Articles

NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline,…

The guidance seeks to educate IT administrators about cloud security risks and best practices for implementing and maintaining Kubernetes.

Earlier this week, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA)  issued a joint document entitled Kubernetes Hardening Guidance. Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling and management of applications, usually in a cloud environment. According to the most recent State of Kubernetes Security report by RedHat, more than half the security professionals surveyed said they delayed deploying Kubernetes applications into production due to security.

In addition, almost all the security respondents said they had one security incident in their Kubernetes environment during the past year. Underscoring the depth of security concerns surrounding Kubernetes, 59% of respondents said they are most worried about unaddressed security and compliance needs or threats to containers.

The rapid shift to cloud environments, particularly since the advent of the pandemic, undoubtedly heightens these security concerns. It’s little surprise, then, that NSA and CISA felt the need to help organizations deal with security in a containerized environment, which is more complex than “traditional, monolithic software platforms.” Although the agencies tailored their guidance to system administrators of national security systems (systems containing classified or intelligence information) and critical infrastructure, they encourage administrators of federal and state, local, tribal, and territorial (SLTT) government networks to also implement the recommendations.

Within the Kubernetes architecture are clusters composed of control planes and one or more physical or virtual machines called worker nodes, which host pods that comprise one or more containers. The containers house software packages and all their dependencies.

The joint guidance says that while Kubernetes has always been a target for malicious actors to steal data, threat actors are increasingly drawn to Kubernetes systems to steal computation power, often for cryptocurrency mining.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Sigmund on Unsplash