WHITE PAPER
Zero-Trust Security: Safeguarding Internal Applications Migrating to Kubernetes
The benefits of implementing a zero-trust approach in Kubernetes
Application security is fundamentally affected when an organization decides to migrate internal applications — such as payroll, human resources management, and other non-public-facing applications — to microservices-based architectures managed by Kubernetes. It’s important that DevOps and security professionals understand why and how, so they can adapt.
The old network perimeter security model, a holdover from the days of traditional client-server architectures, is not sufficiently effective or manageable in the complex environments microservices reside and execute within, and against the types of threats those microservices face.
The solution is to adopt the zero-trust security paradigm — which essentially means trust no one and nothing — by switching the focus of security from enforcing perimeters to authenticating identities.
The principle of least privilege can be implemented for all microservices through strong authentication and highly granular access control. This can be implemented either by building authentication and access control capabilities into each microservice, which would be resource intensive, or by leveraging an identity aware proxy (IAP) that provides authentication and access control services to all the microservices, effectively mediating all access to them.
This updated white paper provides an overview of the security challenges that migrating internal applications to microservices pose, and explains how the zero-trust security paradigm can address those challenges and make life easier for DevOps and security professionals working with Kubernetes.
