The State of Kubernetes in 2021 and What CISOs Can Do About it

The State of Kubernetes in 2021 and What CISOs Can Do About it

Kubernetes has been evolving at a rapid pace. CISOs need to learn about emerging trends and developments in the space and the measures they can take to secure it from potential attacks.

As per a report from the Nautilus research team of Aqua Security, the year 2020 witnessed increased cyber-attacks targeting cloud-native supply chain and infrastructure. The report provides insights into the security threats that these platforms face, including fileless malware in containers, exploiting misconfigured Docker API ports and using container images that were relatively unsophisticated. However, the lack of sophistication did not prevent them from becoming successful. This shows that there are still some common security oversights that enterprises need to address, to prevent bad actors from exploiting their cybersecurity.

Also Read: The Critical Role of Cyber Security in Healthcare

The most common target of threat actors to date has been to use compute cycles of crypto mining. But there is a shift being observed in the trajectory, and as more businesses adopt containers, the stakes will increase and more sophisticated attacks will follow. Hence, CISOs must prepare themselves to effectively address these concerns in 2021 as they may witness a large number of novel and sophisticated cyber-attacks.

Bad Actors focusing on exploiting misconfigured Docker API ports 

2020 witnessed the emergence of an attack on misconfigured Docker API port. This method utilized deploying and running of malicious images that contained malware for evading static scanning. Furthermore, since it was only active in runtime, both packers and downloaders were able to evade static scanning, posing an even greater threat to the cybersecurity of an enterprise. Therefore, CISOs need to be aware of all possible threats that could compromise their infrastructure and working mechanisms. They must also use containers for developing applications as part of their digital transformation process.

Exploiting Kubernetes  

With the rapid acceleration of digital transformation efforts, many enterprises have not been able to build a secure infrastructure that can tackle or mitigate the effects of cyber-attacks. With the Kubernetes environment of an enterprise, cyber-attackers are bringing greater focus towards breaching Kubernetes deployments, and becoming more sophisticated in their targeting.

Though bad actors exploited unprotected Kubernetes clusters, they primarily focused their efforts on a few common security oversights. Since the deployment of Kubernetes has increased, the scenario of common security threats too has changed.

Also Read: Bringing the CISO and CIO Together

When asked about what steps CISOs can take to secure their deployment of Kubernetes, Niraj Tolia, President and GM at Kasten, stated, “I think at the end of the day it is a multi-pronged approach. Particularly when talking about CISOs benchmarks that make sure the cluster is relatively locked down. Things like open source come out of the box with more locked down policies which are always good. But really, it’s a layered security approach where you look at your data, you look at your network, you look at your application interfaces, including Kubernetes. It is the application of these that will help you.”

The Kubernetes landscape is changing at a rapid pace. Even though the number of Kubernetes distributions has expanded in recent years, it is expected to shrink due to enterprises gravitating towards cloud-based Kubernetes offerings. Therefore, CISOs should collaborate with their counterparts to understand the various needs of Kubernetes and keep pace with the trends that emerge in this continuously evolving space

Check Out The New Enterprisetalk Podcast. For more such updates follow us on Google News Enterprisetalk News.

Previous articleLeveraging Digital Employee Experience Management Software to Transform Today’s Dynamic Workplace
Next articleICF Appoints ABM Industries CEO Scott Salmirs to Board of Directors
Vishal Muktewar is a Senior Correspondent at On Dot Media. He reports news that focuses on the latest trends and innovations happening in the B2B industry. An IT engineer by profession, Vishal has worked at Insights Success before joining Ondot. His love for stories has driven him to take up a career in enterprise journalism. He effectively uses his knowledge of technology and flair for writing, for crafting features, articles and interactions for technology enterprise media platforms.