For defining and creating a scalable solution, containers and orchestration play a very important role. Where container eases out the product development process, orchestration ease out the scalability problem. Orchestrators are something that helps in the management of multiple containers, one such orchestrator is Kubernetes.
Kubernetes is increasing in popularity every day because of the use cases but it is found that product teams (development, platform, security, etc.) struggle to understand these modern technologies. This opens a window for error, which leads to the misconfigured Kubernetes environment. World Economic Forum’s The Global Risk Report 2022 revealed that human error was a major contributing factor to 95% of breaches. Kubernetes and containers, while powerful, were designed for developer productivity, not necessarily security.
In this talk, we will be looking at some common misconfigurations that can happen in your Kubernetes Clusters and how can we secure them? Here are some of the things we look at among many others look at -
- Namespaces Security
- Over-permissive containers
- Kubernetes API and its components
- Insecure defaults
- Configuration Review
- Container Security
We will be looking at scenario-based examples, that will give more context to the real-world attacks and vulnerabilities and how we go about fixing and defending them. After this talk, you will learn about how to secure your Kubernetes cluster and make your product great again.
