The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance”. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.
Trevor Morgan, product manager with data security specialists comforte AG, shared this insight:
“The report issued by the NSA and CISA points to a growing problem in the cybersecurity space, namely the risks associated with data processed or housed within Kubernetes environments. The report rightfully acknowledges that sensitive data is the primary target in these environments, something that threat actors are desperate to obtain and subsequently leverage. Fortunately, the report does touch upon data protection as a preventative means of security, along with perimeter- and access-based security. The general message here is to have a robust, varied, and comprehensive cybersecurity strategy that doesn’t rely on just one or two methods to protect information.
In particular, encryption is a method touched upon in the report, but enterprises need to be aware of the fact that encryption comes with its own issues, including sometimes complex key management and the fact that encrypting data doesn’t necessarily preserve data format. The latter can cause significant issues with enterprise applications, forcing in some cases a process of decrypting data in order to work with it. De-protecting data always generates risk. Better to consider data-centric methods of protection such as tokenization, which not only renders sensitive data meaningless to anyone trying to leverage it, but which also preserves the original format of that data making it very workable by enterprise applications. Best of all, it eliminates the need to de-protect data at any point within an enterprise workflow. The benefit of that should be perfectly clear—avoid having sensitive clear text within your workflows.”