Beyond the Container: Elevating Cybersecurity with Automation, Compliance, and Open Source in Kubernetes Environments
The company SUSE is renowned for its specialization in the field of open-source software and expertise in container orchestration and cloud infrastructure management. The SUSE team can be found as a partner at Austria’s most important IT management meeting point, the Confare #CIOSUMMIT, together with 700 other IT managers and industry professionals. In the run-up, we spoke with Raul Mahiques Martinez. He is the Principal Technical Marketing Manager at SUSE and deals intensively with the cybersecurity requirements in Kubernetes environments and the use of container technology.
Secure your participation at the Confare #CIOSUMMIT in Vienna now and listen to more than 100 speakers, experience 75 innovative service providers and manufacturers, and meet Austria’s most active IT community.
Hear from SUSE CTO Gerald Pfeifer, among others, on the topic: Zero Trust, Supply Chains, and AI – New Security Models in the Cloud-Native World “Cloud-native promises a lot: agility, scalability, efficiency. And it delivers a lot, but unfortunately, it also brings a lot of complexity and headaches when it comes to security. Let’s take a look at the approaches we can use to counteract this – and what Swiss cheese has to do with it.”
Register here: www.ciosummit.at
What specific cybersecurity challenges are there in Kubernetes and container environments?
Traditional processes and security mechanisms don’t work well in containerized environments, this is because of the dynamic nature of containers, firewalls can’t protect based on IPs as these are dynamically assigned for example.
What needs to be considered with regard to the management of identities and access rights?
The principle of least privilege still applies to container security, a well-defined identity management and access rights schema is necessary to prevent internal rogue actors from accessing data that they aren’t meant to.
What are the most important compliance requirements?
It depends on the industry but 360 degree compliance models, i.e. those that are not just looking at configuration but also looking at company processes, are key to having a more secure software supply chain and therefore lower risk.
What role do automated security tools and processes play in securing container infrastructures?
Automation plays a crucial role in securing containerized workloads, any container security management platform must be able to react without manual intervention to the changes in the application infrastructure, and it must be able to integrate within the CI/CD pipelines so that applications get deployed protected from the very beginning, Kubernetes nature is automation and so it must be the security platform.
What role do open source tools play in securing Kubernetes and container infrastructures?
The open source model allows independent engineers to review the code, this facilitates the finding and fixing of vulnerabilities quicker than with other models and makes the code much more robust.
How can companies promote a culture of security awareness when dealing with Kubernetes and containers?
Education and awareness are very necessary, but companies face a fundamental challenge which is that it takes time to educate people and some may be reluctant to follow best practices, that is why having the help of SUSE support engineers is so important, they deal with security incidents on a regular basis and are able to provide experience-based advice on security best practices and how to better use container security management platforms such as NeuVector to protect and stop attacks.
How to effectively integrate Zero Trust principles into Kubernetes and container environments?
There are different layers were we can apply Zero Trust principles in Kubernetes and container environments, but the ultimate goal of security is that applications behave as they are expected to so that they cannot be used for malicious activities, that is why behavioral-based Zero Trust is so important and key in protecting a company’s running services, our Container security management platform, NeuVector, helps them to achieve this goal by dynamically creating Zero Trust security policies based on how the application behaves which, once defined, will stop any anomalous activity not defined in the policy thus even if the application has a zero-day exploitable vulnerability the attacker won’t be able use it to get the application to for example access other parts of the network and so on.