The Data Center Is Olympus: Operational Approaches to Securing Kubernetes
What is the context for Kubernetes if the data center is Mount Olympus? This is my first question to Alcide co-founder and Chief Technology Officer Gadi Naor in this episode of The New Stack Makers podcast, included in our latest ebook, “Kubernetes Deployment & Security Patterns,” to be released next week. Naor made an analogy between the mythic Mount Olympus, home of the Gods, and the modern data center.
The comparison brings into play a concept about how the overall organization views infrastructure. The Olympus Naor describes as the data center now has the powers of Kubernetes. With the energy and force of such a power, how today’s organizations value and protect their core assets becomes a matter of first order.
The first value must be defined by how organizations treat security in Kubernetes. Security is not best used as an add-on, Naor says. It must be native to the deployment. A second consideration is zero-trust, which is best embodied in a security-first approach. There must be considerations of clusters and how microservices make transactions across the interconnected Kubernetes architecture. Developers find microservices appealing but the operations people need observability to know how the components behave. A security layer provides a way for operations teams to monitor the cluster for anomalies. Existing network security does not meet the new demands that come with containers. It may provide a top-view policy but there needs to be more than that. What’s needed is what Naor calls “policy fusion.”
Cloud-native technologies are considerably complex. There are still real needs for virtual machine infrastructure. There’s no question about that. Realistically, the intricacies of today’s Olympus requires a sophisticated policy fusion that allows for multiple policies to be unified in one cohesive manner so security may run at-scale and organizations may take true advantage of Kubernetes’ scalability.
Alcide is a sponsor of The New Stack.