NSA, CISA Report Outlines Risks, Mitigations for Kubernetes

Two of the largest government security agencies are laying out the key cyberthreats to Kubernetes, the popular platform for orchestrating and managing containers, and ways to harden the open-source tool against attacks.

In a 52-page report released this week, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) noted the advantages to enterprises using Kubernetes to automate the deployment, scaling, and managing of containers and running it in the cloud, citing both the flexibility and security benefits when compared to other monolithic software platforms.

“However, securely managing everything from microservices to the underlying infrastructure introduces other complexities,” the report’s authors wrote. “Kubernetes clusters can be complex to secure and are often abused in compromises that exploit their misconfigurations.”