Who is keeping your cloud native stack secure?
by Oshrat Nir on Mar 5, 2019
Survey after survey is showing that 70% of organizations are using cloud infrastructure. The last bits of the late majority will be joining this year and the laggards will come within a few years. Regardless of the stage of a company’s cloud native journey, security still remains an issue. The same survey states that security ranks as first priority with enterprises.
At Giant Swarm we pay close attention to the need for security. Last year we shared a 5 part series about security on our blog (I, II, III, IV, V). It presented some of the basics and our philosophy when it comes to security.
So…we talk the talk, great! What is important to our customers is that we also walk the walk.
In December 2018, a severe vulnerability was discovered in the Kubernetes API server. It allowed an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster.
The details of the vulnerability were discussed at length in the Kubernetes community. The chain of events is well documented across GitHub and Google Groups. Other contributors to the Kubernetes ecosystem provided analyses of the problem. One could easily find information about the problem, its identification and suggested mitigation.
The recommendation was to upgrade Kubernetes and new releases that included the fix were created for all active versions (v1.10.11, v1.11.5, v1.12.3). Earlier versions, did not receive an upgrade, so their upgrade deficit grew to include a security vulnerability.
At Giant Swarm, we were ready to upgrade all our customers to the secure version the next day. Regardless of the Kubernetes version, or the cloud provider. Customers on AWS, Azure, and on-premises, were all proactively notified of the vulnerability and its solution. Most of our customers don’t have Kubernetes APIs exposed to the public internet. Still, all benefited from a quick and transparent upgrade that allowed them to keep running their businesses - threat free.
This incident highlights how important it is to have several layers of security. But also that only with an automated update system, as well as the ability to quickly test and release upgrades, you and your business can really be safe.
Want to find out how the Giant Swarm Infrastructure deploys and scales Kubernetes Clusters? Request your free trial here by taking our survey and find out if you’re eligible.
You May Also Like
These Related Stories
The State of Kubernetes 2019
Last year I wrote a post entitled A Trip From the Past to the Future of Kubernetes. In it, I talked about the KVM and AWS versions of our stack and th …
Cost Analysis for Kubernetes Clusters on AWS Using Tags
Tracking the cost of your infrastructure is an important task, especially when you are running a large variety of workloads. It is common for our cust …
Get Visual with Our Web UI
As of today, all users have access to The Giant Swarm Web UI. Use it to get an overview of the status of your services. It also features a novel way t …