Staying ahead of the game
The disruptor leveraging
Accelera’s security expertise
How do you leverage bleeding edge technology without losing disruptive momentum?
This is the key question for a well recognised disruptive brand, and one of the world’s fastest growing software as a service (SaaS) companies.
The details and quotes in this case study are factual and accurate, however it has been requested that we anonymise the story.
Pioneering users of containerisation
Baked into its culture, this SaaS company is constantly on the lookout for new and exciting ways to improve. As part of the innovative process, the Platforms team started experimenting with containerisation, specifically Kubernetes towards the end of July 2018.
For the few first months, they worked in a discovery phase, reviewing and testing various off-the-shelf and open source tools on the market. With three years of experience in Amazon Web Services (AWS), the company saw the benefits and settled on Amazon Elastic Kubernetes Service (EKS), AWS’ fully managed Kubernetes service.
As a result of their successful global roll out of Kubernetes, the company was invited to speak at Kube Forum Sydney 2019, having been recognised as a pioneer in the industry.
(Anonymised on request)
Software as a Service
Limited internal expertise in Kubernetes security best-practice (bleeding edge tech)
Disruptive mindset: “Customer- Centricity is at the heart of what we do. We actively engage with our customers to ensure that we’re meeting and exceeding their expectations. We are data-driven and don’t do things ‘by gut feel’, which means that we need the best technology to allow us to implement data-driven decisions quickly and remove any distractions that hold us back from concentrating on building the best for our customers.”
Striving for excellence in security
As an organisation operating in a highly regulated space, the security of the platform, customers’ data, and internal data is critical. The Platform team works closely with the Security team to ensure that the development process is robust, resilient and meets all internal and external compliance requirements – and the Kubernetes project was no exception.
The success of the roll out meant that there was more demand to build using Kubernetes. To support and encourage innovation, the company needed to optimise their security process and empower teams to consistently make the right choices when it came to security best-practices. This would enable them to continue to build on the success of the Kubernetes roll out with confidence and agility.
With Kubernetes being a relatively new piece of technology, time pressure, and the Security team stretched across other critical points within the wider organisation, the Platform and Security teams didn’t necessarily have the bandwidth to work on developing a robust security framework for the company’s Kubernetes environment.
Kubernetes Security Assessment project
Given the lack of in-depth internal expertise, a specialist partner was fundamental to assist in developing a Kubernetes specific security best practices framework.
In addition, this partner had to possess the experience and capabilities to perform an in-depth security review of the Kubernetes deployment and Kubernetes Cloud Platform (Amazon EKS). The evaluation needed to provide an analysis of the company’s security posture, and include a remediation plan and best-practice guidelines.
In January 2020, Accelera was engaged to complete the 25-day Kubernetes Security Assessment project.
The Accelera approach
Accelera’s unique approach is focused on a real-world view that provides security, architectural and operational insights into running a cluster in production. The assessment evaluated three major scenarios:
- An external attacker without access to a client application
- An external attacker with access to a client application
- An internal attacker with access to a cluster
Within each scenario, Accelera applied practical penetration testing and application security analysis – incorporating industry standards such as the CIS Kubernetes Benchmark guide and the AWS EKS Best Practice Security guide.
The team also leveraged Aqua Security’s Kube-bench, Kube-hunter and Enterprise products, and in turn contributed back to the tools and guides. Accelera’s knowledge and experience across AWS, Kubernetes and DevOps was crucial to providing the depth and insight needed in the report
Kubernetes security assessment
Rather than requiring replication of all the company Kubernetes environments as originally anticipated, Accelera was confident that through their experience in AWS and Kubernetes, they were able to capture all of the specifics within the replication of a single cluster – saving the company money and time.
Over the course of 25 days, Accelera applied a multilayered lens to the AWS and Kubernetes environment and evaluated several key areas, including Networking, Cryptography, Secrets Management, Authentication, Authorization and Multi-tenancy isolation.
Whilst the Accelera team was able to assess Kubernetes workloads on Linux using industry guidelines such as NIST & CIS, at the time of the engagement, no publicly available guidelines existed for Windows Kubernetes Security. Instead, Accelera applied its own Kubernetes Best Practice for Windows Security guide.
A roadmap to success
A comprehensive report was delivered to the company at the end of the engagement, detailing areas to prioritise and strengthen, with recommendations and guidelines to implement these improvements.
“We were blown away by the detail and quality of the report. Accelera didn’t just provide us a list of things to ‘go and fix’, they exceeded our expectations and provided recommendations on how each point could be integrated into specific processes.
Accelera’s unique ‘outside in’ methodology, combined with their depth of knowledge in AWS and Kubernetes, gave us the depth of insight and information that I don’t think we would have got if we partnered with another A/NZ organisation.”
Scroll across to find out how this company benefited from working with Accelera:
The company is now well-placed to take the findings to their technical, operational and policy areas and continue to innovate rapidly within a highly regulated sector. Accelera is pleased to be able to continue assisting the company with its cloud-native journey.
“You never know what you don’t know, so don’t be afraid to seek help when you need it – whether be from colleagues, connections or industry partners.
We’ve forged a fantastic relationship with Matt and the team at Accelera, and we look forward to our continued partnership.”
Contact us for more information
If you have any questions, please feel free to contact us.
We’d love to speak to you about your next project.