Portshift Announces Five Security Best Practices for Kubernetes Deployments
Company Supports Organizations in Overcoming K8‘s Security Challenges with Industry-Proven Techniques and Strategies
TEL AVIV – January 21, 2020 OpinePR 🎯 -- Portshift, a leader in identity-based workload protection for cloud-native applications, today introduced five security best practices for DevOps and development professionals managing Kubernetes deployments. Integrating these security measures into the early stages of tech CI/CD pipeline will assist organizations in the detection of security issues earlier, allowing security teams to remediate issues quickly.
The use of containers continues to rise in popularity in test and production environments, increasing demand for a means to manage and orchestrate them. Of all the orchestration tools, Kubernetes (K8s) has emerged as the market leader in cloud-native environments. Unfortunately, Kubernetes is not as adept at security as it is at orchestration. It is therefore essential to use the right deployment architecture and security best practices for all deployments.
However, while Kubernetes has risen in popularity, it has also come with its own set of security issues, increasing the risk of attacks on applications. Because Kubernetes deployments consist of many different components (including: the Kubernetes’ master and nodes, the server that hosts Kubernetes, the container runtime used Kubernetes, networking layers within the cluster and the applications that run inside containers hosted on Kubernetes), securing Kubernetes requires DevOps/developers to address the security challenges associated with each of these components.
To overcome these challenges, below are five security best practices for tackling the K8’s security challenge:
Authorization: Kubernetes offers several authorization methods which are not mutually exclusive. It is recommended to use RBAC and ABAC in combination with Kubernetes where RBAC policies will be forced first, while ABAC policies complement this with finer filtering.
Pod Security: Since each pod contains a set of one or more containers, it is essential to control their communication. This is done by using Pod Security Policies which are cluster-level resources that control security sensitive aspects of the pod specification.
Container Security: Kubernetes includes basic workload security primitives related to container security. However, if apps, or the environment, are not configured correctly, the containers become vulnerable to attacks.
Migration to Production: As companies move more deployments into production, that migration increases the volume of vulnerable workloads at runtime. This issue can be overcome by applying the solutions described above, as well as making sure that your organization maintains a healthy DevOps/DevSecOps culture.
Securing CI/CD Pipelines on Kubernetes: Running CI/CD on Kubernetes allows for the build-out, testing, and deployment of K8‘s environments that can quickly be scaled as needed. Security must be baked at the CI/CD process because otherwise attackers can gain access at a later point and infect your code or environment.
Leverage a security solution that acts as a protection layer for K8s and provides visibility both at the app and cluster levels.
A powerful complement to K8’s security infrastructure is the service mesh. It supports a secure cloud-native environment by automatically taking care of service discovery and connection so that both developers and individual microservices do not have to. Used in conjunction with Kubernetes, the service mesh supports applied security at the service level, not just at the network level. The service mesh enables the highest level of security when used in conjunction with identity-based workload protection to secure containers and microservices.
Additional information about this is available at https://www.portshift.io/product/service-mesh-security/.
“As the leading orchestration platform, Kubernetes is in active use at AWS, Google Cloud Platform, and Azure,“ said Zohar Kaufman, VP, R&D and Co-Founder, Portshift. “With the right security infrastructure in place, it is set to change the way applications are deployed in the cloud with unprecedented efficiency and agility. Portshift delivers an intuitive and centralized way to govern Kubernetes microservices to make this a reality.“
To learn more about Portshift, please visit https://www.portshift.io/product/
Tweet this: @Portshift Details 2020 Security Best Practices for Kubernetes Deployments
To learn more about Portshift:
• Become a Trusted Portshift Partner: https://www.portshift.io/partners/
•. Visit Portshift at https://www.portshift.io
• Follow Portshift on Twitter at http://www.twitter.com/portshift
• Follow Portshift on LinkedIn at https://www.linkedin.com/company/portshift/
View Video: Kubernetes Security Challenges
Portshift is an identity-based cloud workload protection platform that secures applications from CI/CD to runtime. Portshift enables organizations to know which applications are running on their cloud environments, to see and enforce how the applications communicate and to easily find information that is associated with their development and deployment cycles enabling DevOps teams to orchestrate security as part of their day-to-day job. Portshift's unique model introduces a security framework that is decoupled from network and operations, allowing for accelerated software delivery at any scale. Portshift was spun out of think tank and company-builder Team8.
Go to portshift.io for more info.
- END -
Other Portshift News:
Portshift Syncs Kubernetes Policies to Container Vulnerabilities in CI/CD Pipelines for Remediation
- submit Press Releases to: firstname.lastname@example.org