Kubernetes - AWS Case Study - Application Security

Staying ahead of the game

The disruptor leveraging
Accelera’s security expertise

How do you leverage bleeding edge technology without losing disruptive momentum?

This is the key question for a well recognised disruptive brand, and one of the world’s fastest growing software as a service (SaaS) companies.

The details and quotes in this case study are factual and accurate, however it has been requested that we anonymise the story.

Pioneering users of containerisation

Baked into its culture, this SaaS company is constantly on the lookout for new and exciting ways to improve. As part of the innovative process, the Platforms team started experimenting with containerisation, specifically Kubernetes towards the end of July 2018.

For the few first months, they worked in a discovery phase, reviewing and testing various off-the-shelf and open source tools on the market. With three years of experience in Amazon Web Services (AWS), the company saw the benefits and settled on Amazon Elastic Kubernetes Service (EKS), AWS’ fully managed Kubernetes service.

As a result of their successful global roll out of Kubernetes, the company was invited to speak at Kube Forum Sydney 2019, having been recognised as a pioneer in the industry.

Company:
(Anonymised on request)

Industry:
Software as a Service
Highly regulated

Challenge:
Limited internal expertise in Kubernetes security best-practice (bleeding edge tech)

Solution:
Security Assessment
Consulting
AWS
Kubernetes

Disruptive mindset: “Customer- Centricity is at the heart of what we do. We actively engage with our customers to ensure that we’re meeting and exceeding their expectations. We are data-driven and don’t do things ‘by gut feel’, which means that we need the best technology to allow us to implement data-driven decisions quickly and remove any distractions that hold us back from concentrating on building the best for our customers.”

The Requirement:

Striving for excellence in security

As an organisation operating in a highly regulated space, the security of the platform, customers’ data, and internal data is critical. The Platform team works closely with the Security team to ensure that the development process is robust, resilient and meets all internal and external compliance requirements – and the Kubernetes project was no exception.

The success of the roll out meant that there was more demand to build using Kubernetes. To support and encourage innovation, the company needed to optimise their security process and empower teams to consistently make the right choices when it came to security best-practices. This would enable them to continue to build on the success of the Kubernetes roll out with confidence and agility.

With Kubernetes being a relatively new piece of technology, time pressure, and the Security team stretched across other critical points within the wider organisation, the Platform and Security teams didn’t necessarily have the bandwidth to work on developing a robust security framework for the company’s Kubernetes environment.

The Solution:

Kubernetes Security Assessment project

Given the lack of in-depth internal expertise, a specialist partner was fundamental to assist in developing a Kubernetes specific security best practices framework.

In addition, this partner had to possess the experience and capabilities to perform an in-depth security review of the Kubernetes deployment and Kubernetes Cloud Platform (Amazon EKS). The evaluation needed to provide an analysis of the company’s security posture, and include a remediation plan and best-practice guidelines.

In January 2020, Accelera was engaged to complete the 25-day Kubernetes Security Assessment project.

The Accelera approach

Accelera’s unique approach is focused on a real-world view that provides security, architectural and operational insights into running a cluster in production. The assessment evaluated three major scenarios:

An external attacker without access to a client application
An external attacker with access to a client application
An internal attacker with access to a cluster

Within each scenario, Accelera applied practical penetration testing and application security analysis – incorporating industry standards such as the CIS Kubernetes Benchmark guide and the AWS EKS Best Practice Security guide.

The team also leveraged Aqua Security’s Kube-bench, Kube-hunter and Enterprise products, and in turn contributed back to the tools and guides. Accelera’s knowledge and experience across AWS, Kubernetes and DevOps was crucial to providing the depth and insight needed in the report

Kubernetes security assessment

Rather than requiring replication of all the company Kubernetes environments as originally anticipated, Accelera was confident that through their experience in AWS and Kubernetes, they were able to capture all of the specifics within the replication of a single cluster – saving the company money and time.

Over the course of 25 days, Accelera applied a multilayered lens to the AWS and Kubernetes environment and evaluated several key areas, including Networking, Cryptography, Secrets Management, Authentication, Authorization and Multi-tenancy isolation.

Whilst the Accelera team was able to assess Kubernetes workloads on Linux using industry guidelines such as NIST & CIS, at the time of the engagement, no publicly available guidelines existed for Windows Kubernetes Security. Instead, Accelera applied its own Kubernetes Best Practice for Windows Security guide.

A roadmap to success

A comprehensive report was delivered to the company at the end of the engagement, detailing areas to prioritise and strengthen, with recommendations and guidelines to implement these improvements.

“We were blown away by the detail and quality of the report. Accelera didn’t just provide us a list of things to ‘go and fix’, they exceeded our expectations and provided recommendations on how each point could be integrated into specific processes.

Accelera’s unique ‘outside in’ methodology, combined with their depth of knowledge in AWS and Kubernetes, gave us the depth of insight and information that I don’t think we would have got if we partnered with another A/NZ organisation.”

The Results:

Successful Outcomes

Scroll across to find out how this company benefited from working with Accelera:

Validation and confidence

The extensive security assessment provided the company’s Platform and Security teams with validation that the teams had the right principles in place. The analysis identified areas for improvement, and Accelera worked through the findings with the company’s team to ensure there was an understanding of the issues and confidence to implement the remediation plans.

Clear and actionable findings

The report outlined specific areas within the Kubernetes-AWS environment that needed to be addressed, and provided expert guidance on how the recommendations could be implemented within the company’s processes and environment. The way in which the report was designed meant that the company’s teams were able to swing into action quickly and effectively.

Empowering talent with knowledge

Empowering and enabling talent is a core part of the culture. Prior to the engagement Engineers had certifications in Kubernetes and AWS, and in working with Accelera they have built on their Kubernetes-AWS knowledge through a security and cloud best-practices lens.

Innovation backed by a best-practice security framework

With Customer-centricity at the heart of their innovative process, the company’s Platform and Security teams now have a best practice security framework that provides the assurance and confidence to experiment and innovate faster and better using Kubernetes.

Previous slide

Next slide

The Future:

Looking ahead

The company is now well-placed to take the findings to their technical, operational and policy areas and continue to innovate rapidly within a highly regulated sector. Accelera is pleased to be able to continue assisting the company with its cloud-native journey.

“You never know what you don’t know, so don’t be afraid to seek help when you need it – whether be from colleagues, connections or industry partners.

We’ve forged a fantastic relationship with Matt and the team at Accelera, and we look forward to our continued partnership.”

Contact us for more information

If you have any questions, please feel free to contact us.
We’d love to speak to you about your next project.