Cloud Native CYBER SECURITY
The 4C's of Cloud Native security
The 4C's of Cloud Native security are
Cloud
Clusters
Containers
Code
Each layer of the Cloud Native security model builds upon the next outermost layer. The Code layer benefits from strong base (Cloud, Cluster, Container) security layers. You cannot safeguard against poor security standards in the base layers by addressing security at the Code level.
Cloud
In many ways, the Cloud (or co-located servers, or the corporate datacenter) is the trusted computing base of a Kubernetes cluster. If the Cloud layer is vulnerable (or configured in a vulnerable way) then there is no guarantee that the components built on top of this base are secure. Each cloud provider makes security recommendations for running workloads securely in their environment.
Cluster
There are two areas of concern for securing Kubernetes:
Components OF the Cluster
Components IN the cluster (your application)
Container
Area of Concern for Containers
Container Vulnerability Scanning and OS Dependency Security
Image Signing and Enforcement
Disallow privileged users
Use container runtime with stronger isolation
Code
Application code is one of the primary attack surfaces over which you have the most control. While securing application code is outside of the Kubernetes security topic including (Code Security)
Access over TLS only
Limiting port ranges of communication
3rd Party Dependency Security
Static Code Analysis
Dynamic probing attacks