Discover how Kubernetes continues to shape the industry as developers drive innovation and prepare for the future of K8s.
Observability and performance monitoring: DZone's final 2024 Trend Report survey is open! We'd love to hear about your experience.
Senior Cybersecurity Consultant at Visa Inc
Akanksha Pathak is a Cybersecurity Consultant specializing in Cloud Security, Application Security, Threat Analysis & Response, Vulnerability Management, and Product Security. As a senior member of the corporate governance team, she oversees the third-party cybersecurity practice. Her expertise lies in managing supplier relationships while also architecting and analyzing application designs. Additionally, she is an active participant in many cybersecurity communities, such as the GIAC Advisory Board meeting. Working in a challenging environment has helped her to gain a critical thinking approach with an entrepreneurial mindset, keeping IT security a crucial criterion.
Stats
Reputation: | 787 |
Pageviews: | 49.8K |
Articles: | 10 |
Comments: | 1 |
Enterprise Security
Security is everywhere: Behind every highly performant application, or even detected threat, there is a powerful security system and set of processes implemented. And in the off chance there are NOT such systems in place, that fact will quickly make itself known. We are living in an entirely new world, where bad actors are growing more and more sophisticated the moment we make ourselves "comfortable." So how do you remain hypervigilant in this ever so treacherous environment?DZone's annual Enterprise Security Trend Report has you covered. The research and expert articles explore the fastest emerging techniques and nuances in the security space, diving into key topics like CSPM, full-stack security practices and challenges, SBOMs and DevSecOps for secure software supply chains, threat hunting, secrets management, zero-trust security, and more. It's time to expand your organization's tactics and put any future attackers in their place as you hear from industry leaders and experts on how they are facing these challenges in everyday scenarios — because if there is one thing we know about the cyberspace, any vulnerabilities left to chance will always be exposed.
Enterprise Security
This year has observed a rise in the sophistication and nuance of approaches to security that far surpass the years prior, with software supply chains being at the top of that list. Each year, DZone investigates the state of application security, and our global developer community is seeing both more automation and solutions for data protection and threat detection as well as a more common security-forward mindset that seeks to understand the Why.In our 2023 Enterprise Security Trend Report, we dive deeper into the greatest advantages and threats to application security today, including the role of software supply chains, infrastructure security, threat detection, automation and AI, and DevSecOps. Featured in this report are insights from our original research and related articles written by members of the DZone Community — read on to learn more!
Kubernetes in the Enterprise
Kubernetes: it’s everywhere. To fully capture or articulate the prevalence and far-reaching impacts of this monumental platform is no small task — from its initial aims to manage and orchestrate containers to the more nuanced techniques to scale deployments, leverage data and AI/ML capabilities, and manage observability and performance — it’s no wonder we, DZone, research and cover the Kubernetes ecosystem at great lengths each year.In our 2023 Kubernetes in the Enterprise Trend Report, we further dive into Kubernetes over the last year, its core usages as well as emerging trends (and challenges), and what these all mean for our developer and tech community. Featured in this report are actionable observations from our original research, expert content written by members of the DZone Community, and other helpful resources to help you go forth in your organizations, projects, and repos with deeper knowledge of and skills for using Kubernetes.
Containers
The proliferation of containers in recent years has increased the speed, portability, and scalability of software infrastructure and deployments across all kinds of application architectures and cloud-native environments. Now, with more and more organizations migrated to the cloud, what's next? The subsequent need to efficiently manage and monitor containerized environments remains a crucial task for teams. With organizations looking to better leverage their containers — and some still working to migrate out of their own monolithic environments — the path to containerization and architectural modernization remains a perpetual climb. In DZone's 2023 Containers Trend Report, we will explore the current state of containers, key trends and advancements in global containerization strategies, and constructive content for modernizing your software architecture. This will be examined through DZone-led research, expert community articles, and other helpful resources for designing and building containerized applications.
Comments
Mar 26, 2023 · Akanksha Pathak
Thank you for your feedback, John. However, please note that this article is not intended to cover the security aspects of a specific Kubernetes version. It is about container security in general and which steps can organizations take to reduce exposure.
As mentioned, Kubernetes is only meant to serve as an example to help readers understand the basic components and high level architecture of a container orchestration platform. Please note, while I agree that in later versions, master label is no more used and the term "master" has been deprecated in Kubernetes following version 1.20, using "control plane" instead, it was mainly to promote more inclusive language in the Kubernetes community. However, it is important to note that while the term "master" has been deprecated in Kubernetes, it is used in legacy systems, documentation, or discussions. The attempt is to make terminologies clear for everyone. For detailed information on Kubernetes cluster, a link is provided in the article.
For virtual switches, while K8 often uses the term CNIs, which provide a virtual network interface for each container, OpenShift uses "virtual switches" to refer to the virtual network interfaces used by containers. Additionally, Docker Swarm uses a built-in virtual switch called the "overlay network" to provide networking between containers running on different hosts and Microsoft Azure Container Service uses a virtual switch to provide networking between containers running on different hosts.
I would challenge the statement, "VPN on host OS is not a thing". Installing a VPN on the host operating system with right configuration and management can provide an additional layer of security for containers running on that host.
While PSA (Platform Security Architecture) policies are guidelines for building secure devices, they are not a substitute for security assessment. Security assessment is the process of evaluating the security of a device or application, typically using a combination of automated tools and manual testing. Security assessment can help identify vulnerabilities and weaknesses that may not be covered by PSA policies, and can provide a more comprehensive evaluation of security.
Finally, the article is written for organizations deploying containers in general and not specific to any particular version of Kubernetes. While K8 is one of the container orchestration platform, there are many others in the market like Docker Swarm, EKS, AKS, OpenShift, etc. Remember that the article mainly focuses on security and not container implementation process.