Expert Commentary On New NSA And CISA Report Released

By   ISBuzz Team
Writer , Information Security Buzz | Aug 05, 2021 09:22 am PST


It has been reported that the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a new report to help systems administrators harden their Kubernetes environments and know the risks to such infrastructure. Kubernetes clusters are often deployed in public and private clouds, as they provide several flexibility and security benefits compared to traditional, monolithic software platforms. However, they are at risk from hackers looking to steal data. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Trevor Morgan
Trevor Morgan , Product Manager
August 5, 2021 5:25 pm

<p>The report issued by the NSA and CISA points to a growing problem in the cybersecurity space, namely the risks associated with data processed or housed within Kubernetes environments. The report rightfully acknowledges that sensitive data is the primary target in these environments, something that threat actors are desperate to obtain and subsequently leverage. Fortunately, the report does touch upon data protection as a preventative means of security, along with perimeter- and access-based security. The general message here is to have a robust, varied, and comprehensive cybersecurity strategy that doesn’t rely on just one or two methods to protect information.</p>
<p>In particular, encryption is a method touched upon in the report, but enterprises need to be aware of the fact that encryption comes with its own issues, including sometimes complex key management and the fact that encrypting data doesn’t necessarily preserve data format. The latter can cause significant issues with enterprise applications, forcing in some cases a process of decrypting data in order to work with it. De-protecting data always generates risk. Better to consider data-centric methods of protection such as tokenization, which not only renders sensitive data meaningless to anyone trying to leverage it, but which also preserves the original format of that data making it very workable by enterprise applications. Best of all, it eliminates the need to de-protect data at any point within an enterprise workflow. The benefit of that should be perfectly clear—avoid having sensitive clear text within your workflows.</p>

Last edited 2 years ago by Trevor Morgan

Recent Posts

Would love your thoughts, please comment.x