Security News

Confidential Computing is a hardware-based technology that shields computer workloads from their environments and keeps data encrypted during processing. In this Help Net Security video, Felix Schuster, CEO at Edgeless Systems, talks about the open-source release of Constellation.

Red Hat is backing a Cloud Native Computing Foundation project that aims to improve the security of containers in Kubernetes clusters by running them inside hardware-enforced enclaves. A company blog post says Red Hat is investing in Confidential Containers, which is a relatively new project from the CNCF-backed Confidential Computing Consortium.

As part of digital transformation, more and more organizations are transforming their application using cloud native architecture to become more agile and accelerate time to market. They are increasingly adopting containers and Kubernetes to do so.

Every organization should have a business continuity plan, and a key component of your business continuity policy should be regional disaster recovery, which places a secondary IT environment far enough away from your primary site that it won't be affected by the same disaster. Why you should meet regional recovery needs with Kubernetes.

Kubernetes is delivering business value and is set to win an increasing share of production workloads, with almost all respondents to a Dimensional Research study saying they plan to scale and diversify their Kubernetes infrastructures in some way in the coming year. With growth comes increased complexity, and already those respondents that have the most extensive use of Kubernetes - with more clusters and more distributions, across more environments such as edge and with more software elements in their 'stack' such as monitoring, security, ingress or service mesh - are experiencing more significant challenges.

Kubernetes security is essentially a collection of techniques, strategies, and technologies created to protect the Kubernetes platform and the containers it handles. Kubernetes security addresses three main concerns: the K8s API, best practices for pod container security, and the 4 C's of cloud-native security, namely container, cluster, code, and the cloud itself.

Amazon's cloud platform is extending security capabilities for a couple of its widely used services; Amazon Elastic Block Store and Amazon Elastic Kubernetes Service. Amazon GuardDuty is described as a threat detection service that can continuously monitor AWS accounts and workloads for malicious activity, and can initiate automated responses.

AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster. Amazon updated all EKS clusters worldwide as of June 28, and the new version of the AWS IAM Authenticator for Kubernetes fixes the flaw.

Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. Researchers at Cyble have conducted an exercise to locate exposed Kubernetes instances across the itnernet, using similar scanning tools and search queries to those employed by malicious actors.

Kubernetes is a very important technology in the marketplace because vendors, ISVs, end users and enterprises are all able to come together and use this common infrastructure substrate to build their product on. In this video for Help Net Security, Alex Jones, Director of Kubernetes Engineering at Canonical, talks about properly adopting and managing Kubernetes in production.