As part of our security experts comment series, Khash Sajadi commented below on the news that broke earlier today about an unprotected server exposing Weight Watchers internal IT infrastructure.
Khash Sajadi, Security Expert at Cloud 66:
“While there’s no substitute for best practices, good, not even great security practices could easily have prevented this issue from happening. Developers need access to the Kubernetes cluster all the time, to ensure there if the cluster is opened up no one forgets to close it. This can occur with firewalls too, but best practices are well-known in that space while in the Kubernetes world they are not. This is further proof that containerization needs buy-in from both devs and ops – both have to work together and use tools that are built for that purpose.
Teams need to find that balance between developer freedom (to focus on code, and commit as fast as possible, using self-service mechanisms) and operational governance (how to keep all those aspects of developer freedom within infrastructure and security policies) and it can be a sizeable challenge in any environment. It can be exponentially more so when it comes to Kubernetes. Developers shouldn’t have to manage configuration, secrets or own security, and operations shouldn’t do manual tasks that slow down development, unless the policy states so. There are tools that solve this conundrum as a core underlying capability, and enable automated and compliant operations built for developers, who can then easily deploy to multiple Kubernetes environments.”