by John Armstrong | Sep 3, 2020 | Blog, Kubernetes, Network Policy, Security, Zerotrust
The old security model, which followed the “trust but verify” method, is broken. That model granted excessive implicit trust that attackers abused, putting the organization at risk from malicious internal actors and allowing unauthorized outsiders wide-reaching access...
by Christopher Liljenstolpe | Dec 11, 2018 | Business Strategy, Kubernetes, Microsegmentation, Network Policy, Security, Zerotrust
Or, How to map my current operational model into the brave new Kubernetes world Recently, I was working with a large customer of ours as part of an engagement to help them work through their security posture for their Kubernetes environment(s). As with most large...
by Christopher Liljenstolpe | Aug 3, 2018 | Blog, Security, Zerotrust
Well, the Tiger is going to Black Hat in Las Vegas in a few weeks time, and so I’ve been planning our risk mitigation strategy for when we are there. The last thing I want is for the Tiger to show up on the Wall of Sheep. To that end, I’ve written up an...
by Christopher Liljenstolpe | Jul 23, 2018 | Blog, Cybersecurity, Kubernetes, Security, Zerotrust
For almost as long as we have networked computers, we have used the network location or address as their primary identity. Using network location might have made sense when there was a 1:1 mapping between a computer and the thing it was acting for (user, application,...
by Andrew Randall | Mar 20, 2018 | Blog, Calico, Calico Enterprise, Cloud Computing, Cloud Native, Cloud Security, Containers, GCP, Microsegmentation, Network Policy, Networking, Project Calico, Security, Tigera, Zerotrust
A best practice for securely deploying Kubernetes applications is to enforce network policy. Google’s announcement today that network policy for Google Kubernetes Engine (GKE) using Calico network policy is now generally available (GA) is a huge step forward for...
by Christopher Liljenstolpe | Mar 12, 2018 | AWS, Calico Enterprise, Containers, DevOps, Kubernetes, Microsegmentation, Project Calico, Security, Uncategorized, Zerotrust
Heptio’s CTO, Joe Beda, recently posted an insightful blog entry discussing the Tesla Kubernetes compromise. I wanted to dive into one of the areas he mentioned, network policy. Before I do, however, I would make some general observations. While, in hindsight, the...