Several years later and containers are still the hype for application deployment and migration. CIO Online contributor Paul Rubens broke it down into digestible chunks \u2013 explaining benefits, gotchas, container management systems, security and much more. So now that we have figured out more reliable and efficient ways to deploy and scale software across platforms, it has also provided ways for nefarious actors to exploit these containers.\nIn the last couple of years, while there have been some great improvements around security with containers and their orchestration systems such as Kubernetes, there have been several major vulnerabilities and exploits discovered.\nIt\u2019s impressive that container implementation and management tools like Kubernetes allow businesses to automate just about every aspect of application deployment, delivering amazing business benefits. On the flip side, as teams have become more interested in deploying Kubernetes, so have attackers become more interested in compromising Kubernetes clusters.\nOne thing that is widely agreed upon by the security pros \u2013 as Kubernetes adoption and deployment grows, so will the security risks.\u00a0 There have been multiple recent events in the cloud and mobile dev spaces where these environments were compromised by attackers. This included everything from disruption, crypto mining, ransomware, and data stealing.\nOf course, these types of deployments are just as susceptible to exploits and attacks from attackers and insiders as the traditional environments. Thus, it is more important to ensure your large-scale Kubernetes environment has the right deployment architecture and that you use security best practices for all these deployments.\nAs Kubernetes is more widely adopted, it becomes a prime target for threat actors. \u201cThe rapid rise in adoption of Kubernetes is likely to uncover gaps that previously went unnoticed on the one hand, and on the other hand gain more attention from bad actors due to a higher profile,\u201d says Amir Jerbi, CTO at Aqua Security.\nThere have been critical and notable vulnerabilities discovered since 2015 that have made Security and DevOps think twice about their planning and deployment architecture. Some of the more serious flaws allow full administrator access on any node running in a Kubernetes cluster, which would allow hackers to inject malicious code, bring down the entire cluster environment or steal sensitive data.\nCluster security\nWhen it comes to cluster security, there are several things to consider. The dynamic make-up of containers creates security challenges in the Kubernetes environments. Critical items to look at when considering cluster security are:\n\nExploitation in the attack surface due to the various vulnerabilities in each container, especially when using container orchestrations means like Docker and Kubernetes.\nIncreased east-west traffic that needs to be monitored, especially across host and cloud environments.\nThe security team\u2019s ability to ensure that security automation is keeping up with an ever-changing container environment.\nVisibility into the deployment process and the Kubernetes pods themselves, including how they are cross-communicating.\nMeans for malicious behavior detection in the east-west communication between containers, including detecting exploits within a single pod or container.\nThe use of best access security practices, review\/planning and documentation of the Kubernetes clusters in order to better understand internal threats.\n\nIt\u2019s also very important that the security process is streamlined so it doesn\u2019t slow or hinder the App\/Dev teams. One thing to consider for containerized deployments across the enterprise and beyond is the need to ensure that the security process for approvals time is reduced. Additionally, your security alert process must be simplified and be able to easily identify the most important attacks. Lastly, your Kubernetes environment needs to properly deploy segmentation for network connections and certain containers.\u00a0\nEnterprise Kubernetes security risks\nAs mentioned, the rise in the popularity of these tools is accompanied by an increased risk of exploitation by attackers. Risk tolerance for some vulnerabilities varies according to size, level of complexity and environment.\u00a0\nHowever, key security risks to be aware of include the following:\n\nAttacks in Kubernetes environments can be instigated by an outsider or an insider \u2013 knowingly or not (commonly by phishing attacks).\nContainers may be compromised when an app vulnerability or misconfiguration is overlooked, thereby allowing a threat actor to get in and start looking to further access and larger disruption.\nPod connections that are unauthorized, again due to compromised containers, try to access other pods on other or the same hosts. The type of network monitoring and filtering needs to be Layer 7 in order to detect and thwart attacks on trusted IP addresses.\nData theft, also known as \u201cexfiltration\u201d, in your environment. There are many ways this type of attack is deployed and hidden via network tunneling to hide the exfiltration.\nExploiting the Kubernetes infrastructure itself, such as the Kubelets and API server.\nOrchestration tool compromise allows attackers to disrupt applications and get access to other resources needed to run the environment.\n\nBest practices for Kubernetes security\nThere is an age-old saying that you should do something right or don\u2019t do it at all. Sometimes it may not be so obvious, but it is especially important when it comes to better overall security you need to deploy Kubernetes with the right concepts and architecture to start.\u00a0\nKubernetes capabilities and deployments have become more popular due to the increased capabilities of this orchestration tool \u2013 from a simple pod architecture for a small deployment or larger scale Kubernetes integration across platforms. Of course, so has the complexity of these deployments and the security risks surrounding them.\u00a0\nHere are some important tips on best Kubernetes deployment practices:\n\nLeast privilege must be enforced. Using this type of model to prevent widespread access enables better containment of an attack if it happens. It\u2019s best to use the built-in pod security policy to determine and restrict the pod\u2019s ability.\nStrong authentication best practices should always be deployed, and authentication is a must for all Kubernetes modules.\nCluster segmentation configurations and deployments run in a similar vein to the previously least privilege. It\u2019s best to contain an attack or breach to a subset of your cluster. Using virtual clusters that are detached from each other in the same infrastructure environment is best practice.\nUtilizing a firewall that is native to the container helps block activity across the network when using segmentation.\nEnvironment monitoring for incidents that may occur despite your implementation of best security practices. There are specific third-party security tools that prevent the spread of attacks and identify policy violations in your environment.\nDefine the roles between operational, development and security teams. Duty segregation is a best practice and should be documented with clear roles and responsibilities.\n\nItems to consider\nWhatever size your project and environment are, whether it be a single internal pod for a particular platform migration or a large cloud deployment with many clusters, it\u2019s important that your DevOps and security teams work collaboratively in the planning process. This includes identifying the proper roles and responsibilities and having regular communications between all teams. Simply put, a well-laid plan, with all the stakeholders involved upfront, is the first step in building a more secure container environment.