Here for Mirantis Container Runtime? Click Here

Here for Mirantis Container Runtime? Click Here


Securing your Kubernetes: Harder than it looks

Daniel Virassamy - February 02, 2023

Securing a Kubernetes environment is a difficult task, but ensuring the security of the entire software supply chain is even harder. The true challenge is maintaining end-to-end security in real time as things change dynamically. In order for developers to "just push their code" and utilize Kubernetes as a commodity substrate for application hosting and operations across multiple environments, deep knowledge, intelligent automation, and constant vigilance are required.

One of the major concerns when it comes to software supply chain security is the increasing speed of technology. With modern, container-oriented application design patterns and development methods, a solid Continuous Integration/Continuous Deployment (CI/CD) and application operations automation framework can help organizations move from infrequent releases to frequent releases that are delivered hourly, or as soon as a commit is approved.  

 However, this speed can also be detrimental as vulnerabilities can find their way into running applications from a variety of sources, including insufficiently validated base containers, language modules, and cut-and-paste from unvalidated sources.

What makes Kubernetes particularly vulnerable?

Containerization can make it difficult to identify vulnerabilities, and the complexity at scale only exacerbates the problem. Automation can also add to the problem — for example, build processes that make decisions on the fly about which containers and repositories to use, and ops automation that pulls in third-party component containers dynamically. It becomes impossible for humans to police high-speed modern application delivery.

The extended platform of Kubernetes also poses additional risks. Kubernetes often runs on a deep stack, which can include a cloud's network and operations services, the lowest-level host operating systems on bare metal, hypervisors, guest operating systems on each virtual machine, all the Kubernetes components, and Kubernetes extensions for ingress, networking, and service mesh. This makes the attack surface large and vulnerable to threats.

Unfortunately, vulnerabilities and malware will often find their way into production and be exposed to the internet. The metric organizations should focus on is "time to remediate," as the longer a vulnerability is exposed, the greater the chance it will be exploited. According to reports from SecurityScorecard and The Cyentia Institute, 53% of organizations had at least one vulnerability exposed to the internet and 22% had over 1,000 each. On average, it took organizations 270 to 426 days to remediate one vulnerability and 12 months to fix half of their outstanding vulnerabilities.

To improve security, organizations must take a multitude of steps to secure their extended Kubernetes system, including their software supply chain, platform, and underlying infrastructure. This includes implementing security best practices, automating security tasks, monitoring for vulnerabilities, and continuously assessing and improving security.

Join our upcoming webinar to learn how to protect your clusters

Are you struggling to scale your Kubernetes clusters while also ensuring their security? Join our upcoming webinar on February 23 featuring Daniel Virassamy, Principal Solutions Architect at Mirantis, as he discusses one of the major challenges of scaling Kubernetes - securing clusters. Don't let lackluster security practices leave your team and business vulnerable to threats and breaches. 

The webinar will provide insights on how to implement industry-grade, open-source security tools to audit vulnerabilities, secure configurations, and automate security policy monitoring and configuration. With Lens Autopilot, you can focus on accelerating application delivery while we take care of proactive security measures for you. Don't miss out on this opportunity to learn how to protect your business and increase productivity for your developers. 


How to implement continuous proactive security to safeguard Kubernetes