Lessons learned securing Kubernetes in the cloud

Until recently, our global reinsurance company utilized a traditional on-prem infrastructure, relying solely on our own hardware at several disparate data centers spread around the world. However, we recognized that this infrastructure could delay some of our initiatives that demand more rapid application development and faster delivery of digital products and services.

This realization led us to pursue a new cloud infrastructure and new deployment processes for several workloads that would increase automation, reduce complexity, and support lean and agile operations. Naturally, security was top of mind as well. Moving some of our critical workloads from our huge singular network to the cloud, we needed to ensure our new environment could be continually hardened against potential threats.

Selecting a cloud, open source, and Kubernetes

The goal for my architecture team was to create small network deployments in the cloud whose resources would ultimately be owned by other teams. In this enabler role, we would provide the infrastructural basis for teams to achieve rapid deployments of innovative applications and get to market fast.

Our company is a Microsoft shop, so the choice to establish our new cloud infrastructure in Microsoft Azure was clear. Our next choice was to move to microservices-based applications, eyeing the possibilities of automation and both infrastructure as code and security as code.

While our security officers were initially wary of open source solutions, vetting cloud tools quickly led us to the realization that the best options out there are all open source. (Security concerns around open source, in my view, are outdated. Robust technologies with strong communities behind them are as secure, if not more so, than proprietary solutions.) The budgets of the projects our cloud infrastructure would support had to be factored in as well, incentivizing us away from proprietary licensing fees and lock-in. This made our commitment to open source a natural choice. 

To orchestrate our microservices infrastructure, my team was eager to try out Kubernetes. However, our first project involved work for a team that insisted on using licensed Docker Swarm, a popular option just before Kubernetes’s meteoric rise. We completed the project using Docker Swarm, with the arrangement that we could then experiment with putting Kubernetes to the same task. This comparison clearly proved Kubernetes as the superior choice for our needs. We then used Kubernetes for all subsequent projects.

Copyright © 2021 IDG Communications, Inc.

Source link