In H1 2024, organizations benefiting from using Kubernetes development environments and a cloud security platform betrayed some high-risk cloud vulnerability habits…

Based on analyzing Jan through June 2024 customer cloud data processed in its own cloud security platform, a cybersecurity firm has released some findings in a cloud risk report.

First, as more businesses have been adopting Kubernetes to orchestrate their cloud infrastructure, serious security gaps in these environments have been leaving organizations (whose cloud risks were analyzed for the report) vulnerable to attacks. Specifically, 78% of organizations in the data analyzed had publicly-accessible Kubernetes API servers. Of these, 41% had allowed inbound internet access to their Kubernetes clusters, making them even more susceptible to external threats.

Second, 44% of organizations in the firm’s data had been running containers in privileged mode, granting these containers full access to the host system’s resources, which increased the risk of attackers escalating any control they could gain.

Other findings

Third, 58% of organizations in the data analyzed had cluster-admin role bindings that provided unrestricted access to all Kubernetes resources, which could, in the event of a breach, allow attackers to gain full control over the cluster.

Fourth, based on these findings of H1 2024, four mitigation practices have been highlighted for the improved safeguarding of Kubernetes environments in general:

  1. Limit Kubernetes API exposure: Ensure that Kubernetes API servers are not exposed to the public internet, through firewalls and network segmentation.
  2. Reduce running containers in Privileged Mode: Adhere to security best practices outlined in the CIS Kubernetes Benchmark and NIST guidelines to limit container access to host resources.
  3. Harden role-based access control: Audit and restrict the use of cluster-admin roles regularly. Replace overly permissive role bindings with granular permissions that adhere to the principle of least privilege.
  4. Audit Kubernetes configurations regularly: This can facilitate detection and mitigation of any misconfigurations or unnecessary exposures. Disable anonymous access to the Kubelet API and ensure that all communications within the cluster are encrypted..

According to Ari Eitan, Research Director, Tenable, the firm whose cloud research arm performed the H1 2024 data analysis of customer cloud risks, organizations employing the container technology should prioritize security, “particularly by closing exposure gaps and enforcing strict access controls. Proactive measures today will protect organizations from becoming tomorrow’s headline breaches.”