Identity and Access Management Is a Pain Point in Kubernetes

Prisma Cloud from Palo Alto Networks sponsored this podcast.

Identity and access management (IAM) was previously relatively straightforward. Often delegated as a low-level management task to the local area network (LAN) or wide area network (WAN) admin, the process of setting permissions for tiered data access was definitely not one of the more challenging security-related duties. However, in today’s highly distributed and relatively complex computing environments, network and associated IAM are exponentially more complex.

Managing distributed IAM was the main topic of this episode of The New Stack Analysts podcast, recorded for KubeCon + CloudNativeCon attendees. In our latest “Virtual Pancake and Podcast,” TNS founder and publisher Alex Williams and guests discussed why IAM has become even more difficult to manage and offered their perspectives about potential solutions.

Why IAM is a Pain Point in Kubernetes

The event featured Lin Sun, IBM’s senior technical staff member and Master Inventor for Istio; as well as Nathaniel “Q” Quist, senior threat researcher (Public Cloud Security Unit 42), Palo Alto Networks. TNS managing editor Joab Jackson served as co-host.

The gap in effective IAM has served as an attractive — and relatively easy — entrance into networks and databases for attackers. It can often just take the theft of one set of developer login credentials uploading code on GitHub to cause real damage. In this way, attackers can gain network access and privileges that typical users of a cloud environment do not typically have.

The Palo Alto Networks’ Unit 42 Cloud Threat Report reported that 23% of organizations surveyed experience crypto-mining operation within their environment targeting cloud service provider credentials stored on the endpoint, Quist noted. “Then, [access] just being ‘templatized’, just makes it a whole lot easier for them to — not just gain access to the system — but to take a step further and gain access to the actual environment itself,” Quist said.

Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Learn More

The latest from Prisma by Palo Alto Networks

The highly distributed nature of Kubernetes, of course, brings introduces a new set of IAM challenges. However, the good news is that service mesh, increasingly seen as essential for managing Kubernetes environments and associated microservices, can also lend itself to IAM. Among Istio’s standardization for service mesh, IAM falls under the security umbrella of service mesh capabilities, in parallel with observability and connectivity.

Service mesh “provides authentication and authorization policies that are more service-oriented,” said Sun. “They can leverage Layer 7 data to make intelligent decisions on that,” she said.

The Cloud Native Computing Foundation and Palo Alto Networks are sponsors of The New Stack.

Alex Williams is founder and publisher of The New Stack. He's a longtime technology journalist who did stints at TechCrunch, SiliconAngle and what is now known as ReadWrite. Alex has been a journalist since the late 1980s, starting at the...

Read more from Alex Williams

BC Gain’s obsession with computers began when he hacked a Space Invaders console to play all day for 25 cents at the local video arcade in the early 1980s. He then started writing code for very elementary games on the...

Read more from B. Cameron Gain