Expert Commentary On New NSA And CISA Report Released

BACKGROUND:

It has been reported that the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a new report to help systems administrators harden their Kubernetes environments and know the risks to such infrastructure. Kubernetes clusters are often deployed in public and private clouds, as they provide several flexibility and security benefits compared to traditional, monolithic software platforms. However, they are at risk from hackers looking to steal data. 

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Trevor Morgan
Trevor Morgan , Product Manager
InfoSec Expert
August 5, 2021 5:25 pm

<p>The report issued by the NSA and CISA points to a growing problem in the cybersecurity space, namely the risks associated with data processed or housed within Kubernetes environments. The report rightfully acknowledges that sensitive data is the primary target in these environments, something that threat actors are desperate to obtain and subsequently leverage. Fortunately, the report does touch upon data protection as a preventative means of security, along with perimeter- and access-based security. The general message here is to have a robust, varied, and comprehensive cybersecurity strategy that doesn’t rely on just one or two methods to protect information.</p>
<p>In particular, encryption is a method touched upon in the report, but enterprises need to be aware of the fact that encryption comes with its own issues, including sometimes complex key management and the fact that encrypting data doesn’t necessarily preserve data format. The latter can cause significant issues with enterprise applications, forcing in some cases a process of decrypting data in order to work with it. De-protecting data always generates risk. Better to consider data-centric methods of protection such as tokenization, which not only renders sensitive data meaningless to anyone trying to leverage it, but which also preserves the original format of that data making it very workable by enterprise applications. Best of all, it eliminates the need to de-protect data at any point within an enterprise workflow. The benefit of that should be perfectly clear—avoid having sensitive clear text within your workflows.</p>

Last edited 1 year ago by Trevor Morgan
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x