Top 5 Kubernetes Vulnerabilities of 2020

Top 5 Kubernetes Vulnerabilities of 2020 Security is a funny, elusive thing. You will rarely hear a security professional describe something like “secure” – Liz Rice. Now when it comes to Kubernetes too, we have observed that its default settings had left the control plane insecure in important ways in the past. The situation gets […]

Identity is the New Perimeter

Identity is the New Perimeter The perimeter is porous.. identity is the new perimeter The last few years has seen a tectonic shift in the velocity and sophistication of software development and deployment models. The following depicts this shift. In this move to multi-cloud architectures, it has been established that we live in a “perimeter-less” […]

Containing Cloud Costs via Portable Security

Containing Cloud Costs via Portable Security If you are like me, I am sure you have been devastated to see your Public Cloud Computing bill. Your teenager’s credit card bill or phone bill pales in comparison! Hence it is with great interest that I read two amazing articles [1, 2] on this subject from Cloud, […]

Preventing an attack like SolarWinds through ZeroTrust

Preventing an attack like SolarWinds through ZeroTrust “Attackers Were Inside SolarWinds in January 2019” said CEO Sudhakar Ramakrishna [1] in May 2021. The attackers were in eight months longer than previously believed. SolarWinds’ original timeline put the first signs of infiltration at about September 2019. More recently based on analysis of hundreds of terabytes of […]

If Data is the New Oil, who is protecting your “Data”?

If Data is the New Oil, who is protecting your “Data”? Back in 2017, The Economist [1] published a story titled, “The world’s most valuable resource is no longer oil, but data”. Looking back, it was quite a prophetic statement. Companies have used Data for strategic purposes (customer relationship marketing, product/service strategy, etc.) while ensuring […]

“Zero Trust” Approaches to run-time Kubernetes Security

While the concept of Zero Trust is not new, it has become a strategic imperative in the post-SolarWinds breach world we live in. The following article outlines key concepts involved in Zero Trust Cloud Security. This article covers the “Why” and “What”; a subsequent article will cover the implementation aspects — “How”.