More and more companies are relying on container technologies such as Docker or Podman. In order to operate this efficiently and in production, an orchestration solution is used - the decision is now almost always made in favor of Kubernetes. Kubernetes offers a lot, but has a steep learning curve and practically requires a modern DevOps organization with everything that goes with it. Safety is often neglected, which can have catastrophic consequences.
In this talk, we shed light on common misunderstandings, errors and the potential regarding the security of Kubernetes environments. How absolute is the separation between namespaces? Why do I need admission controllers? Which permissions are critical? What’s the point of a read-only file system? We answer these and similar questions. Last but not least, we look at the organizational challenges, as technology alone cannot solve all potential security problems. The aim of the lecture is to give participants an overview of central security aspects in the context of Kubernetes and, in particular, to enable software developers and architects to further increase security.
Speaker
Sven Vetsch is Head of Security Research at Redguard AG. The company is responsible for ensuring that both offensive and defensive capabilities are always up to date and that new developments are recognized and introduced. He studied at the Bern University of Applied Sciences (BFH) and successfully completed a degree in computer science with a focus on IT security. Sven holds various certifications such as OPSA, OPST and CKA. As leader of the Open Web Application Security Project (OWASP) in Switzerland and a regular speaker at specialist conferences, he is committed to information security outside of everyday business life.