The 4C's of Kubernetes Security
akhilsharmakubernetessecurity

The 4C's of Kubernetes Security

When you think of Kubernetes security in the context of Cloud Native security, these 4C’s which should immediately cross your mind! All Kubernetes security models that are planned and implemented are centered on these 4C’s.

I think by now I would have created atleast some hype regarding these 4Cs. Curious to know?

Whenever we plan, implement or assess any kubernetes security model, everything is centered on these 4Cs:

  • Cloud / Corporate Datacenter
  • Cluster
  • Container
  • Code

Compromise on any of the above 4Cs will make a weak security model.

Image Source: Kubernetes.io

Now, lets dive into each of the aspect of 4Cs.

  • Cloud / Corporate Datacenter

Your kubernetes cluster can hosted anywhere! It can be either on the cloud or corporate datacenter. When we talk about cloud, it can be either on AWS, Azure, Google Cloud, Oracle Cloud, etc. And if we talk for corporate datacenter or simply your on-premise systems, it can on anywhere on your servers, hyper-v’s, vmwares, etc.

The important thing here is, if there’s a vulnerability in this layer then there’s no way to guarantee that the components built on top of it will be secure. You have to pay attention on this layer closely and look to secure it with zero trust model.

  • Cluster

Once your cloud or datacenter is secured, then comes the time to install your kubernetes cluster. And this is the place that is going to run and manage your application on containers. Security of this layer critical! Any mess or vulnerability in this layer is going to cost heavily. Hence security of this layer becomes equally important as your cloud or datacenter’s security.

Cluster security has two aspects

  1. Securing cluster components (api calls, etcd access, node access, etc)
  2. Security of applications that run on the cluster. (RBAC, network policies, tls, secrets, etc)
  • Containers

After your cluster is secured, now it’s time to secure your container. This layer is equally important! Any vulnerability in this layer will lead compromise of your entire application! Consider following when thinking of container security.

  1. Container Vulnerability Scanning and OS Dependency Security
  2. Disallow privileged users
  3. Container runtime with stronger isolation
  • Code

Your application is the primary attack surface. So, it’s understandable why it’s security is important. Evaluate the application against a minimum OWASP top 10 vulnerabilities.

This concludes the 4C’s of Kubernetes Security. I hope the above information is helpful!