Tuesday, 1 April 2025
30.2 C
Singapore
34.5 C
Thailand
24.9 C
Indonesia
27.2 C
Philippines

Tenable research reveals major security risks in Kubernetes environments

Tenable's latest report finds that 78% of organisations have publicly exposed Kubernetes API servers, increasing cyber risks. Hereโ€™s how businesses can secure their environments.

A new report from Tenable Cloud Research has found that organisations worldwide, including those in the Asia-Pacific (APAC) region, face growing security risks in their Kubernetes environments. As more businesses adopt Kubernetes to manage cloud infrastructure, many are failing to secure their systems, leaving them vulnerable to cyberattacks.

The 2024 Tenable Cloud Risk Report highlights that the widespread use of containerised applications, combined with weak security controls, is exposing businesses to potential data breaches, service outages, and unauthorised access to critical workloads.

โ€œKubernetes is the backbone of many cloud-native applications, but organisations in APAC are struggling to secure these environments properly,โ€ said Ari Eitan, Research Director at Tenable. โ€œPublicly exposed Kubernetes API servers and overprivileged containers are serious risks that leave businesses vulnerable to attacks. Without the right security measures in place, these misconfigurations can lead to catastrophic breaches.โ€

Key security threats in Kubernetes environments

The report identifies several major risks affecting Kubernetes deployments:

  • Publicly accessible Kubernetes API servers: 78% of organisations have Kubernetes API servers exposed to the public internet, making them easy targets for cybercriminals. Of these, 41% allow inbound internet access, increasing the risk of unauthorised entry. Attackers can exploit these weak configurations to access sensitive systems and, in some cases, take control of entire cloud environments.
  • Overuse of privileged containers: 44% of organisations run containers in privileged mode, granting them unrestricted access to the host system. This increases the risk of attackers escalating their privileges and gaining deeper access to the cloud infrastructure.
  • Excessive cluster-admin permissions: 58% of organisations have cluster-admin role bindings, giving users and applications full control over Kubernetes environments. If attackers gain access to these roles, they can modify workloads, extract sensitive data, or even disrupt entire systems.

How businesses can secure Kubernetes environments

To reduce these security risks, Tenable recommends that organisations implement the following best practices:

  • Limit Kubernetes API exposure: Ensure API servers are not publicly accessible. Use firewall and security group rules to restrict inbound traffic and segment networks to isolate sensitive workloads.
  • Minimise privileged containers: Avoid running containers in privileged mode unless absolutely necessary. Follow industry security guidelines such as the CIS Kubernetes Benchmark and NIST recommendations to restrict container access to host resources.
  • Strengthen role-based access control (RBAC): Regularly review and tighten permissions for cluster-admin roles. Implement the principle of least privilege by assigning only the necessary access rights to users and service accounts.
  • Conduct regular security audits: Perform frequent security reviews of Kubernetes configurations to identify and fix misconfigurations. Disable anonymous access to the Kubelet API and encrypt all communications within the cluster.

“The growing adoption of Kubernetes is a double-edged sword. While it offers great agility for cloud operations, it also introduces a new layer of complexity and security risks. APAC businesses must prioritise Kubernetes security, particularly by closing exposure gaps and enforcing strict access controls. Proactive measures today will protect organisations from becoming tomorrowโ€™s headline breaches,” added Eitan.

Hot this week

Microsoft removes Windows 11 loophole for skipping account setup

Microsoft is blocking a well-known workaround that lets you set up Windows 11 without a Microsoft account, enforcing stricter installation rules.

Canon introduces ultra-wide RF20mm f/1.4L VCM lens for hybrid shooters

Canon announces its widest VCM lens yet with the RF20mm f/1.4L VCM, designed for hybrid shooting with outstanding optics and video features.

The Tesla Model Y now comes in a 110kW version that qualifies for Cat A COE

Tesla launches the Model Y 110 in Singapore, a budget-friendly EV with Cat A COE. Discover its features, price, and availability.

Sony unveils WF-C710N earbuds with improved battery life and noise cancellation

Sony announces the WF-C710N earbuds, which offer better battery life and noise cancellation, and new colours for the WH-CH720N and WH-CH520 headphones.

LinkedIn: How AI is reshaping hiring and workforce strategies in 2025

Discover how AI is transforming hiring and workforce strategies in 2025, from skills-based recruitment to internal mobility and continuous learning.

This tiny and affordable device upgrades any speaker with Wi-Fi streaming and hi-res audio

The Atonemo Streamplayer is a tiny, affordable device that adds Wi-Fi streaming and hi-res audio support to any speaker with a 3.5mm aux port.

Apple prepares for M5 iPad Pro and MacBook Pro release

Apple is set to launch the M5 iPad Pro and MacBook Pro in late 2024, with the M6 models expected to introduce an in-house modem in 2027.

MacBook Pro design overhaul expected in 2026

Apple might release a long-awaited MacBook Pro redesign in 2026, with OLED screens, improved portability, and more features.

Chinese EV makers urged to expand globally despite tariff challenges

Chinese EV makers are urged to expand globally despite rising tariffs. Industry experts stress the need for overseas production and strategic partnerships.

Related Articles