security

Securing Kubernetes Environments Is A Runtime Challenge – Forbes


Sameer Malhotra is cofounder and CEO of TrueFort, a former Wall Street tech exec and an expert in IT infrastructure and cyber security.

Kubernetes has become the de facto standard for deploying applications and workloads in the cloud thanks to its flexibility and efficiency. One survey found 96% of organizations are either reviewing the technology or already using it.

This popularity has gotten attackers’ attention and made Kubernetes a new attack surface that needs to be protected. However, traditional security measures that worked for data center servers, and even virtual machines, don’t apply to cloud-native containers.

Unlike bare-metal servers in data centers, which are static as a general rule, Kubernetes containers are constantly changing, which makes them hard to monitor for threats. For example, a legacy server will typically stay online for months or even years, running new workloads but never changing its identity. A Kubernetes container, on the other hand, often lives for half a second to a couple of minutes. It’s designed to come online, execute what it’s told and go offline, while another one that does the exact same thing will come online a few seconds later. Dozens can be running in parallel simultaneously.

This creates a challenge for security solutions that need to profile each server to protect it according to its unique identifier. Intervening and stopping malicious activity in progress is generally impossible because once it’s detected, the affected container likely no longer exists. IT staff can pull a snapshot of what happened but can’t intervene and tell security to stop a threat before it spreads because it occurred in the past, and the container in question is gone.

Readers Also Like:  Is new technology infiltrated by old biases? - KSAT San Antonio

Some security solutions have worked around the shelf-life issue by implementing what is called a sidecar model, where pods of containers connect to a security container that monitors their activity from a privileged view. The security sidecar can scan images while other containers are operational. This has its own challenges because organizations end up running 15% to 20% more containers, which imposes a performance and efficiency penalty that Kubernetes was meant to improve.

Another approach involves making Kubernetes containers immutable, so any change to the code is required to go through a security check. This rigid process hamstrings developers in terms of flexibility and agility for making minor enhancements in production environments, which is counterproductive to the reasons why Kubernetes is deployed in the first place.

Since Kubernetes containers are ephemeral, they have to be viewed and monitored using a completely different lens than a legacy server. Here are some best practices to consider for protecting Kubernetes environments.

• Look at the big picture. Don’t implement container-only security solutions for Kubernetes environments. Adding a siloed view makes it difficult to view workloads in context to what is happening in the rest of the environment, which in turn makes it harder to investigate attacks. Consider security controls that span legacy servers, virtual machines and Kubernetes containers, too.

• Focus on the platform. Implement security at the pod layer rather than the container layer to avoid efficiency issues that come with sidecar approaches. This provides security with privileged monitoring and controls without increasing the overhead associated with running a sidecar node in each pod. Meanwhile, enforcing positive rules in container profiles can restrict access to designated resources.

Readers Also Like:  5 Travel Tech Trends Worth Watching in 2023 - Skift Travel News

• Use automation. Stopping malicious activity requires the ability to kill a container, suspend a container for inspection or kill network connections at runtime speed, which cannot be performed manually.

• Enforce segmentation. To limit the blast radius of malicious activity within containers while protecting operations, implement a proactive segmentation model that can contain threats until they can be remediated.

Implementing these best practices will only have a minor impact on operations since containers are transient. However, they enable security teams to react quickly to threats by killing network connections and suspending containers in order to stop suspected attacks mid-flight while capturing the forensic data needed to determine if corrective actions are required.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Follow me on LinkedInCheck out my website



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.