<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

We're blowing the whistle on Legacy PAM 🏀 Join us for an Access Madness Webinar on March 28

Search
Close icon
Search bar icon

Kubernetes Governance Webinar Recap

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

Kubernetes adoption presents new challenges for governance, as operations teams must verify and enforce rules across Kubernetes clusters and the applications running in those clusters. That’s why Justin McCarthy, CTO and co-founder of StrongDM, recently sat down with Techstrong Group CCO Mike Vizard and a panel of experts to discuss common governance pitfalls, plus the tools and frameworks DevOps, compliance, and security teams are using to help manage them.

The full panel included:

  • Ritesh Patel—Co-founder and VP of Product at Nirmata
  • Mohamed Ahmed—VP of Developer Platforms at Weaveworks
  • Rachel Sweeney—Insights Enablement Engineer at Fairwinds
  • Haseeb Budhani—Co-Founder and CEO at Rafay Systems

So, what is required for successful Kubernetes adoption? Here’s the recap:

Flexibility, Meet Standardization

The panel discussed the pitfalls and challenges of Kubernetes governance, including:

  • What makes Kubernetes governance so challenging?
  • How do you prevent misconfigurations from being distributed across everything and creating havoc?
  • How do you apply governance across multiple clouds? What about data centers?
  • Are freedom and flexibility the enemies of standardization and governance?

Rachel Sweeney suggested that the best way to avoid misconfigurations and apply governance across multiple platforms is to shift governance earlier in the CI/CD pipeline. That way, she says, “It doesn't matter whether you're going to AWS or to every cloud out there. You can catch [mistakes] early.”

Mohamed Achmed countered–or perhaps expanded on–this idea, saying, “Ideally you should have your governance applied everywhere: at commit time, at build time, and at run time.”

When Ad Hoc Wreaks Havoc

Mike Vizard also asked a series of questions around the topic of shifting left when it comes to cloud security. 

  • Who's in charge of governance? Developers? At what point does somebody else get involved? What is that relationship, and how is it evolving?
  • At what point in your deployment does governance become an issue? 
  • How often is there forethought, and how often is Kubernetes governance ad hoc? 
  • Does shifting left make sense for Kubernetes governance? If so, what role do compliance and security teams play?

When it comes to establishing governance from the moment of adoption, Justin McCarthy thinks we’re on the right track, especially for teams deploying an application in a commercial environment. He joked, “You only care about governance if your data is important, and it seems like a minority of companies that would say their data isn't important.”

And security and compliance teams do have a role to play. Justin added, “there is a limit to how much you can pull left at the Kubernetes level,” particularly when working with third-party auditors. While automation is an important tool in gathering and presenting evidence for an audit, you still need a human who knows how the system is configured and how it is supposed to work.

“As-Code” in K8s Governance

Finally, the panelists addressed emerging tools and frameworks to help integrate Kubernetes governance into workflows.

  • Are you seeing the emergence of governance as code, where people are using APIs to embed the governance into their flow?
  • Does there need to be a change in mindset among security and compliance folks toward more open-source governance tools?

Justin said that automation has a role to play in Kubernetes governance, for example in the form of “automated binding to an identity provider.” 

Rachel added that both open-source and SaaS offerings can also play a part, depending on the maturity of the organization. The right choice lands “on a spectrum of how much time and experience you have, and that's going to put you on one end of the spectrum of doing it yourself, hiring somebody to do it for you, or using their software to do it.”

Want to hear more from the panelists? You can check out the replay. And if you need help managing access to Kubernetes and other infrastructure, come on over to StrongDM for a free demo.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

MITRE ATT&CK Framework Containers Matrix for Kubernetes
MITRE ATT&CK Framework Containers Matrix for Kubernetes
If you’re Kuberntes admin and you’re not familiar with the tactics outlined in the MITRE ATT&CK framework, this blog post is for you. MITRE ATT&CK framework is an extensive knowledge base of tactics and techniques employed by bad actors that defensive security experts use to help defend their organizations against attack, and many times, used by their offensive security counterparts to test their weaknesses.
CIS Kubernetes Benchmark Implementation Recommendations
CIS Kubernetes Benchmark Implementation Recommendations
The CIS Kubernetes Benchmark is a set of prescriptive recommendations assembled to guide administrators to achieve good security hygiene and results in strength security outcomes for their Kubernetes environments.
Simplify Kubernetes Management on AWS
Simplify Kubernetes Management on AWS
Secure access controls must be applied universally and consistently across all your infrastructure—from the Linux boxes in your datacenter to your Kubernetes clusters in AWS. StrongDM Dynamic Access Management is uniquely positioned to provide seamless, secure access across your entire stack, simplifying access management and compliance for your legacy systems and modern cloud stack.
SSH and Kubernetes Remote Identities
Supercharge Your SSH and Kubernetes Resources with Remote Identities
Learn how Remote Identities helps you leverage SSH and k8s capabilities to capitalize on infrastructure workflow investments you’ve already made.
Enterprise Kubernetes
Kubernetes in the Enterprise Webinar Recap
Join strongDM CTO Justin McCarthy and a panel of experts as they discuss the challenges, complexities, and best practices of enterprise k8s adoption.