EXPEL BLOG

Kubernetes security: what to look for

· 3 MIN READ · DAN WHALEN · MAR 1, 2023 · TAGS: MDR

When it comes to Kubernetes (k8s), there are three kinds of organizations:

  1. Orgs that need security (preferably sooner vs. later)
  2. Orgs that built their own security
  3. Orgs that started building their own and decided there has to be a better way

We imagine there are a lot of #2s that are very close to becoming #3s.

Regardless, if your operation does its own application development, k8s is likely part of your future (or present). The problem is that, like any new tech, k8s has its share of security gaps, and failure to address them could lead to…suboptimal outcomes.

So, if you’re one of these organizations, what should you look for when building or shopping for a Kubernetes security platform? Here are a few suggestions.

Kubernetes security should be integrated.

There are many, many platforms, technologies, and solutions (cloud, network, endpoint, and more) in the modern security operations center (SOC), and each one represents an opportunity for the cyber defenders of the world.

The ideal answer to your challenges integrates k8s development and security with as many of these disparate systems as possible, affording you a clean, unified view of your environment and the entire attack surface. This is especially important for Kubernetes, where much of the context you’ll need for detection and response exists in other tech.

Kubernetes security should be customizable.

Technical requirements change. Business requirements change. New platforms are onboarded. Leadership decides to embark on new initiatives. If all goes well, the organization grows. It often seems like the SOC isn’t the same as it was five minutes ago.

If you aren’t set up for it, change (like expanding k8s operations) can represent chaos (and chaos equals risk).

As your k8s operations expand, you’ll need a security environment that scales—quickly and seamlessly. When this happens, security accelerates the business instead of hindering it, turning the board’s periodic cost conversations into ROI conversations.

Kubernetes security should be automated, fast, and accurate.

Threats come at you fast. Which is why there’s no substitute for intelligent automation in any SOC, especially one serving an organization that’s relying more heavily on emerging technologies. K8s is especially prone to exploitable configuration errors, with more than half of organizations using Kubernetes detecting a misconfiguration in the past year.

Your SOC needs to be able to analyze k8s clusters and create detections (in alignment with the MITRE ATT&CK framework), providing you with insights you can put into play 24/7.

Kubernetes security should be accessible.

Security has a bit of a bad rap for being complex and obscure (something we’ve tried hard to rally against). Kubernetes is already a highly specialized area of expertise—if you’re looking for k8s security experts…good luck. Security solutions should help bridge this gap.

We love Kubernetes wizards (what would we do without you?) but the truth is we can’t expect everyone to be one—especially as we think about folks on the front lines in a SOC. The ideal solution allows your people (technical and not) to succeed without requiring expert-level K8s chops.

Kubernetes security should be transparent and trusted.

This shouldn’t need saying, but let’s say it anyway.

As k8s grows, we’ll see more and more “solutions” aimed at safeguarding it. Not all of them are going to be ready for prime time, so question 1 has to be: Do I trust this provider with my business? Question 1a: If so, why?

In our view, transparency goes a long way towards building trust—these days most security folks avoid “black box” solutions. You’ll be tempted to try open-source tooling (there are many great projects to choose from) but don’t equate open source with “free.” Choosing the right solution will depend on your specific requirements and what you want to take on versus hire out.

This list doesn’t cover everything you need to address, but once you’ve satisfied these four criteria, you’ll be well down the road toward securing a genuinely transformative new development technology for your business.

If you have questions or just want to talk through things, drop us a line.