Gartner estimates that over 85% of organizations will run applications in container environments by 2025. In this context, Kubernetes has become the standard for orchestrating and scaling applications.
To make its adoption easier for developers, the default configuration of Kubernetes focuses on being easy-to-use at the expense of its security posture, which does not match the needs of production environments.
Lockless helps you in adopting and securing your Kubernetes environments at 360 ° by evaluating specific strategies and policies based on your needs. Our process is based on the guidelines defined by the Center for Internet Security (CIS) and allows you to make your environments CIS-compliant in the shortest time possible.
The definition of ad-hoc configuration files for master nodes and worker nodes is essential to enable the essential security plugins and to improve the observability of the state of the cluster.
Many attacks exploit compromised container images as entry-points. Therefore, it is essential to configure the environment to verify the source and the integrity of the deployed images.
Containers are run by ad-hoc users called Service Accounts. By associating Pod Security Policies to Service Accounts, it is possible to limit the privileges of each container following the least privilege principle.
The default Kubernetes configuration does not impose any limit on the communication between containers running in the cluster. The definition of Network Policies allows you to protect and isolate attacks on specific containers.
Kubernetes offers several access control mechanisms, including RBAC, which allows to establish the privileges of each user and block any operation that goes beyond its operational duties.
Kubernetes has been designed to support the continuous evolution of applications. In this scenario, it is essential to integrate security benchmarks into release procedures to ensure a secure configuration of the cluster over time.