Kubernetes Breaks Traditional Security Models
Kubernetes dynamically orchestrates workloads to maintain the desired state of your application. Every time a workload is launched, it receives a new IP address and could be located on another node. This works well for scaling your application and maintaining uptime, however it breaks the current security model that was designed for static resources like VMs and bare metal servers.
Kubernetes Requires a Modern Approach to Security and Compliance
Zero-Trust Network Security
With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.
Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.
Visibility and Traceability
Applications running on Kubernetes Platforms have constantly changing IP addresses and locations that makes it impossible to use traditional flow logs to debug issues and investigate anomalous activity. The only accurate approach is to use Kubernetes labels and workload identity in your netflow logs.
Multi-cloud and Legacy
Many applications running on Kubernetes will not be greenfield. Applications often need to communicate securely with other systems outside of the cluster, such as on-premises or cloud-based VMs, bare metal servers and databases. To achieve zero trust security for Kubernetes, your security policies must be capable of expanding beyond the cluster.