Videos · Ben Baker · TAGS: Cloud security
Learn why Kubernetes and security can be a tricky combination. Ethan Chen, Senior Product Manager of Cloud Strategy at Expel, joins the conversation to:
- share insights on Kubernetes and how to gain security context
- discuss Kubernetes best practices
- get started with secure Kubernetes with a short Kubernetes security checklist
For a deeper dive into Kubernetes, check out this two-part blog series (part 1 and part 2), defining Kubernetes and how security teams should approach Kubernetes security.
Introduction
Ben Baker: Hey, I’m Ben, Director of Content at Expel. I’m joined by Ethan Chen, Senior Product Manager of Cloud Strategy. Today, we’re exploring Kubernetes and security—why it’s complex, how to approach it, and what security teams need to know.
What is Kubernetes and why is it so popular?
Ben: First things first—what exactly is Kubernetes, and why is it so widely used?
Ethan: Kubernetes is a container orchestration system originally built by Google. It’s essential for managing containerized applications at scale—handling hundreds or even thousands of containers. It enables modern, cloud-native development by abstracting away infrastructure complexity and enhancing developer velocity.
Why is Kubernetes hard to secure?
Ben: Kubernetes is flexible, but also notoriously difficult to secure. Why is that?
Ethan: The combination of its dynamic nature and layered structure—clusters, nodes, pods, containers—creates a massive attack surface. When you add in the ephemeral nature of containers and microservices, it becomes really difficult to maintain visibility and enforce consistent policies. That’s why Kubernetes security context and configurations like RBAC and IAM are so critical.
Building a mental model: the cargo shipping analogy
Ben: We used a cargo shipping analogy in a blog post to explain Kubernetes. Why is that helpful?
Ethan: Analogies help simplify technical topics. Visualizing Kubernetes like a shipping system—with containers, ships, and ports—helps people understand the relationships between components. That understanding is essential for defining your attack surface and building out your Kubernetes security checklist.
Cryptojacking and Kubernetes: a real-world example
Ben: Tesla experienced a cryptojacking attack in 2018 through Kubernetes. Why are these kinds of attacks effective in Kubernetes environments?
Ethan: Kubernetes makes it easy to spin up compute resources quickly—which is great for devs and attackers alike. If your cluster is misconfigured or lacks proper Kubernetes security context settings, attackers can exploit that to mine cryptocurrency unnoticed. It’s high ROI for them, and a nightmare for defenders.
Where should security teams start?
Ben: What advice would you give to security teams just getting started with Kubernetes?
Ethan:
Here’s a simplified Kubernetes security checklist to follow:
- Start small: Don’t migrate everything at once. Start with a single application.
- Gain visibility: Understand what’s happening inside your clusters.
- Harden configurations: Prevent misconfigurations with defined templates or blueprints.
- Enforce least privilege: Use RBAC and IAM to control access.
- Secure the runtime: Configure Kubernetes security context, seccomp, and admission controllers.
- Iterate and scale: Apply what you learn from your pilot to future deployments.
Just for fun: ducks or elephants?
Ben: One last (very important) question: Would you rather fight one elephant-sized duck or 100 duck-sized elephants?
Ethan: 100 duck-sized elephants. They’re small—what could they do?
Ben: Agreed. A flying, elephant-sized duck sounds like a horror movie.
Final thoughts
Ben: Ethan, thanks so much for breaking down Kubernetes security with us. This was fantastic.
Ethan: Glad to be here—thanks for having me!
