aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
  • Tools
  • About
  • Engineering
  • Technology

Announcing New GKE Functionality For Streamlined Security Management

  • relay
  • November 23, 2022
  • 3 minute read
At Google Cloud, we’re driven by a vision of invisible security, where advanced security capabilities are engineered into our platforms, operations are simplified, and stronger security outcomes can be achieved. As we pursue this ideal, we want to help make security easier to use and manage. Our new built-in Google Kubernetes Engine (GKE) security posture dashboard (now available in Preview) does both, with opinionated guidance for customers that can help improve the security posture of your GKE clusters and containerized workloads. It also includes insights into vulnerabilities and workload configuration checks, and offers integrated event logging so you can subscribe to alerts and stream insight data elsewhere.
https://storage.googleapis.com/gweb-cloudblog-publish/images/1_The_GKE_security_posture_dashboard.max-1900x1900.jpg

The GKE security posture dashboard

Expanding security coverage to your workloads

While a move to Kubernetes provides the foundation for application modernization and developer agility that underpins many organizations’ digital transformation efforts, it can also create new security requirements. Many organizations choose GKE to run and secure containerized workloads because it can help with vital security tasks, including:

  • manage patching, hardening, and compliance;
  • enforce security best practices;
  • and provide powerful controls for segmentation and isolation.

In addition to infrastructure security, containerized workload security is also important. When moving to Kubernetes (or any new platform or architecture,) the threat models, controls, and best practices might not be immediately clear or obvious. Moving to Kubernetes is often part of the digital transformation process for many organizations, and organizations wish to avoid speed bumps that slow modernization and innovation. This process can often lead teams new to Kubernetes to consider expensive and complex third-party tooling that they may not need.

Read More  Cloud CISO Perspectives: December 2021

GKE security posture management can enhance the visibility of workload security, delivering “out-of-the-box” foundational security tools that can simplify management, and can help reduce the need for specialized security expertise. We’re now providing these tools at no extra cost to GKE customers.

Container security made simple

GKE leverages industry standards and the GKE team’s security expertise to provide detailed assessments and assign severity ratings. The dashboard can also show you which of your workloads are affected by a specific security concern, and can make suggestions on how to fix the problem.

https://storage.googleapis.com/gweb-cloudblog-publish/images/2_Identifying_workloads_with_security_vuln.max-2000x2000.jpg

Identifying workloads with security vulnerabilities

Workload vulnerability awareness

If you’re drowning in a sea of Common Vulnerabilities and Exposures (CVE) alerts that seem disconnected from your critical workloads, you are not alone. To address this, GKE scans all of your workloads for CVEs in the Operating System at no extra charge every single day, bubbling the most potentially impactful vulnerabilities to the top of the dashboard. These vulnerability findings are mapped directly to your running workloads, with filters and sorting that can help make prioritization and remediation a breeze.

https://storage.googleapis.com/gweb-cloudblog-publish/images/3_Vulnerability_scan_results.max-1300x1300.jpg

Vulnerability scan results

Of course, we also encourage you to “shift-left” and scan for vulnerabilities before you deploy to GKE using tools like Container Analysis, which can automatically scan vulnerabilities in images pushed to Artifact Registry and Container Registry. Implementing vulnerability assessment at runtime can help to highlight the potential impact of newly discovered vulnerabilities.

Workload security misconfiguration awareness

An overly permissive Kubernetes configuration can threaten the overall security of your clusters. The GKE team and industry experts have worked to develop configuration security standards such as the Pod Security Standards. These specifications can help you avoid issues such as running overly-privileged users and unintended host node access.

Read More  Impact.com: Forging A New Era Of Business Growth Through Partnerships

However, it’s not always easy to ensure that your workloads comply with these standards. The security posture dashboard can provide continuous analysis of deployed workload configurations to surface potentially overly permissive configurations and provide you with specific, actionable fixes.

https://storage.googleapis.com/gweb-cloudblog-publish/images/4_Highlighting_configuration_issues.max-2000x2000.jpg

Highlighting configuration issues and providing recommended actions

Used together with policy enforcement tools like Policy Controller, GKE now can provide comprehensive enforcement and awareness tools to help prevent and detect misconfigured workloads.

Get started today

GKE Autopilot already provides a managed Kubernetes experience that can reduce technical expertise barriers with an opinionated, “hands-free” operating mode. GKE now extends this managed experience to the security domain with an opinionated set of standards-based guardrails and integral security tools.

Learn more about our managed platform for containerized applications, which can provide a powerful and flexible Kubernetes experience.


Want to learn how to use Log Analytics powered by BigQuery in Cloud Logging to reduce data silos and use log data for security use cases? Attend our live webinar on Nov 15. Register today.

 

By: Glen Messenger (Product Manager) and Victor Szalvay (Product Manager)
Source: Google Cloud Blog

relay

Related Topics
  • Containers
  • GKE
  • Google Cloud
  • Google Kubernetes Engine
  • Security
You May Also Like
View Post
  • DevOps
  • Engineering
  • People

2022 State Of DevOps Report Data Deep Dive: Good Team Culture

  • March 29, 2023
View Post
  • Technology

A 5-Minute Tour Of The Fediverse

  • March 28, 2023
View Post
  • Engineering
  • Software Engineering

My First Pull Request At Age 14

  • March 24, 2023
View Post
  • DevOps
  • Engineering

Verify POST Endpoint Availability With Uptime Checks

  • March 24, 2023
View Post
  • Technology
  • Tools

Ditching Google: The 3 Search Engines That Use AI To Give Results That Are Meaningful

  • March 23, 2023
View Post
  • Platforms
  • Technology

Introducing GPT-4 In Azure OpenAI Service

  • March 21, 2023
View Post
  • Research
  • Technology

Cleveland Clinic And IBM Unveil First Quantum Computer Dedicated To Healthcare Research

  • March 20, 2023
View Post
  • Engineering
  • Tools

Monitor Kubernetes Cloud Costs With Open Source Tools

  • March 20, 2023

Stay Connected!
LATEST
  • 1
    Kubernetes K8s.gcr.io Redirect: What You Need To Know As An Anthos Or GKE User
    • March 30, 2023
  • 2
    Oracle Helidon Taps Virtual Threads For ‘Pure Performance’
    • March 29, 2023
  • 3
    2022 State Of DevOps Report Data Deep Dive: Good Team Culture
    • March 29, 2023
  • 4
    Google Data Cloud & AI Summit : In Less Than 12 Hours From Now
    • March 29, 2023
  • 5
    A 5-Minute Tour Of The Fediverse
    • March 28, 2023
  • 6
    Bringing Observability To Cloud Security
    • March 28, 2023
  • 7
    How AI Can Improve Digital Security
    • March 27, 2023
  • 8
    Docker’s Bad Week
    • March 27, 2023
  • 9
    My First Pull Request At Age 14
    • March 24, 2023
  • 10
    AWS Chatbot Now Integrated Into Microsoft Teams
    • March 24, 2023
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    Introducing GPT-4 In Azure OpenAI Service
    • March 21, 2023
  • 2
    IBM And Fundación Ikerbasque Partner To Launch Groundbreaking Quantum Computational Center
    • March 24, 2023
  • 3
    Cleveland Clinic And IBM Unveil First Quantum Computer Dedicated To Healthcare Research
    • March 20, 2023
  • 4
    Verify POST Endpoint Availability With Uptime Checks
    • March 24, 2023
  • 5
    Oracle Cloud Infrastructure to Increase the Reliability, Efficiency, and Simplicity of Large-Scale Kubernetes Environments at Reduced Costs
    • March 20, 2023
  • /
  • Platforms
  • Architecture
  • Engineering
  • Programming
  • Tools
  • About

Input your search keywords and press Enter.