Categories

see all

Who is keeping your cloud native stack secure?

Mar 5, 2019

Survey after survey is showing that 70% of organizations are using cloud infrastructure. The last bits of the late majority will be joining this year and the laggards will come within a few years. Regardless of the stage of a company’s cloud native journey, security still remains an issue. The same survey states that security ranks as first priority with enterprises.

At Giant Swarm we pay close attention to the need for security. Last year we shared a 5 part series about security on our blog (I, II, III, IV, V). It presented some of the basics and our philosophy when it comes to security.

So…we talk the talk, great! What is important to our customers is that we also walk the walk.

In December 2018, a severe vulnerability was discovered in the Kubernetes API server. It allowed an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster.

The details of the vulnerability were discussed at length in the Kubernetes community. The chain of events is well documented across GitHub and Google Groups. Other contributors to the Kubernetes ecosystem provided analyses of the problem. One could easily find information about the problem, its identification and suggested mitigation.

The recommendation was to upgrade Kubernetes and new releases that included the fix were created for all active versions (v1.10.11, v1.11.5, v1.12.3). Earlier versions, did not receive an upgrade, so their upgrade deficit grew to include a security vulnerability.

At Giant Swarm, we were ready to upgrade all our customers to the secure version the next day. Regardless of the Kubernetes version, or the cloud provider. Customers on AWS, Azure, and on-premises, were all proactively notified of the vulnerability and its solution. Most of our customers don’t have Kubernetes APIs exposed to the public internet. Still, all benefited from a quick and transparent upgrade that allowed them to keep running their businesses - threat free.

This incident highlights how important it is to have several layers of security. But also that only with an automated update system, as well as the ability to quickly test and release upgrades, you and your business can really be safe.

Want to find out how the Giant Swarm Infrastructure deploys and scales Kubernetes Clusters? Request your free trial here by taking our survey and find out if you’re eligible.

You May Also Like

These Stories on Product

New: managing your fine-grained permissions image thumbnail
Product

New: managing your fine-grained permissions

We know you prefer the CLI, yet sometimes it’s too much work to figure things out. Enter the Giant Swarm web UI fine-grained permissions management.

Oshrat Nir
Sep 12, 2022
Tech

Announcing the Giant Swarm App Platform

We’re pleased to announce that the Giant Swarm App Platform is available. Read about The Giant Swarm Catalog and The Playground Catalog from Giant Swarm.

Chiara Cokieng
May 7, 2020
Product

FinTechs - watch out! How to make Kubernetes successful

FinTech is a relatively new, but rapidly expanding sector of the financial services industry. Put simply, FinTech is the application of technology to the provision of financial services and is increasingly playing a disruptive role in the way society consumes...

Oshrat Nir
Aug 20, 2019

Giant Swarm’s managed microservices infrastructure enables enterprises to run agile, resilient, distributed systems at scale, while removing the tasks related to managing the complex underlying infrastructure.

GET IN TOUCH
General: hello@giantswarm.io

CERTIFIED SERVICE PROVIDER

RESOURCES

Webinars
Documentation
Blog
Partners
Events
Legal

COMPANY

About Us
Product
Customers
Careers
Contact Us

PLATFORMS

AWS
Azure
OpenStack
Copyright © 2023 Giant Swarm GmbH. All Rights Reserved.