As containers became an increasingly popular application development technology, both users and vendors quickly realized that containers required a new approach to security. Traditional security tools such as Layer 3 firewalls and endpoint solutions could not secure this infrastructure. Container security platforms began to emerge around 2015, specifically built to protect these new, ephemeral application components.
Two approaches to container security
Since then, the container security market has seen the emergence of two main approaches — container-centric and Kubernetes-native. Container-centric platforms operate at the container level, focused on securing container images and the container runtime. These tools provide controls at the container level itself, using techniques such as inline proxies or shims to control cross-container communications, for example.
The second approach, Kubernetes-native security, in contrast operates at the Kubernetes layer. It derives context from Kubernetes and pushes policies into Kubernetes for Kubernetes to enforce.
What constitutes Kubernetes-native security
Kubernetes-native security is based on the principle that security is implemented most effectively when it is aligned with the system managing containerized applications. A security platform must exhibit the following characteristics to be considered “Kubernetes-native”:
- Directly integrate with the Kubernetes API server to gain firsthand visibility into Kubernetes workloads and infrastructure
- Assess vulnerabilities in Kubernetes’ software itself
- Base its security functionality, including policy management, on resources within the Kubernetes object model, including Deployments, Namespaces, Services, Pods, and others
- Analyze declarative data from Kubernetes-specific artifacts (e.g., workload manifests) and configurations
- Leverage built-in Kubernetes security features to handle enforcement whenever possible for greater automation, scalability, and reliabilityDeploy and run as a Kubernetes application, including integrations and support for common tools in cloud-native toolchains
Kubernetes-native security platforms must deliver the full range of security use cases:
- vulnerability management
- network segmentation
- configuration management
- threat detection
- incident response
The advantages of Kubernetes-native security
Kubernetes-native security platforms provide the following key advantages:
- Increased protection — Kubernetes-native security provides richer insights by tying into Kubernetes’ declarative data and discovers Kubernetes as well as container vulnerabilities
- Greater operational efficiency — leveraging the same framework for infrastructure management as well as security lowers the learning curve, and Kubernetes context enables faster threat detection and prioritized risk assessments
- Reduced operational risk — tapping into the native controls of Kubernetes ensures security enjoys the pace and scalability of Kubernetes, and having policies embedded in Kubernetes means there’s no conflict between external controls and the orchestrator
Last updated: Jul-16-2020