Kubernetes Security: 7 Things You Should Consider

Presented by

Ariel Shuper, VP Product & Rafael Seidel, Senior Software Developer

About this talk

Kubernetes is by far the most widely used container orchestrator in the market, and Kubernetes adoption in production environments is rising. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.” Security concerns remain one of the leading constraints for using containers and Kubernetes, organizations can’t afford to treat security as an afterthought. Kubernetes is a highly flexible platform, allowing users to customize, modify and change almost any workmode and deployment options. Each deployment aspect is treated separately and its declarative nature creates large potential for misconfiguration pitfalls or overlooked definitions. Furthermore, Kuberntes architecture with the separation of the Master node, the API server, etcd from the worker nodes and the application pods, increases the amount of elements that need to be secured. Securing Kubernetes requires you to address the security challenges associated with each of these components. Key Discussion Points and Best Practices: 1. Early detection of security risks - Vulnerable images, overly permissive roles, security misconfiguration and access credentials. 2. Common misconfiguration errors with direct impact on the security posture 3. Zero trust security model 4. Kubernetes RBAC: Overlooked but a powerful tool 5. Pod Security Policy and Pod Security context: Security gold mine 6. Kubernetes Network policies - In cluster and external communication policies. 7. Cluster resources protection

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (12)
Subscribers (1010)
Portshift is a Kubernetes-native security leader leveraging the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications protection. Portshift is the only solution offering an agentless approach, with a single Kubernetes admission controller for seamless integration.