This article is part of a VB special issue. Read the full series here: Zero trust: The new security paradigm.
Zero trust is a trending security paradigm being adopted by some of the world’s biggest and technically advanced organizations, including Google, Microsoft and Amazon Web Services (AWS). The technology finds its fit in virtually every technology platform and infrastructure, and Kubernetes is no exception.
Across industries, there’s omnipresent pressure to deliver software that can perform faster, more efficiently and at a grander scale. Looking Into robust portability and flexibility, many IT organizations have turned to Kubernetes to help them efficiently meet the constantly evolving market demands.
The Kubernetes community has been actively discussing zero trust for several years as a vital component of an end-to-end encryption strategy. Service mesh providers are promoting essential practices (such as mTLS and certificate key rotation) to make it easier to implement zero-trust architectures. As a result, organizations today are working towards implementing robust zero trust in applications at scale.
Although using Kubernetes is an excellent option for enterprises that want to move more effectively and offer contemporary apps at scale, its relative newness and dynamic operating paradigm make it a potential target for security vulnerabilities if suitable measures are not implemented. Furthermore, with malicious parties continuously on the hunt for security flaws, even firms with extensive Kubernetes knowledge have faced data breaches.
This also presents significant security challenges to teams who need to know how Kubernetes networking and security differ from traditional IT and infrastructure systems.
Security challenges in Kubernetes
While Kubernetes is a powerful solution for IT organizations to deliver their software efficiently and at scale, it is not without its security challenges and vulnerabilities.
For one, Kubernetes is a relatively new system, which makes it attractive prey for cyberattackers. This is compounded by its operating model’s dynamic nature, which can easily leave room for bad actors to infiltrate if proper security measures are not taken.
According to a recent report by theShadowserver Foundation, 380,000 open Kubernetes API servers were found exposed on the internet this year alone. While these servers were only identified as exposed and not attacked, the figures indicate the severity of the vulnerability and its potential danger to API servers.
Salt Security’s 2022 State of API Security revealed that 34% of examined enterprises have no API security strategy, even though 95% had their API security compromised in the last 12 months.
“As more teams rely on Kubernetes to manage and deploy their applications, the risk of insecure access controls and segmentation increases,” Sam Rhea, VP of product at Cloudflare, told VentureBeat.
Rhea said that attackers who gain access to the workloads being managed in a Kubernetes deployment can either take down entire services and applications or, in a worst-case scenario, use their privileged access to elevate their own permissions and reach sensitive data that the Kubernetes workloads can access.
“Everything from how the management interfaces are accessed, where authentication and authorization in service-to-service communications occur, to the default-deny controls that must be put in place for east-west traffic within the environment, zero-trust principles are essential to secure Kubernetes deployments,” he said.
The essence of combining zero trust with Kubernetes
Container-based cloud deployments have recently shown rapid growth and adoption in production environments. According to a report by Markets and Markets, the global application container market is expected to grow from $1.2 billion in 2018 to $4.98 billion by 2023, at a compound annual growth rate of 32.9% during the forecast period.
This growth is due to their ease of use in deploying streamlined and secure infrastructure, likely to be fueled by the increasing number of container orchestration and container security services deployed in enterprises globally. Kubernetes is one of the management systems leading the way, thanks to its flexibility, scalability and automation.
In August 2020, the National Institute of Standards and Technology (NIST) released a whitepaper defining zero trust architecture (zero trust) and exploring “deployment models and use cases where zero trust could improve an enterprise’s overall information technology security posture.” Since then, various government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), have released several documents to guide zero-trust implementation, including a maturity model to help developers understand the journey to full zero-trust deployment.
In a zero-trust model, nothing and no one is trusted. Instead, each element at each layer is tested and authenticated separately. When technological assets, apps or services connect and exchange data, the connection is routed through a specific agent that authenticates all parties and grants them access through policy-based rights.
Zero-trust systems operate at every level by adhering to a least privilege rule: denying access to all parties save those explicitly authorized for a particular resource. Such a system is particularly crucial for cloud-native apps and infrastructure, as constantly validating privilege and identity is not only helpful but a security necessity.
U.S. government on board with zero-trust security
The zero-trust security model has grown in importance to the point where even the United States federal government took notice. The White House recently issued a memorandum outlining a national zero-trust strategy that requires all U.S. federal agencies to meet a specific zero-trust security standard by the end of fiscal year 2024. The Department of Defense established a zero-trust reference architecture. The National Security Agency also published a hardening guide that describes best practices for Kubernetes.
Zero trust can help strengthen Kubernetes’ security posture and prevent attacks from internal and external threats by instituting the requirements above for users, programs and process requests to access pods.
Arun Chandrasekaran, a VP analyst at Gartner, says that augmenting the native security mechanisms of Kubernetes distributions and public cloud Kubernetes services with container security tooling is highly critical for today’s work processes.
“Kubernetes’ inherent complexity often leads to outdated versions and misconfiguration by organizations, making clusters susceptible to compromise,” said Chandrasekaran. “Hence, a zero-trust architecture that incorporates many aspects, such as adjustments for distribution and managed-provider uniqueness, continuous delivery considerations, cluster controls and augmentations with third-party tooling such as image scanning and workload protection, is critical to use.”
The power of the service mesh
A service mesh is one of the most straightforward approaches to addressing zero-trust networking in Kubernetes. The service mesh harnesses Kubernetes’ strong “sidecar” paradigm, in which platform containers can be dynamically deployed alongside application containers at deployment time as a late binding of operational functions.
Service meshes use this sidecar strategy to infuse proxies into an application pod at runtime and connect these proxies to handle all incoming and outgoing traffic. This enables the service mesh to offer capabilities independent of the application code.
“Implementing a service mesh (e.g., Istio) is a vital key to implementing zero trust in Kubernetes,” Abhay Salpekar, vice president, cloud operations and platform at Anomali told VentureBeat.
Salpekar said that service meshes can now deliver features outside of the application, and this decoupling allows security staff to work independently of developers. According to him, this separation is a best practice, as both groups will still be working towards a common goal of a secure but feature-rich app.
“Once installed and active, the auth policies for the service mesh must be defined, updated and evaluated for proper operation,” he said. “To leverage Kubernetes in a zero-trust environment, you can also consider using the secure production identity framework for everyone (SPIFFE), which provides authentication capabilities for workloads. Kubernetes also offers native tools that allow you to monitor your network and automate the creation of rules and policies.”
Other best practices and key pillars
Another advantage of using zero trust for Kubernetes architectures is that all microservices are separately validated for static and dynamic security and utilize zero-trust principles to protect themselves and each other.
“Zero trust can aid in controlling access of users and external applications to the microservices when included in Kubernetes,” said Chalan Aras, risk and financial advisory managing director, cyber product and services at Deloitte.
“This access is structured as a set of application programming interfaces (API) and user gateways that employ zero-trust principles around identity and continuous authorization to ensure the long-term security of the microservices within the Kubernetes cluster,” he said.
Aras believes adhering to fundamental zero-trust principles should be the key practice for establishing and maintaining end-to-end zero trust in Kubernetes. The zero-trust chain starts from each microservice and extends to the individual user or external application API boundary.
In his opinion, key practice elements should include the following:
- Building a secure service mesh for microservice communications while blocking all other communications for microservices. This ensures that all network flows are monitored and access to services is managed via proxies and access gateways.
- Utilizing user, API and application-assigned identities that can be verified and continuously authorized based on behavioral analysis to control access.
- Implementing controls for policy checking through tools such as cloud security posture management and orchestration to ensure that policies applicable to the cluster of microservices are consistently implemented as microservices are added, modified or removed over the lifecycle of the application.
Future challenges and opportunities
Daniel Thanos, head of Arctic Wolf Labs, said that all containers need to advertise and enforce a security posture attestation policy that can be verified by appropriate tooling before any access is granted.
“As with all cloud/devops-oriented systems, the key challenge is automating these practices/tooling and shifting them left while making them a first-order artifact of how developers are creating the software/system,” Thanos told VentureBeat.
“The current biggest challenge to implementing such architectures is that there are no easy off-the-shelf solutions. There is also a lack of standards to allow for the interoperability of disparate systems in this area,” he said. “Zero trust is still a largely proprietary domain in this area and only tends to practically work in closed ecosystems, which defeats the purpose of building loosely coupled distributed systems/web service-based applications over the internet.”
“Organizations often tend to ignore the use of monitoring and alerting systems capable of understanding the difference between what is permitted to occur and what is actually occurring,” said Ryan Berg, engineering fellow at Alert Logic.
“I find that the challenge is not often in the platform — Kubernetes, Serverless, [software-as-a-service] SaaS etc. — but in an organization’s ability to analyze requirements regardless of platform. If you can correctly understand what is essentially needed, the foundation of a Kubernetes deployment is a realistic objective,” he said.
Likewise, Aras feels that future challenges for zero trust-based Kubernetes architectures include establishing controls that apply to well-established environments such as hyperscaler clouds and highly-distributed edge computing, where the cost of additional infrastructure and potentially less-reliable networks may create gaps that need to be addressed through new solutions.
“As greater volumes of edge computing are required for real-time services and IoT, the power of Kubernetes in highly distributed environments is going to have to scale to meet the demands of cooperating services,” he said. “Zero trust-based services in Kubernetes today, scaled and optimized for large deployments, are going to be essential for application environments of the future.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.
