12-06-2020

How to improve Kubernetes security

Prevent Human Error and Misconfigs with Otomi Container Platform

Container orchestration with Kubernetes is hard enough and securing container and Kubernetes environments brings this to a whole new level of complexity. 

Assisted by research and advisory firm 451 Research, StackRox polled more than 540 Kubernetes and container users across IT security, DevOps, engineering, and product roles. The survey results found that 94% of respondents experienced at least one container security incident in the past 12 months. Consequently, 44% of respondents were then delayed in moving their applications into production because of security concerns.

Exposures and data breaches due to misconfigurations – a result of human error – trump all other security concerns in what StackRox said has become an “alarmingly common” trend. Suffering security incidents, delays in application rollouts because of security concerns, and a steep learning curve are all limiting the ability to realize the true benefits of a cloud-native stack.

Kubernetes Complexity

Sixty-one percent of respondents cited misconfigurations as the source of risk they’re most concerned about compared to the 27% who identified vulnerabilities as the biggest concern and 12% that named attacks as their top concern.

Kubernetes has a lot of knobs and dials, and it’s easy to get it wrong and misconfigurations also represent huge security risk. Companies are just as quick to jump on the container bandwagon as they are to condemn its security vulnerabilities, which, in many ways is just as reckless as cutting bangs without considering the constant maintenance they require. 

Findings from the survey are a clear indication that organizations are putting at risk the core benefit of faster application development and release by not ensuring their cloud-native assets are built, deployed, and running securely. 

Following a year of numerous security bugs within the Kubernetes ecosystem and the first security audit of Kubernetes conducted by the Cloud Native Computing Foundation (CNCF), continued wide-spread adoption has seen security become somewhat of an afterthought.

How Otomi Container Platform can help

Otomi Container Platform offers an out-of-the-box container platform solution on top of Kubernetes and consists of a set of pre-configured suite of open source solutions working in tandem. The configuration is managed by a hierarchical set of values that can be manipulated using the Otomi API. This enforces a strict configuration and prevents misconfigurations. The complete configuration of all solutions used by Otomi Container Platform is thoroughly tested so all issues that could potentially leave your cluster exposed to attackers are solved for you.

The Otomi API abstracts away most of all the Kubernetes complexity so you can directly jump on the container bandwagon and don’t have to worry about the underlying complexity and potential security issues. This enables you to directly benefit from faster application development and release.

But Otomi Container Platform offers more security features:

  • Access to kube-bench and kube-hunter scan reports
  • A local Harbor instance to configure image replication
  • Enforcement of a default set of security policies based on best practices (with Open Policy Agent)
  • Multi tenancy for logs
  • Integrated Identity and Access Management (with Istio and KeyCloak)
  • Complete lifecycle management of all open source solutions

Want to know more? Contact us for a live demo.

Let's get in touch!

Contact us