TIPS #8: How can companies maximize the benefits of Kubernetes while managing the risks?

Issue: More companies than ever are using Kubernetes to make application development more efficient- yet its complexity is often misunderstood.  

Kubernetes (and its “instances” known as K8s) is an open-source platform for managing containerized applications. Using Kubernetes enables lower development costs and can automate processes like application deployment, scaling, and management, allowing organizations to build their own services and avoid getting locked into a single software or SaaS vendor. Many companies have started to adopt Kubernetes: as of 2022, 96% of cloud-native companies were using or considering the use of Kubernetes and almost half of all container-based organizations were using Kubernetes to deploy and manage containers.  

For all its benefits, most companies using Kubernetes are unaware of its requirements, how it relates to specific business functions in use (and the resulting security considerations), or how to manage a growing number of clusters.  

Here’s an example of how Kubernetes is often used. Companies recognize that Kubernetes is a lower-cost and efficient resource to build microservices around data analytics or publication (to use for marketing, communications, sales, financial management, trading operations, human resources, and/or logistics management). They see this as a strong alternative to more expensive servers or hosted virtual machines and choose to adopt Kubernetes. However, companies rarely consider the resource dependencies that business units have when using Kubernetes. They then overlook necessary security and risk management requirements during development and deployment, only applying security guardrails afterwards.  

Impact: Misunderstanding leads to misalignment with business requirements, inefficiencies, an inability to effectively identify threats, and sub-optimal incident response. 

From a risk management perspective, applying security guardrails retroactively conflicts with key business goals like adhering to regulations, securing operations, and lowering risk. There are significant potential risks in using Kubernetes (like insecure workload configurations and supply chain risks) that companies must address. When companies retroactively consider security, vulnerabilities in microservices and applications built with Kubernetes aren’t caught until after deployment, increasing the risk of an incident and making it more difficult to address security issues. These companies also lack clear visibility into their K8s clusters and can’t effectively detect and respond to threats. Kubernetes -based security incidents can lead to breached container data, data destruction, cryptojacking, and denial of service. Depending on the incident, this can cause considerable business impacts including revenue loss, regulatory violations, customer turnover, and project delays.  

Action:  Consider resource dependencies, shift left/up/everywhere, and gain Kubernetes visibility 

1. Who, how, and why: understanding resource dependencies 

Companies need to fully understand which business units are using Kubernetes, how they are using it, and why they are using it to determine appropriate resource and security needs. This should be the starting point for any Kubernetes use case to properly assess and manage risk while driving the greatest business benefits.  

2. Shift left, up, and everywhere: A DevSecOps approach 

Security can’t be brought in only after deploying an application using Kubernetes. Companies must shift left to incorporate security throughout the development cycle to fix vulnerabilities early on, improve the overall security of the final application, and mitigate risk. Shifting everywhere- testing application security as soon as possible and continuously throughout the development cycle- is a natural progression for companies shifting left. Companies should shift everywhere to institute processes to patch, maintain, and secure applications from development through deployment and beyond. 

Further, companies need to shift up and consider their entire cybersecurity ecosystem instead of thinking about each tool as an isolated point solution (which can cause inefficiencies that degrade security capabilities). How do the tools you use interact with each other and how can you streamline your cybersecurity efforts? Uptycs’ CNAPP and XDR platform is a cohesive solution that helps you build a unified security posture, eliminate inefficiencies and reduce risk throughout your organization.  

3. Prioritize Kubernetes-first security 

Cloud security alone doesn’t provide context for the entire Kubernetes environment. Companies need a real-time, prioritized view of Kubernetes risk to be proactive and not reactive. KSOC’s run-time visibility and identity-centric remediation gives you a holistic visualization of contextualized Kubernetes risk, creates security efficiencies, and automates incident response.