Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword
Cloud Native Ecosystem / Kubernetes / Security

Identity and Access Management Is a Pain Point in Kubernetes

TNS Pancake Podcast panel talk why IAM has become even more difficult to manage than in the past and offered their perspectives about potential solutions.
Dec 18th, 2020 3:00pm by and
Featued image for: Identity and Access Management Is a Pain Point in Kubernetes

Prisma Cloud from Palo Alto Networks sponsored this podcast.

Identity and access management (IAM) was previously relatively straightforward. Often delegated as a low-level management task to the local area network (LAN) or wide area network (WAN) admin, the process of setting permissions for tiered data access was definitely not one of the more challenging security-related duties. However, in today’s highly distributed and relatively complex computing environments, network and associated IAM are exponentially more complex.

Managing distributed IAM was the main topic of this episode of The New Stack Analysts podcast, recorded for KubeCon + CloudNativeCon attendees. In our latest “Virtual Pancake and Podcast,” TNS founder and publisher Alex Williams and guests discussed why IAM has become even more difficult to manage and offered their perspectives about potential solutions.

Why IAM is a Pain Point in Kubernetes

The event featured Lin Sun, IBM’s senior technical staff member and Master Inventor for Istio; as well as Nathaniel “Q” Quist, senior threat researcher (Public Cloud Security Unit 42), Palo Alto Networks. TNS managing editor Joab Jackson served as co-host.

The gap in effective IAM has served as an attractive — and relatively easy — entrance into networks and databases for attackers. It can often just take the theft of one set of developer login credentials uploading code on GitHub to cause real damage. In this way, attackers can gain network access and privileges that typical users of a cloud environment do not typically have.

The Palo Alto Networks’ Unit 42 Cloud Threat Report reported that 23% of organizations surveyed experience crypto-mining operation within their environment targeting cloud service provider credentials stored on the endpoint, Quist noted. “Then, [access] just being ‘templatized’, just makes it a whole lot easier for them to — not just gain access to the system — but to take a step further and gain access to the actual environment itself,” Quist said.

The highly distributed nature of Kubernetes, of course, brings introduces a new set of IAM challenges. However, the good news is that service mesh, increasingly seen as essential for managing Kubernetes environments and associated microservices, can also lend itself to IAM. Among Istio’s standardization for service mesh, IAM falls under the security umbrella of service mesh capabilities, in parallel with observability and connectivity.

Service mesh “provides authentication and authorization policies that are more service-oriented,” said Sun. “They can leverage Layer 7 data to make intelligent decisions on that,” she said.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma, Unit.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.