Security News

If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.

If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. The Kubernetes pod security policy is a resource that controls the security of a pod specification.

The HPE Container Platform is the industry's first enterprise-grade container platform designed to support both cloud-native and non-cloud-native applications using 100 percent open source Kubernetes - running on bare-metal or virtual machines, in the data center, on any public cloud, or at the edge. The HPE Container Platform reduces cost and complexity by running containers on bare-metal, while providing the flexibility to deploy in VMs or cloud instances.

The increasing use of containers and orchestration tools, such as Kubernetes, are driving demand for new cloud security and application deployment processes, according to research from the Cloud Security Alliance presented Monday at the RSA 2020 conference in San Francisco. "As we have seen with the use of containers and micro-services and compliance, when you further segment things off, there's a functionality benefit from that," Yeoh tells Information Security Media Group.

If you don't follow these Kubernetes deployments security best practices from Portshift, your containers, their underlying technologies, and your data could be at risk. Portshift recently released a best practices list for tackling the security issues surrounding the K8s platform.

It's time to patch your Cisco security solutions againCisco has released another batch of security updates and patches for a variety of its offerings, including many of its security solutions. Techniques and strategies to overcome Kubernetes security challengesFive security best practices for DevOps and development professionals managing Kubernetes deployments have been introduced by Portshift.

Five security best practices for DevOps and development professionals managing Kubernetes deployments have been introduced by Portshift. Integrating these security measures into the early stages of the CI/CD pipeline will assist organizations in the detection of security issues earlier, allowing security teams to remediate issues quickly.

As Elastic announced with the alpha release of ECK back in May 2019, the vision for ECK is to provide an official way to orchestrate Elasticsearch on Kubernetes and provide a SaaS-like experience for Elastic products on Kubernetes. Kubernetes has continued to grow in popularity and has become the standard for orchestrating container workloads, and Elastic has seen a growing number of users deploying the Elastic Stack on Kubernetes.

The Cloud Native Computing Foundation this week announced the launch of a public bug bounty program for Kubernetes, with rewards of up to $10,000 per vulnerability. It was originally developed by Google and it's now maintained by the CNCF. The new bug bounty program is hosted by HackerOne and CNCF says it will do its best to respond to submitted reports within one business day, triage vulnerabilities within 10 days, and pay out a bounty within 10 days from triage.

The Cloud Native Computing Foundation is inviting bug hunters to search for and report vulnerabilities affecting Kubernetes. Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management.