Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Container and Kubernetes Security Becomes Automated and Continuous in 2022
By Glen Kosaka, Head of Product Security at SUSE
Enterprises will turn to more
mature, streamlined, and thorough approaches to container and Kubernetes security
in 2022. The risks of not prioritizing container security are too high, as news
headline after news headline has continued to show this year. Applying legacy,
manual security protections to highly dynamic containerized environments will
become increasingly rare in 2022, as enterprises recognize the crucial need for
automated and continuous safeguards that can cover far more ground. Instead, enterprises
will adopt security and compliance tooling and strategies closely tailored to
the specific challenges of container and Kubernetes environments.
More specifically, I expect these
two container and Kubernetes security trends to play out in 2022:
1) Container security automation becomes
required, as the only feasible strategy to intercept ever-increasing threats in
real-time.
For enterprises with containerized
environments that must adhere to the requirements of strict regulatory
compliance frameworks - such as PCI-DSS, HIPAA, GDPR, and others - automated
security processes quickly emerge as the only valid and functional means of
achieving reliable and thorough data security. The tremendous scale and dynamic
nature of microservices infrastructure, with numerous containers constantly and
rapidly blinking in and out of existence, is far too active and complex for an
individual with manual tools (or even regular security checks) to keep up with.
At the same time, Kubernetes itself has become a hot target for attackers, and
Kubernetes misconfigurations can provide those attackers with the slim opportunities
they need to achieve devastating data breaches.
In 2022, enterprises will
increasingly adopt container and Kubernetes security automation, leveraging
security policy-as-code and CRDs to automatically disallow any unauthorized
network connections, container processes, or file activities. As part of this
automation, organizations will embrace zero-trust models, proactively blocking
all run-time activity in their container and Kubernetes environments unless
it's specifically approved. On the Kubernetes front, enterprises will implement
automated scanning to actively identify and address any misconfigurations in
Kubernetes YAML files or other resources, well before they offer attackers any
foothold in their environments. Organizations will also more regularly employ
ML-powered SIEM tools able to automatically identify threat patterns, and
next-generation container security solutions featuring continuous automated
monitoring and intervention capabilities.
2) "Continuous compliance" emerges
as an essential practice.
Throughout the build-ship-run
process, enterprise DevOps and DevSecOps teams continually introduce new
containers and code that requires vetting against security threats. Modern
regulations are constructed with a thorough understanding of this reality, and
written to require continuous protection that fully leverages automation
and auditing able to defeat real-time threats. For example, container and
Kubernetes security must be able to recognize and neutralize the kill chain
behaviors of threats escalating within environments, as they occur and before
harm is done. In fact, SOC 2, PCI-DSS and GDPR regulations now directly require
Data Loss Prevention (DLP) capabilities providing these protections, and HIPAA
strongly suggests the same.
In 2022, enterprises will adopt
measures capable of protecting their environments moment to moment. Expect teams
to better leverage security features included within Kubernetes as well, such
as Kubernetes
auditing logs and the Kubernetes API server's ability to centralize system
log collection. This logging becomes crucial in investigating issues rooted in
non-compliant activities at run-time, and in informing new security policies
and patches to eliminate recognized threats going forward. I expect organizations
will also increasingly utilize Kubernetes
Admission Control to ensure that Kubernetes and external security solutions
can seamlessly address any abnormal behavior or vulnerabilities around
deployments. This application security and continuous auditing is another key compliance
requirement included in most major regulatory frameworks.
Here's to a year with fewer headlines about container breaches.
I do believe 2022 will see greater (and
in many cases overdue) organizational maturity around best practices for
securing container and Kubernetes environments, especially when it comes to
security automation and continuous compliance. But just as importantly, look
for organizations to implement strategies that can enable these features
without any impediments to their application performance or delivery.
##
ABOUT THE AUTHOR
Glen Kosaka is the
Head of Product Security at SUSE. Previously, he was the VP, Product Management at NeuVector (which was acquired by SUSE in October 2021).
Glen has over 20 years of experience
in enterprise security, SaaS, and infrastructure software. He has held
executive management positions at Trend Micro, Provilla, Reactivity, Resonate,
Quantum and Rignite.