Virtualization Technology News and Information
You Can't Solve K8s Security In A Vacuum

By Ganesh Pai, Co-Founder & CEO of Uptycs

Application development has become the competitive differentiator of the world's leading companies. Whether that app runs on a phone, in a car, or even on a spaceship, software has replaced hardware as the most valuable piece of IP that many companies own. But exactly how secure is the development process for the code those apps run on, especially in fast-moving and ephemeral environments like Kubernetes?

A recent ForgePoint survey of CISOs found that 54% of CISOs view application development security as a priority, yet few are taking appropriate steps to fully secure the entire development process. The catch is that with the shift to public cloud for business-critical applications, even born-in-the-cloud organizations rely on a complex patchwork of on-prem and cloud-based services and infrastructure. If your organization is treating all of these environments-including developer laptops-as a discreet security problem to solve, you may be introducing risk in places you aren't even aware of.

 At Uptycs, 80% of the endpoints we observe are used for software development, and some of our largest customers are running upwards of 60,000 Kubernetes pods, while others leverage nearly every service AWS offers. In between the laptop and the cloud, you also have developers using identity management solutions, pulling open-source code from Git repositories, and using Chrome extensions for development tasks. These are highly dynamic, and complex interactions between environments, with plenty of sensitive resources involved. Internally at Uptycs, we like to think of this as the innovation supply chain. Our belief is that the largest obstacle facing security teams is the ability to tie together threat activity as it traverses the supply chain. This is especially challenging for environments like Kubernetes.

Containers are ephemeral by nature, and are designed to be stood up and spun down rapidly.

This is great for developers, but presents challenges for security teams. Foremost among them is understanding the genesis or behavior of malicious activity in a container that may have been killed off months ago. If you've managed to trace activity back to a container, you're already doing a great job-but how do you conduct forensic analysis from there? What were the file changes or processes running that show the attacker's techniques used? Was the attacker able to interact with any cloud instances, and if so, how? If you're relying on silo'ed security tools, teams, and data, then you may be out of luck trying to piece together a complete understanding of an attack. Even the best Cloud Native Application Protection Platforms (CNAPP) will be challenged to help security practitioners understand how the entire innovation supply chain has been affected, since CNAPP typically doesn't cover heterogeneous infrastructure that includes developer laptops, Git repos, or servers in datacenters.

In order to make better risk decisions, security leaders need real-time connected insights across their entire innovation supply chain. Without this, you can't shine a light into the hidden places and shadowy gaps where risk from issues like over-privileging or misconfigurations may lurk. Containers introduce a special kind of coverage and telemetry challenge since they have lateral contact with so many different environments, but also can be so short lived. This can vastly complicate forensic analysis for security teams. When data isn't normalized across environments and structured in a way that allows security teams to construct an "attack story" both across environments and time, it can increase the time to detection and response, as well as the cost, to remediate a cybersecurity incident.

The way forward relies on increased collaboration and coordination across security teams, with more accurate analysis and response times. Attackers do not think in silos. They're just looking for the weakest link in the chain to get in. We believe it's time for a shift in thinking where the goal of security teams is not to secure a given environment, but to pool their collective expertise to secure the entire enterprise and its innovation supply chain. To do this, security teams need the ability to tie together attack activity as it traverses on-prem and cloud boundaries and mitigate risk associated with cybercrime such as ransomware. We believe the best way to achieve this is to empower security practitioners with a primary platform or a mesh architecture that collects normalized telemetry from across the attack surface. It's a big change in how we normally think about categorizing tools, but one that will pay dividends long into the future.


To hear more about cloud native topics, join the Cloud Native Computing Foundation and the cloud native community at KubeCon + CloudNativeCon North America 2022 in Detroit (and virtual) from October 24-28.



Ganesh Pai is Founder & CEO of Uptycs. He is a Boston-based entrepreneur and technologist with multiple U.S. patents. He co-founded Uptycs in 2016 to empower cybersecurity teams with real-time decision making, driven by structured telemetry and powerful analytics. He was previously the Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue, a leading provider of content delivery solutions to service providers (acquired by Akamai). Prior to Verivue, he was Principal Architect for NetDevices (acquired by Alcatel-Lucent). Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

Published Friday, October 14, 2022 7:33 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2022>