Improving organizational security by adopting zero-trust in Kubernetes

Very recently, the White House published a memo that provides ground work for creating a zero-trust architecture for federal agencies. With new emphasis from the US government, zero-trust networking is an area that many businesses are focusing to improve their security posture. Amidst that focus, it becomes important to understand how & where these principles can be applied to cloud native environment, specifically, Kubernetes cluster.

The story so far  

As there is a renewed emphasis to apply zero-trust principles to Kubernetes, we need to understand that it’s not a new principle, and it has been there since a while. In the early 2000s, the concept of “de-perimetrization of network resources” was advanced in the UK. It suggested that organizations should stop relying on the perimeter controls like network firewall for securing their applications & systems. Instead, they should arrange for securing each system & directly accessing them.  

In the year 2014, Google published “BeyondCorp: A New Approach to Enterprise Security,” – it similarly looked at how enterprises can move away from network security and ensure that users & application can ensure that callers were properly authenticated & authorized. Now we have this memo from the US government “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles” – this again recommends that organizations should not depend on the network perimeter to protect their important data & systems.  

Ready to experience the full power of cloud technology?

Our cloud experts will speed up cloud deployment, and make your business more efficient.  

Applying zero-trust principles to Kubernetes  

Now that we have a goal – reducing reliance on network perimeter controls – what are the practical steps that organizations can take to introduce zero-trust concepts into Kubernetes environment?

Service-to-service networking

At first we need to look at the container network. By default, every Kubernetes cluster provides a flat network wherein every container can communicate directly with every other container without any restrictions. This type of container network is always treated as a “trusted” network by the applications running in it, and the services don’t require any authentication for requests which originate from within the network. Let’s say we have a range of services connected to a cluster network which can access each other at network level. How can its security be improved? We can do so by enabling Kubernetes network policies to apply default rules to both ingress & egress traffic in the cluster. Since network policies apply to workloads based on logical parameters, it can be ensured that only related workloads can communicate with each other. 

User-to-service access  

There’s another aspect to zero-trust Kubernetes that has to be accounted for as well, this is user-to-cluster communications. Since Kubernetes does not have a provision of production-grade authentication option, external solutions will be needed to fully realize a zero-trust vision. One option would be service mesh, where user access effectively goes through some kind of proxy service before hitting the Kubernetes API, where that proxy can put controls based on things like device posture & request sensitivity.  

It is obvious that way for most organizations is towards adopting a zero-trust approach to organizational network security. The old days when many organizations took a hardened perimeter approach with a soft interior are numbered. However, this is going to be a long process. ISmile Technologies helps you to increase the speed of your innovation for tremendous advantage with our end-to-end solutions. Being veterans in the DevOps & Kubernetes, we leverage our years of hands-on experience to offer you out-of-the-box solutions to meet your business needs. At ISmile Technologies we see DevOps as a no-touch CI/CD driven software delivery approach. An approach that believes that an integrated delivery function from requirements to production will give higher business value to customers. We help you reimagine cloud security by building it into the foundation of your company, it can meet your businesses’ needs as a fully managed as-a-service model ensuring seamless compliance & security.

Liked what you read !

Please leave a Feedback

0 0 votes
Article Rating
guest
0 Comments
Inline Feedbacks
View all comments

Related articles you may would like to read

How can organizations do End-of-the-year VDI Auditing & Planning?
0
Would love your thoughts, please comment.x
()
x
Proposals

Know the specific resource requirement for completing a specific project with us.

Blog

Keep yourself updated with the latest updates about Cloud technology, our latest offerings, security trends and much more.

Webinar

Gain insights into latest aspects of cloud productivity, security, advanced technologies and more via our Virtual events.

ISmile Technologies delivers business-specific Cloud Solutions and Managed IT Services across all major platforms maximizing your competitive advantage at an unparalleled value.

Request a Consultation