Application development Cloud-Native Architecture Cloud-Native Development Cloud-Native Security Kubernetes Social - X Topics 

Kubernetes: The Silent Hero of Our Daily Digital Dependence

, , ,
by Brooke Motta

Digital tools and applications are such an ingrained part of our daily lives that an ordinary Saturday might look like this: Listen to a podcast on Spotify while getting ready. Follow the traffic signals to safely walk the kids to the park. While they play on the playground, you scroll through The New York Times, Pinterest or Reddit. Check your account balance on your bank’s mobile app to see if you can afford that vintage jacket on eBay. There’s unexpected rain, so you take an Uber home and relax with some delivery DoorDash and a movie on Netflix. What most people don’t realize is that there’s one technology that’s the backbone of all these services and apps we rely on every day. That technology is Kubernetes.

When the CNCF surveyed developers, 96% said they were either using or planning to use Kubernetes. Its impact on our daily lives is profound, even if it largely operates behind the scenes. Google originally developed Kubernetes in 2014, then donated it as a seed technology for the founding of the CNCF in 2015. Google continues to actively use and develop the project.

What is Kubernetes?

In the most basic terms, Kubernetes is a platform used to help engineers deliver new, useful application features quickly. It enables the development of countless online services and applications, ensuring that they can adapt and scale to meet our growing requirements during peak demand while maintaining high levels of reliability and availability. When your order on eBay is processed quickly, or your doctor can access your digital medical records for a telehealth visit, Kubernetes is a major part of making that happen.

If you haven’t heard of Kubernetes, you’re not alone. Outside of developers and engineers, most people haven’t. Kubernetes is like a head chef in a restaurant. It is the boss of operations, directing the flow of the other staff in the restaurant, like the sous chef and waiters, managing requests, schedules and food supply (aka compute power). Whether a head chef is ultimately successful or not based on the timely delivery of quality meals to customers, Kubernetes’ end product is the application that you interact with to run your daily life. Customers typically do not see the head chef, who is hard at work behind the scenes. The same is true for Kubernetes.

Why is Kubernetes so popular? It directs internet traffic to the right places, making sure no single server gets overwhelmed. If a website suddenly gets a lot of traffic (from, say, a viral video or Black Friday sale), Kubernetes can quickly add more servers to handle all the visitors and then remove them when the traffic slows down. If one of the servers has a problem, Kubernetes can move apps to another healthy server automatically so that websites or apps don’t go down. It also lets companies update apps without causing downtime–like changing the engine of a car while it’s still driving. The most successful companies in the world depend on Kubernetes to keep their products running smoothly.

How Secure is Kubernetes?

Our dependence on technology has, of course, come with some cost. Even someone who isn’t very active online is affected by the data breaches and attacks that are always making news. Recently, attackers stole user data from 23andMe, a DNA testing company that houses some of the most sensitive personal data on the internet. A hacker also stole sensitive files from identity and access giant Okta, which resulted in intrusions at password manager maker 1Password.

And even though engineers have made Kubernetes the center of their daily development, there is still much to be done before security catches up to the trend.

Kubernetes is either an attacker’s best friend or a developer’s most effective limit on the blast radius of an attack because of the processes and actions it directs across application infrastructure. For example, if a company follows best practices guidelines, like the Kubernetes OWASP Top 10, to lock down permissions and the kinds of risk that are or aren’t allowed in the environment, even the worst, most vulnerable web application hosted in Kubernetes would suffer no ill consequences. Alternatively, a company could have pristine web applications and a robust vulnerability management program but leave its Kubernetes API open, and the entire environment would be exposed. Attackers could do almost anything they wanted.

At the end of the day, it is the demand for better, more useful and resilient digital applications and products that drive the adoption of Kubernetes. In parallel, this increasing adoption makes the need to secure Kubernetes more critical every day. Customers concerned with the security of their data should demand top-notch Kubernetes security, that compliance regulators include Kubernetes in their audits, and for companies to show proof of their efforts. We all demand certain security standards for the cars we drive, the airplanes we fly in and even the food we eat. Kubernetes has become just as ubiquitous – shouldn’t we demand the same with the tool managing the data used to run the money, transactions and information exchanges required for our daily lives?

Brooke Motta

Brooke Motta is CEO and co-founder of KSOC. Brooke is a dynamic leader in the cybersecurity industry who has scaled companies from seed to IPO. Brooke recognized the exponential growth in Kubernetes adoption as an opportunity to provide real-time security products as enterprise teams look to scale. Her decades of skilled leadership include executive positions at Sonatype, Wallarm, Bugcrowd and Rapid7.

Brooke Motta has 1 posts and counting. See all posts by Brooke Motta