How to start your cloud security journey
Guest post originally published on InfraCloud’s blog by Frederick Fernando When you start building your cloud infrastructure, security might not be a top priority as much as getting your project up and running. This might lead…
With the help of the CNCF Security Technical Advisory Group (TAG), CNCF recently conducted a microsurvey of the community to see how organizations are managing cloud native security. Overall, the report shows that organizations recognize the…
7 Ways to mitigate your SaaS application security risks
Originally published on the Msys Technologies blog If you’re a SaaS entrepreneur or you’re looking to build a SaaS application, in that case, you may already be aware of the fact that there is a new…
Kubernetes Configuration – Auditing for Enterprise Best Practices Through Open Source Tooling
Kubernetes may be changing the cloud world, but your average ops team still hasn’t gotten comfortable with Kubernetes as a new paradigm. This webinar will talk about the ways your team can go about getting complex…
Announcing the Cloud Native Security White Paper
The CNCF Security Special Interest Group (SIG) has just released a new Cloud Native Security Whitepaper to help educate the community about best practices for securing cloud native deployments. The whitepaper intends to provide organizations and…
Many people know that Kubernetes can report API activity to logging back ends and that auditing is a powerful security tool, but what happens in the real world when you have: Multiple API servers Mutating Admission…
Common Kubernetes config security threats
Guest post originally published on the Fairwinds blog by Joe Pelletier, VP of strategy at Fairwinds Securing workloads in Kubernetes is an important part of overall cluster security. The overall goal should be to ensure that…
Identifying Kubernetes Config Security Threats: Pods Running as Root
Guest post by Joe Pelletier, VP of Strategy at Fairwinds With different teams – development, security and operations – and prioritization of speedy delivery over perfect configuration, mistakes are inevitable. As teams work on building and…
Kubernetes audit: making log auditing a viable practice again
Originally published on Alcide Blog by Nitzan Niv In the security world, one of the most established methods to identify that a system was compromised, abused or mis-configured is to collect logs of all the activity…
The CNCF engaged two security firms, Trail of Bits and Atredis Partners, to poke around Kubernetes code over the course of four months. The companies looked at Kubernetes components involved in networking, cryptography, authentication, authorization, secrets…