7 Ways to mitigate your SaaS application security risks
Originally published on the Msys Technologies blog If you’re a SaaS entrepreneur or you’re looking to build a SaaS application, in that case, you may already be aware of the fact that there is a new economy that…
Kubernetes Configuration – Auditing for Enterprise Best Practices Through Open Source Tooling
Kubernetes may be changing the cloud world, but your average ops team still hasn’t gotten comfortable with Kubernetes as a new paradigm. This webinar will talk about the ways your team can go about getting complex configuration tasks…
Announcing the Cloud Native Security White Paper
The CNCF Security Special Interest Group (SIG) has just released a new Cloud Native Security Whitepaper to help educate the community about best practices for securing cloud native deployments. The whitepaper intends to provide organizations and their technical…
Many people know that Kubernetes can report API activity to logging back ends and that auditing is a powerful security tool, but what happens in the real world when you have: Multiple API servers Mutating Admission Controller Webhooks…
Common Kubernetes config security threats
Guest post originally published on the Fairwinds blog by Joe Pelletier, VP of strategy at Fairwinds Securing workloads in Kubernetes is an important part of overall cluster security. The overall goal should be to ensure that containers are…
Identifying Kubernetes Config Security Threats: Pods Running as Root
Guest post by Joe Pelletier, VP of Strategy at Fairwinds With different teams – development, security and operations – and prioritization of speedy delivery over perfect configuration, mistakes are inevitable. As teams work on building and shipping new…
Kubernetes audit: making log auditing a viable practice again
Originally published on Alcide Blog by Nitzan Niv In the security world, one of the most established methods to identify that a system was compromised, abused or mis-configured is to collect logs of all the activity performed by…
The CNCF engaged two security firms, Trail of Bits and Atredis Partners, to poke around Kubernetes code over the course of four months. The companies looked at Kubernetes components involved in networking, cryptography, authentication, authorization, secrets management, and…
TOC approves CNCF SIGs and creates security and storage SIGs
Earlier this year, the Technical Oversight Committee (TOC) voted to create CNCF Special Interest Groups (SIGs). CNCF SIGs are currently being bootstrapped in various focus areas and primarily led by recognized experts and supported by contributors. They report directly…
Kubernetes in highly restrictive environments: meeting the needs of enterprise governance & security
Installing Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t. Oleg will outline a plan to use the technology while meeting enterprise security requirements. In this technically-focused talk, he’ll summarize common prerequisites…