Myths and misconceptions around Kubernetes

Felix Rosbach, CCISP, product manager at comforte AG, identifies the biggest myths and misconceptions around Kubernetes that leaders need to know

The dawn of Kubernetes has brought about a big shift in how applications are developed, orchestrated, scaled, and resourced. So much so that it is gaining mainstream momentum, with many businesses leveraging Kubernetes architecture due to its flexibility and ability to scale up or shrink with demand provides resiliency to any application architecture.

However, there is a challenge. Kubernetes puts a layer in between the cloud service provider and the actual solution, without maintaining security. While it comes with basic security features, the risk matrix of Kubernetes environments may reveal a gamut of possible threats that can be exploited. Further education is required to fully understand its capabilities and address the misconceptions of the platform.

What is Kubernetes?

Business leaders are increasingly exploring cloud-based solutions for business-critical systems. Many businesses are struggling to migrate to cloud environments or adopt hybrid approaches because of potential vendor lock-in, security and compliance concerns. Shifting workloads has been challenging but has enabled many businesses to continue operations in the face of uncertainty. This is where many organisations have been turning to Kubernetes to build applications that can run everywhere, allowing you to be independent of the cloud service provider. Kubernetes has changed the way institutions can approach a cloud migration strategy.

Kubernetes, as the NSA points out, provides “several flexibility and security benefits compared to traditional, monolithic software platforms.”

Put simply, Kubernetes builds your platform in a way that can be shifted to other environments or cloud service providers without a lot of work. From a compliance perspective, if you process personal identifyable information, you benefit from the flexibility that comes from being able to adapt your applications in specific geographical regions. This means traffic that comes from the EU to that instance of the application is kept to stringent compliance requirements. This is important when it comes to planning for expansion of business operations.

What are misconceptions around Kubernetes?

The biggest misconception about Kubernetes is that it is mistaken for a security platform. Kubernetes is simply a way to build a solution, not the solution itself. Primarily used as an orchestration platform for applications, a failure to understand the risk profile can have serious security implications. From a data security perspective, it can provide a challenge because you lose a lot of control over the information and data that you hold within your systems. Wherever you store sensitive data, you should have a clear security policy in place. This includes understanding the systems that you rely on. The importance of data is becoming increasingly crucial to daily business operations, helping organisations to provide a seamless integration of all their kind of data needs.

However, Kubernetes security is a different kind of animal. Typically, businesses had a tailored cyber security stack or solutions that fitted to their applications and infrastructure. These are simply not compatible with Kubernetes environments. So, you need to redesign. It is important to remember that different platforms require specific security needs. Kubernetes provides a significant amount of agility, but only if you understand its uses.

Kubernetes is unique, not just because of its different approach to where you can host those solutions, but in the way it allows you to orchestrate microservices. This provides a lot of flexibility, because all those services are independent, and you can scale them up and down, however you need it. But you lose control. In essence, you basically don’t know what is happening with the data that is processed and analysed.

Deploying data-centric security in Kubernetes environments

When it comes to utilising Kubernetes environments, it is important to ensure that the data within is secured. This means deploying data-centric security — securing the data instead of the perimeter in which it lies. It is essential to implement data security with a solution that is cloud-native, that can be orchestrated with Kubernetes alongside the applications that need to be protected. This allows the data to flow freely and securely wherever it is needed.

Written by Felix Rosbach, CCISP, product manager at comforte AG

Related:

DIY vs distro: what to pick for your Kubernetes environment — Chuck Svoboda, senior director, managed services at Red Hat, discusses what to consider when it comes to putting together your Kubernetes environment.

How Kubernetes extends to machine learning (ML) — This article explores the ways in which Kubernetes enhances the use of machine learning (ML) within the enterprise.

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com