Kubernetes Security: K8s Is Both the Problem and the Solution

This IDC Perspective provides an in-depth review of Kubernetes security. Securing a Kubernetes environment is not like securing a virtualized collection of servers and applications. Kubernetes totally changes the rules of the software code protections game as applications move from monolithic to microservices based, linking hundreds or even thousands of loosely coupled services that are dynamic, ephemeral, and highly distributed, often with the support of third-party applications that have their own vulnerabilities and maintenance challenges. Building security into applications is now the model for modern application development and requires a "shift left" approach."The uniqueness of Kubernetes has customers demanding more comprehensive solutions. Bolt-on, after-the-fact security solutions are things of the past and just will not work. Modern application development requires the ability to build security into applications. Security should be viewed as a continuous process rather than products." - Frank Dickson, group vice president, Security and Trust at IDC.