi, a provider of machine identity management, from Thoma Bravo.

October 01, 2024

Inflectra announced the launch of its AI-powered SpiraApps.

October 01, 2024

The former Synopsys Software Integrity Group has rebranded as Black Duck® Software, a newly independent application security company.

September 30, 2024

Check Point® Software Technologies Ltd. announced that it has been recognized as a Visionary in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.

September 30, 2024

Harness expanded its strategic partnership with Google Cloud, focusing on new integrations leveraging generative AI technologies.

September 30, 2024

OKX announced the launch of OKX OS, an onchain infrastructure suite.