November 18, 2020

Kubernetes Security, Reliability, Efficiency: It’s all about Configuration

The number one cause of security breaches in the cloud is misconfiguration, according to a Security Boulevard article. I dig into why and how to avoid misconfiguration in this blog.

Misconfiguration Everywhere

To just about any operations engineer or executive this may seem blatantly obvious, but it touches on a bigger issue—misconfiguration affects everything. The reliability of our services, the security of our infrastructure, the efficiency at which they run—it’s all the same thing, and all of them are completely intertwined with one another.

If you’re an executive at a technology company your job is not “just to produce great software”, it’s also to do it in a way that doesn’t cost you money. A security breach costs you money—goodness, just ask Equifax. It can be completely crippling, especially if it’s a big public failure and overnight all of your customers lose trust and flee to a competitor. Likewise when you overly restrict how much money your team can spend on their development, they end up cutting corners—they may deliver things that were thrown together in a hurry to come in under budget, and therefore they fail to adequately test, or buy tools that will ensure security. By aiming to avoid spending too much it can lead to vulnerabilities ripe for hackers to exploit, leading to security failures, costing you money and your reputation.

Reliability plays a part here as well. If a piece of your infrastructure goes down it costs money to page people and bring it back up. It costs money in lost customers or sales, and in some situations it’s suddenly vulnerable to outside attack. And yet there are a million vendors out there looking to sell you a one-stop security solution that doesn’t address the other issues. Likewise there are vendors out there promising to help you get your cost under control without a view of the whole picture.

Infrastructure as a House

Buying a Kubernetes security tool that takes nothing else into consideration is like buying a house with  bullet proof windows, and doors that don’t open. Suddenly you have a solution that is technically “impenetrable” but you have to pay another contractor to come in and drill a hole in the wall so you can get in and out. 

Buying a Kubernetes cost efficiency tool that ignores security or reliability is like building a house with a wooden foundation. Congratulations! You came in under budget! Unfortunately now the house is sinking to the right and sliding down the mountain you built it on. It sure had a pretty kitchen, but that doesn’t do you much good when it has slid into the river and floated away.

Everything in operations (just like building a house) is a series of tradeoffs. While bullet-proof glass might be overkill for your living room windows, double-pane windows are a good solution to be pretty, reasonably affordable, and well enough insulated to make living in the house an achievable dream. 

You need Kubernetes tooling that takes all of this into consideration. You need tooling that helps you build a functional house (read: cloud infrastructure) that is also as cost-efficient, reliably built, and secure as possible.

Fairwinds Insights

With Fairwinds Insights, we’ve tackled security, reliability, and efficiency (cost optimization). It may seem like a lot, but it’s really all different words for the same thing—configuration. You can get validation for what you’ve already built. Our latest release now allows you to  keep things from entering the infrastructure that you haven’t approved (Kubernetes policy enforcement).

Configuring Kubernetes is still hard for most people, the world of Kubernetes is complex and new. But it can be done well. And if you have the right tool—like Fairwinds Insights—you won’t have to build four (read: forty) houses before you get those tradeoffs right.

Build it right the first time. And then, with great policies in place—with the help of out of the box checks and recommendations from Fairwinds, and the ability to write custom policy with OPA, you can set standards for every other house built in your neighborhood.

As the executive at the company you’re the real-estate developer. You want all your houses to meet a certain standard—your reputation depends on it. Get it right the first time by not failing to consider that none of this can be done in a silo. Security is Reliability is Efficiency.