Virtualization Technology News and Information
NeuVector 2022 Predictions: Container and Kubernetes Security Becomes Automated and Continuous in 2022

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Container and Kubernetes Security Becomes Automated and Continuous in 2022

By Glen Kosaka, Head of Product Security at SUSE

Enterprises will turn to more mature, streamlined, and thorough approaches to container and Kubernetes security in 2022. The risks of not prioritizing container security are too high, as news headline after news headline has continued to show this year. Applying legacy, manual security protections to highly dynamic containerized environments will become increasingly rare in 2022, as enterprises recognize the crucial need for automated and continuous safeguards that can cover far more ground. Instead, enterprises will adopt security and compliance tooling and strategies closely tailored to the specific challenges of container and Kubernetes environments.

More specifically, I expect these two container and Kubernetes security trends to play out in 2022:

1) Container security automation becomes required, as the only feasible strategy to intercept ever-increasing threats in real-time.

For enterprises with containerized environments that must adhere to the requirements of strict regulatory compliance frameworks - such as PCI-DSS, HIPAA, GDPR, and others - automated security processes quickly emerge as the only valid and functional means of achieving reliable and thorough data security. The tremendous scale and dynamic nature of microservices infrastructure, with numerous containers constantly and rapidly blinking in and out of existence, is far too active and complex for an individual with manual tools (or even regular security checks) to keep up with. At the same time, Kubernetes itself has become a hot target for attackers, and Kubernetes misconfigurations can provide those attackers with the slim opportunities they need to achieve devastating data breaches.

In 2022, enterprises will increasingly adopt container and Kubernetes security automation, leveraging security policy-as-code and CRDs to automatically disallow any unauthorized network connections, container processes, or file activities. As part of this automation, organizations will embrace zero-trust models, proactively blocking all run-time activity in their container and Kubernetes environments unless it's specifically approved. On the Kubernetes front, enterprises will implement automated scanning to actively identify and address any misconfigurations in Kubernetes YAML files or other resources, well before they offer attackers any foothold in their environments. Organizations will also more regularly employ ML-powered SIEM tools able to automatically identify threat patterns, and next-generation container security solutions featuring continuous automated monitoring and intervention capabilities.

2) "Continuous compliance" emerges as an essential practice.

Throughout the build-ship-run process, enterprise DevOps and DevSecOps teams continually introduce new containers and code that requires vetting against security threats. Modern regulations are constructed with a thorough understanding of this reality, and written to require continuous protection that fully leverages automation and auditing able to defeat real-time threats. For example, container and Kubernetes security must be able to recognize and neutralize the kill chain behaviors of threats escalating within environments, as they occur and before harm is done. In fact, SOC 2, PCI-DSS and GDPR regulations now directly require Data Loss Prevention (DLP) capabilities providing these protections, and HIPAA strongly suggests the same.

In 2022, enterprises will adopt measures capable of protecting their environments moment to moment. Expect teams to better leverage security features included within Kubernetes as well, such as Kubernetes auditing logs and the Kubernetes API server's ability to centralize system log collection. This logging becomes crucial in investigating issues rooted in non-compliant activities at run-time, and in informing new security policies and patches to eliminate recognized threats going forward. I expect organizations will also increasingly utilize Kubernetes Admission Control to ensure that Kubernetes and external security solutions can seamlessly address any abnormal behavior or vulnerabilities around deployments. This application security and continuous auditing is another key compliance requirement included in most major regulatory frameworks.

Here's to a year with fewer headlines about container breaches.

I do believe 2022 will see greater (and in many cases overdue) organizational maturity around best practices for securing container and Kubernetes environments, especially when it comes to security automation and continuous compliance. But just as importantly, look for organizations to implement strategies that can enable these features without any impediments to their application performance or delivery.



Glen Kosaka 

Glen Kosaka is the Head of Product Security at SUSE. Previously, he was the VP, Product Management at NeuVector (which was acquired by SUSE in October 2021). Glen has over 20 years of experience in enterprise security, SaaS, and infrastructure software. He has held executive management positions at Trend Micro, Provilla, Reactivity, Resonate, Quantum and Rignite.

Published Monday, December 13, 2021 7:29 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2021>