Cloud Security Migration

Uncover the Security Risks across Kubernetes and Cloud Resources Using a Single Lens

As organizations increasingly operationalize Kubernetes in the public cloud, our team at CloudHealth Secure State has been committed to helping reduce security risks due to misconfigurations by providing a solution addressing the need for a Kubenetes Security Posture Management (KSPM) solution for managed Kubernetes services in Amazon EKS, Microsoft AKS, and Google GKE. Additionally, Kubernetes is currently going through an evolution where cloud providers are morphing Kubernetes by adding capabilities for developers to easily consume cloud resources in Kubernetes clusters such as IAM roles for service accounts and security groups for pods and quickly spin up cloud resources from Kubernetes clusters like load balancers and storage volumes. Simultaneously, organizations are getting comfortable with running Kubernetes in cloud environments. As a result, the need to have visibility of Kubernetes resources running in the cluster and to understand how these are connected to your public cloud resources, is becoming increasingly important. And our interconnected Kubernetes Security Posture Management (KSPM) capability for the cloud managed services, exactly does that by providing a single solution for automating risk management in cloud as well as in the interconnected Kubernetes resources.

With this unique functionality, you get the power of unified visibility and deep security context between your Kubernetes and public cloud environments allowing you to factor in resources from both these environments while monitoring any misconfigurations arising between them. It also allows real-time, continuous security monitoring based on industry best practices in addition to rules developed by our research team that span cloud and Kubernetes.

Deeper visibility within your cloud stack

Since the managed Kubernetes clusters are already collected as part of your cloud assets when you attach your cloud accounts to CloudHealth Secure State, the platform auto-discovers your Kubernetes clusters. You simply select the cluster you wish to attach to the platform and install our collector in your Kubernetes cluster.

Kubernetes Cluster table

Once the cluster is attached to Cloud Health Secure State, it performs a full inventory scan and collects your Kubernetes resources running within the cluster. Next, our platform works its magic by leveraging its Interconnected Cloud Security Model to create relationships with collected cloud resources and provides you with deeper visibility of your cloud stack across Kubernetes and public cloud resources. Using the platform’s Explore feature, which allows you to quickly inspect cloud resources, visualize results, and export findings, you can see a list of Kubernetes resources within your cloud account. You can explore relationships between your managed Kubernetes cluster and Kubernetes resources along with the cloud resources. For example, you can see all the Kubernetes cluster nodes associated with the managed cluster. These nodes are the compute resources that power your Kubernetes applications from the perspective of the Kubernetes control plane. You can quickly explore different nodes and find links into related EKS managed node groups, Auto Scaling groups, and the EC2 instances that the node represents.

Connected Resources CHSS

The platform also allows you to further inspect all your Kubernetes workloads running on the managed cluster.

Below is an example for understanding a Kubernetes service account associated with an IAM Role and permissions assigned to each of the workloads. You can also inspect other cloud resources like EC2 instances and ELB Load Balancers associated with the Kubernetes workload. New or any updates to Kubernetes workloads are reflected in near real-time.

Accounts Selected CHSS

Similar capabilities are available for AKS and GKE clusters as well.

Furthermore, CloudHealth Secure State covers Kubernetes CIS benchmarks for EKS, AKS and GKE out of the box. It also includes checks for Kubernetes hardening guidelines released by NSA/CISA and other industry best practices. You also get advanced checks that understand risk due to relationships between cloud and Kubernetes resources.

What’s next

As cloud providers continue to evolve the Kubernetes ecosystem and continue deeper integration with their services, our mission is to help your organization better manage risk through interconnected cloud and Kubernetes security posture management through an integrated cloud-native security platform.

To learn more, feel free to reach out to us directly. Our team of cloud security experts will be happy to discuss your unique needs and walk you through the CloudHealth Secure State solution.