Why 93% Of Kubernetes Users Struggle With Security

Following the news that:

93% of Kubernetes users struggle with security

2022 state of Kubernetes security report (redhat.com)

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Michelle.mclean
Michelle.mclean , VP of Marketing
InfoSec Expert
June 20, 2022 10:13 pm

This report from Red Hat highlights some really important security considerations. Because cloud-native design relies on new technology stacks such as containers, Kubernetes and service mesh, it also requires API development, integration, and consumption. This, in turn, creates a larger attack surface. In addition to threats caused by cloud complexity itself, the cloud also increases exposure of some assets beyond more well-understood, on-premises data centre environments.
Access controls are difficult to get “right” when organisations must support multiple environments and consumer types. There have also been cases of server-side request forgery. A good example is the Capital One incident where attackers use web applications or web APIs as the front door into back-end cloud provider metadata services and infrastructure. Kubernetes (and its APIs) are usually an internal service used by the service provider/maintainer and not by its users. This in turn can play to the hands of attackers, as exposing these APIs may turn a very small attack surface to a very big one – allowing the attackers to try and find number of issues that could be abused in the API service itself, whether from misconfigurations of the service itself, or from well-known API class vulnerabilities.

Last edited 16 days ago by michelle.mclean
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x