Tigera Makes Implementing Zero-Trust for Kubernetes Easier
Tigera announced today it is making it simpler to implement zero-trust policies at the namespace level across multiple Kubernetes clusters.
Kubernetes clusters make it possible to implement security policies at the pod level using a PodSecurity application programming interface (API) that requires both cybersecurity and Kubernetes expertise to define and implement security policies.
Utpal Bhatt, chief marketing officer for Tigera, says it’s simpler for organizations to implement zero-trust security policies across multiple clusters using the open source Calico network overlay on which the Tigera cloud-native application protection platform (CNAPP) is based. Tigera has now extended its Security Policy Recommender tool to surface suggestions for implementing security policies at both the pod and namespace levels.
In addition, the latest edition of Calico complies with the FIPS-1 standard in keeping with FedRAMP compliance requirements for federal agencies.
Increased adoption of Kubernetes is coinciding with a broader effort to implement zero-trust IT policies. The National Institute of Standards and Technology (NIST) defines zero-trust IT as an “evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” In other words, there is no implicit trust granted to assets or users based solely on their physical or network location or asset ownership.
Those policies are critical because attacks aimed at Kubernetes clusters are increasing as more of them are deployed in production environments, notes Bhatt.
Achieving zero-trust requires IT teams to be able to define a set of policies for accessing services based on the specific identity of the end user, application or device. In the case of Kubernetes clusters, it becomes simpler to enforce those policies across multiple clusters at the namespace level, Bhatt explains. That’s especially critical at a time when more organizations are finding themselves managing fleets of Kubernetes clusters deployed everywhere from the edge to the cloud, he adds.
Zero-trust IT policies are, of course, easier to implement as new workloads are being deployed; some organizations may decide that no new cloud-native application can be deployed unless zero-trust security policies are enforced. One way or another, however, zero-trust IT policies will eventually become the IT norm to better ensure cybersecurity.
In the case of Kubernetes clusters, it is unclear whether those policies will be defined and enforced by IT operation teams or a dedicated cybersecurity team. As more responsibility for cybersecurity is shifted left toward developers and IT operation teams, there is less need for security operations teams. Instead, cybersecurity teams will focus their time and effort on defining and tracking the efficacy of cybersecurity policies.
Each organization will, of course, need to decide where and how far to shift responsibility for cybersecurity. However, IT teams’ overall cybersecurity maturity level will continue to increase steadily in the months and years ahead. The challenge now is finding the simplest way possible to enforce zero-trust IT policies across a much more extended enterprise.
