Expert Commentary On New NSA And CISA Report Released

BACKGROUND:

It has been reported that the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a new report to help systems administrators harden their Kubernetes environments and know the risks to such infrastructure. Kubernetes clusters are often deployed in public and private clouds, as they provide several flexibility and security benefits compared to traditional, monolithic software platforms. However, they are at risk from hackers looking to steal data. 

Experts Comments

August 05, 2021
Trevor Morgan
Product Manager
comforte AG

The report issued by the NSA and CISA points to a growing problem in the cybersecurity space, namely the risks associated with data processed or housed within Kubernetes environments. The report rightfully acknowledges that sensitive data is the primary target in these environments, something that threat actors are desperate to obtain and subsequently leverage. Fortunately, the report does touch upon data protection as a preventative means of security, along with perimeter- and access-based

.....Read More

The report issued by the NSA and CISA points to a growing problem in the cybersecurity space, namely the risks associated with data processed or housed within Kubernetes environments. The report rightfully acknowledges that sensitive data is the primary target in these environments, something that threat actors are desperate to obtain and subsequently leverage. Fortunately, the report does touch upon data protection as a preventative means of security, along with perimeter- and access-based security. The general message here is to have a robust, varied, and comprehensive cybersecurity strategy that doesn’t rely on just one or two methods to protect information.

In particular, encryption is a method touched upon in the report, but enterprises need to be aware of the fact that encryption comes with its own issues, including sometimes complex key management and the fact that encrypting data doesn’t necessarily preserve data format. The latter can cause significant issues with enterprise applications, forcing in some cases a process of decrypting data in order to work with it. De-protecting data always generates risk. Better to consider data-centric methods of protection such as tokenization, which not only renders sensitive data meaningless to anyone trying to leverage it, but which also preserves the original format of that data making it very workable by enterprise applications. Best of all, it eliminates the need to de-protect data at any point within an enterprise workflow. The benefit of that should be perfectly clear—avoid having sensitive clear text within your workflows.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.