Kubernetes has gained amazing traction as a software tool to deploy and manage application containers automatically. But malicious actors know a vulnerable target when they see one, and Kubernetes is no exception.
This July, we learned that threat actors were making large-scale, cryptocurrency mining attacks against Kubernetes clusters.
Organizations running Kubernetes in their on-premises, hybrid cloud, or public cloud environments should take these steps to ensure their containerized workloads and data are protected.
- Configure Kubernetes clusters correctly. Cybersecurity experts say that misconfigured Kubernetes clusters are the biggest reason Kubernetes-based containers are so vulnerable to cyber threats. As we covered in the previous blog, it’s your responsibility as the user to set up the Kubernetes security controls properly. Kubernetes is an open-source platform run by volunteers. No one contributing to the project is looking out for your organization – that’s your responsibility.
- Back up your Kubernetes application data. If mission-critical workloads are containerized, that’s a major potential vulnerability, should those applications be compromised. Even when a cluster is designed to be composable and ephemeral the risks of corruption, misconfiguration, and malicious behavior do not disappear. Ensure you have a robust solution that provides consistent backups of data across Kubernetes clusters, consistent with your VMs and on-premises systems.
- Ensure you have a Kubernetes-friendly disaster recovery strategy. Legacy, hardware-intensive disaster recovery solutions can’t work effectively with Kubernetes, and their recovery time objectives can be lengthy. Given the ephemeral nature of Kubernetes containers, enterprises should have a DR solution that completely automates the application recovery across physical, virtual, cloud environments, including Kubernetes workloads. Just because Kubernetes is composable does not mean that your infrastructure or cloud service is.
- Be careful with permissions. This is another notorious, yet fixable, vulnerability with Kubernetes. Administrators that aren’t selective with Kubernetes user permissions risk opening the attack surface further. Kubernetes allows you to define permissions for different users. Admins should also remove permissions for users that don’t need them anymore.
- Do regular clean-outs. Organizations change fast. The need to quickly launch new business services and products requires companies to be agile and deploy new Kubernetes containers quickly. With all this added complexity, it’s easy to lose track and allow unused and outdated containers to remain, opening a security risk. Make sure to periodically perform a Kubernetes “clean-up” so that you’re removing these zombie containers and reducing the attack surface.
- Assess your Kubernetes landscape for vulnerabilities. Be sure to regularly scan Kubernetes clusters to identify potential risks in your configurations. There are even open-source tools available that will scan for vulnerabilities or misconfigured containers.
- Consider using a managed Kubernetes service. The major cloud providers all offer a managed service, including Amazon’s Elastic Kubernetes Service (EKS), Microsoft’s Azure Kubernetes Service (AKS), and Google’s Kubernetes Engine (GKE). Those services offer some built-in security hardening to protect Kubernetes clusters.
- Don’t skip patches. The Kubernetes project has a committed community of volunteers who are good at spotting vulnerabilities and making patches available immediately. Be sure to keep up to date on the latest versions so that you’re not opening your Kubernetes landscape to a security vulnerability. Also, note that users running Google Kubernetes Engine and similar managed Kubernetes services explicitly state that patching is a shared responsibility between them and you, the customer.
Kubernetes has made container management and orchestration much more streamlined and automated. Unfortunately, cybercriminals are taking advantage of the ease to adopt, open-source nature of Kubernetes to execute more complex and malicious attacks against containers to steal users’ information or gain access to a company’s database. Taking the steps listed above will help organizations keep their Kubernetes-based containerized applications and data protected and recoverable.