8.Locks HexConnections CodeGlobe

Kubernetes has quickly become a de facto tool within enterprise software development environments, enabling DevOps engineers to scale large numbers of containers. And recent cybersecurity hardening guidelines laid out by the NSA and CISA indicate that adoption of Kubernetes has reached critical mass. But this surge in adoption also can introduce many new vulnerabilities and misconfigurations which, if left unchecked, could put many organizations at risk.

Most infrastructure teams have moved on from running just one or two clusters. It’s now common to operate multiple clusters across various divisions and, perhaps, even across multiple clouds. Within this multi-cluster reality, it becomes difficult to keep an up-to-date inventory of all existing Kubernetes clusters, let alone their unique frailties. This can easily result in over-permissive states that break the rule of least privilege.

I recently met with Jimmy Mesta, co-founder & CTO, KSOC Labs, to explore the current issues facing Kubernetes deployments. According to Mesta, increased visibility into all Kubernetes platforms and tighter role-based access control (RBAC) is necessary to keep cloud-native architecture safe and secure. Below, we’ll review these concerns and explore general methods for hardening the growing complexity of today’s Kubernetes deployments.