The 2022 Cloud-native Application Protection Platform (CNAPP) Analysis Report found that “96% of organizations are either using or evaluating Kubernetes, and 93% of them are currently using or are planning to use containers in production” (Research and Markets).
This confirms what we all know to be true—the present and future of enterprise computing is in the cloud, managed by tools like Kubernetes.
The advantages of cloud orchestration tools like Kubernetes over older server management approaches are clear: scalability without manual intervention, portability on multiple cloud providers, and declarative configuration that allows for less management by humans. For these reasons, we’ve seen a massive shift towards Kubernetes implementations.
Great popularity can also bring great vulnerability. With the proliferation of Kubernetes use, cyberattackers have learned how to exploit the same weaknesses among enterprises that utilize this open-source software.
In the rush to take advantage of better tools, enterprises should proceed with caution. Security teams must pause to think through the basic questions about security for their data and systems. Basic doesn’t mean easy: what we’re talking about here is understanding how your systems issue digital certificates to your Kubernetes nodes and whether you can really trust those identities to mean something.
Just using a service mesh in Kubernetes is not enough. The defaults typically stand up a software-based certificate authority that automatically issues identity certificates to all nodes in the cluster. This is very convenient, and very insecure. The default configuration essentially assumes your system is already secure, instead of helping you to make it secure. For example,
- If an adversary can create a node, then it will automatically get a certificate. From that point the counterfeit node will be trusted by all the other nodes in the cluster.
- If an adversary starts poking around the “secrets” data type it can unearth the certificate authority’s root key and then impersonate the CA – issuing false but trusted certificates to other nodes.
The right approach to Kubernetes security is to use an external certificate authority that uses proper hardware security and policy enforcement. It’s a small extra step, but it’s vital to ensuring you’re actually in control of your systems.
Velocity is great—failing to secure your systems because your team doesn’t know all the details of the new tools is not. SecureG can help ensure that your virtual device identities—like the nodes in Kubernetes—are done on a solid foundation. Contact us for more information.
The chip shortage that began in 2020 had a significant impact on many industries in the United States. One noticeable effect was the empty dealership lots, as the shortage affected the production and distribution of vehicles.
However, the Biden administration’s CHIPS and Science Act has aimed to address the chip shortage by investing over $200 billion in American research, development, and supply chains. As a result, opportunities have increased for suppliers and contractors.
Taiwan Semiconductor Manufacturing Company (TSMC) is also making efforts to address the chip shortage. The company recently announced plans to invest $40 billion in chipmaking in Arizona, making it the largest foreign investment in the state. President Biden visited the Phoenix manufacturing plant and emphasized the importance of building strong supply chains for the global economy.
At SecureG, we believe in the importance of ensuring security for U.S. critical infrastructure, particularly in the rapidly-evolving tech industry. That’s why we develop innovative PKI technology to authenticate chips, devices, and systems from the silicon up. Our solutions enable secure provisioning, management, and security updates, allowing for sophisticated control and security policies that enhance reliability and resilience for critical infrastructure applications.
At SecureG, we are committed to protecting the innovations made possible by industry investment and government efforts to restore the chip industry. Contact us to learn more about how we can help.
With the proliferation of IoT devices, it is important that IoT designers build more basic security into devices before putting them into customers’ hands.
Where do you start?
The first and most essential step in this process is to build a trustworthy identity into the device at the time of manufacture.
What’s the advantage for customers?
Digital identity in the IoT device allows makers, users, and owners to control them better – including doing safe firmware upgrades in the field.
What’s the advantage for IoT OEMs?
Putting digital certificates in is the first step in delivering ongoing value to the end user – and this enables a subscription revenue model instead of just a one-time sale.
How does SecureG technology, products, and services fit into this goal?
SecureG’s technology builds a trustworthy identity into IoT devices at the time of manufacture and continuously rechecks this identity throughout its life cycle.
The challenge our next-generation networks face is the speed at which devices are trying to operate without the infrastructure required to securely make this happen. SecureG makes sure the authentication for communications networks, power grids, and critical infrastructure is secure first, so that down the line the devices within these networks can be trusted.
How do I secure my next IoT line?
Whether it be manufacturing, integration, or deployment, SecureG’s technology works in every stage when you need to make sure devices are who they say they are. Contact us today.
