A new report from Tenable Cloud Research has found that organisations worldwide, including those in the Asia-Pacific (APAC) region, face growing security risks in their Kubernetes environments. As more businesses adopt Kubernetes to manage cloud infrastructure, many are failing to secure their systems, leaving them vulnerable to cyberattacks.
The 2024 Tenable Cloud Risk Report highlights that the widespread use of containerised applications, combined with weak security controls, is exposing businesses to potential data breaches, service outages, and unauthorised access to critical workloads.
“Kubernetes is the backbone of many cloud-native applications, but organisations in APAC are struggling to secure these environments properly,” said Ari Eitan, Research Director at Tenable. “Publicly exposed Kubernetes API servers and overprivileged containers are serious risks that leave businesses vulnerable to attacks. Without the right security measures in place, these misconfigurations can lead to catastrophic breaches.”
Key security threats in Kubernetes environments
The report identifies several major risks affecting Kubernetes deployments:
- Publicly accessible Kubernetes API servers: 78% of organisations have Kubernetes API servers exposed to the public internet, making them easy targets for cybercriminals. Of these, 41% allow inbound internet access, increasing the risk of unauthorised entry. Attackers can exploit these weak configurations to access sensitive systems and, in some cases, take control of entire cloud environments.
- Overuse of privileged containers: 44% of organisations run containers in privileged mode, granting them unrestricted access to the host system. This increases the risk of attackers escalating their privileges and gaining deeper access to the cloud infrastructure.
- Excessive cluster-admin permissions: 58% of organisations have cluster-admin role bindings, giving users and applications full control over Kubernetes environments. If attackers gain access to these roles, they can modify workloads, extract sensitive data, or even disrupt entire systems.
How businesses can secure Kubernetes environments
To reduce these security risks, Tenable recommends that organisations implement the following best practices:
- Limit Kubernetes API exposure: Ensure API servers are not publicly accessible. Use firewall and security group rules to restrict inbound traffic and segment networks to isolate sensitive workloads.
- Minimise privileged containers: Avoid running containers in privileged mode unless absolutely necessary. Follow industry security guidelines such as the CIS Kubernetes Benchmark and NIST recommendations to restrict container access to host resources.
- Strengthen role-based access control (RBAC): Regularly review and tighten permissions for cluster-admin roles. Implement the principle of least privilege by assigning only the necessary access rights to users and service accounts.
- Conduct regular security audits: Perform frequent security reviews of Kubernetes configurations to identify and fix misconfigurations. Disable anonymous access to the Kubelet API and encrypt all communications within the cluster.
“The growing adoption of Kubernetes is a double-edged sword. While it offers great agility for cloud operations, it also introduces a new layer of complexity and security risks. APAC businesses must prioritise Kubernetes security, particularly by closing exposure gaps and enforcing strict access controls. Proactive measures today will protect organisations from becoming tomorrow’s headline breaches,” added Eitan.
