Safeguarding Internal Applications Migrating to Kubernetes

Application security is fundamentally affected by migrating internal applications—such as payroll, human resources management, and other non-public-facing applications—to microservices-based architectures managed by Kubernetes. It’s important that DevOps and security professionals understand why and how so they can adapt. The old network perimeter security model, a holdover from the days of traditional client-server architectures, is not sufficiently effective or manageable in the complex environments microservices reside and execute within, and against the types of threats those microservices face.

The solution is to adopt the zero-trust security paradigm—which essentially means trust no one and nothing—by switching the focus of security from enforcing perimeters to authenticating identities. Achieve the principle of least privilege for all microservices through strong authentication and highly granular access control. This can be implemented either by building authentication and access control capabilities into each microservice, which would be resource intensive, or by leveraging an identity aware proxy (IAP) that provides authentication and access control services to all the microservices, effectively mediating all access to them.

This white paper provides an overview of the security challenges that migrating internal applications to microservices pose and explains how the zero-trust security paradigm can address those challenges and make life easier for DevOps and security professionals.