Cloud Native Security Survey: Kubernetes Defaults ‘Too Open’>
Virtualization Review – David Ramel
Respondents to a cloud native security survey said default settings for the Kubernetes container orchestration platform are “too open.” That problem hinders secure production deployments and will require effort and maturity to solve, according to a new post from the Cloud Native Computing Foundation (CNCF).

In anecdotal feedback, participants in that retrospective survey said the cloud native security community should address the aforementioned “too open” Kubernetes default settings problem in the following ways: Work on providing production-ready recipes like network policies and OPA Gatekeeper constraint templates. Push for more buttoned-up defaults like disabling auto-mounting service account tokens and enabling audit logging. Introduce friendlier docs on how to increase observability and use OPA Gatekeeper. New open source tools to identify image vulnerabilities effortlessly (both at runtime and in the registry). Specifically, findings indicate that while 85 percent of respondents indicated that modernizing security is very important to their organization’s cloud native deployment, only 9 percent had a fully documented set of procedures that are implemented automatically for their teams. One common problem faced by users of open source software in today’s cloud-native cloudscape is the use of third-party code that could be insecure, containing vulnerabilities or even malware, and the new report shows 12 percent of organizations said their processes and policies for securing third-party software were non-existent. Another takeaway repeats a familiar refrain: a top challenge in running cloud-native environments is a lack of technical expertise, reported by 58 percent of the respondents.
Link: https://virtualizationreview.com/articles/2021/10/12/cncf-security-surveys.aspx