Showing only posts tagged Containers & Kubernetes. Show all posts.

Improve your security posture with expanded Custom Org Policy

Source

When it comes to securing cloud resources, one of the most important tools for administrators is the ability to set guardrails for resource configurations that can be applied consistently across the environment, centrally managed, and safely rolled out. Google Cloud's custom Organization Policy is a powerful tool that can …

Make IAM for GKE easier to use with Workload Identity Federation

Source

At Google Cloud, we work to continually improve our platform’s security capabilities to deliver the most trusted cloud. As part of this goal, we’re helping our users move away from less secure authentication methods such as long-lived, unauditable, service account keys towards more secure alternatives when authenticating …

Create a powerful Kubernetes security duo with Custom Org Policy and Policy Controller

Source

To help customers implement defense in depth strategies, Google Cloud offers multiple layers of centralized resource governance controls that can help organizations securely scale their Google Cloud adoption across thousands of projects, APIs, and developers. These controls can help administrators strengthen security and support compliance across their entire org …

Level up your Kubernetes security with the CIS GKE Benchmarks

Source

Compliance efforts can feel like a challenging endeavor in most organizations. Engineering teams routinely don’t understand how often-confusing requirements will actually make the organization more secure. Sometimes, even the words that define compliance requirements can be hard to comprehend. The entire exercise can feel overwhelming, like being on …

How to strengthen supply chain security with GKE Security Posture

Source

The security of the software supply chain is a complex undertaking for modern enterprises. Securing the software supply chain, particularly build artifacts like container images, is a crucial step in enhancing overall security. To provide built-in, centralized visibility into your applications, we are introducing software supply chain security insights …

Move-in ready Kubernetes security with GKE Autopilot

Source

Creating and managing the security of Kubernetes clusters is a lot like building or renovating a house. Both require making concessions across many areas when trying to find a balance between security, usability and maintainability. For homeowners, these choices include utility and aesthetic options, such as installing floors, fixtures …

Wrangle your alerts with open source Falco and the gcpaudit plugin

Source

Monitoring microservices in the cloud has become an increasingly cumbersome exercise for teams struggling to keep pace with developers’ rapid application release velocity. One way to make things easier for overloaded security teams is to use the open-source runtime security platform Falco to quickly identify suspicious behavior in Linux …

GKE Enterprise, the next evolution of container platforms, is now generally available

Source

Today, we are thrilled to announce that GKE Enterprise, the premium edition of GKE, will be generally available on November 15, 2023. With GKE Enterprise, companies can increase development and deployment velocity across multiple teams, easily and securely run their most important business-critical workloads, and reduce total cost of …

Introducing Advanced Vulnerability Insights for GKE

Source

Detecting vulnerabilities in open-source software requires a holistic approach, and security best practices recommend scanning early and often throughout your development lifecycle to help maintain an effective security posture. However, only scanning in the CI/CD pipeline or registry can miss artifacts and containers that are deployed to production …

New custom security posture controls and threat detections in Security Command Center

Source

Security Command Center Premium, Google Cloud’s built-in security and risk management solution, provides out-of-the-box security controls for cloud posture management and threat detection. As our customers build more complex environments with different risk profiles, cloud security teams may need to monitor for specific conditions and threats not covered …

Expanding GKE posture: Policy Controller violations now in Security Command Center

Source

Customers using Kubernetes at scale need consistent guardrails for how resources are used across their environments to improve security, resource management, and flexibility. Customers have told us that they need an easy way to apply and view those policy guardrails, so we launched the Policy Controller dashboard and added …

GKE Security Posture dashboard now generally available with enhanced features

Source

We are excited to announce that the Google Kubernetes Engine (GKE) Security Posture dashboard is now generally available. The interface is designed to streamline the security management of your GKE clusters, and now includes a range of powerful features such as misconfiguration detection and vulnerability scanning to help ensure …

How to solve customer challenges when security patching Google Kubernetes Engine

Source

Editor's note: This blog post has been adapted from the April 2023 Threat Horizons Report. Cloud customers are increasingly running their compute workloads in Kubernetes clusters due to the availability, flexibility, and security they provide. Just like other IT assets, these clusters need to be routinely patched to keep …

Workload Identity for GKE made easy with open source tools

Source

Google Cloud offers a clever way of allowing Google Kubernetes Engine (GKE) workloads to safely and securely authenticate to Google APIs with minimal credentials exposure. I will illustrate this method using a tool called kaniko. What is kaniko? kaniko is an open source tool that allows you to build …

How to improve your Kubernetes security posture with GKE Dataplane V2 network policies

Source

As more organizations adopt Kubernetes, they also embrace new paradigms for connecting and protecting their workloads. Relying on perimeter defense alone is no longer an effective strategy. With microservice architecture patterns continuing to evolve rapidly, it is imperative that organizations adopt a defense-in-depth strategy to keep their applications and …

Improved gVisor file system performance for GKE, Cloud Run, App Engine and Cloud Functions

Source

Flexible application architectures, CI/CD pipelines, and container workloads often run untrusted code and hence should be isolated from sensitive infrastructure. One common solution has been to deploy defense-in-depth products (like GKE Sandbox which uses gVisor ) to isolate workloads with an extra layer of protection. Google Cloud’s serverless …

Announcing new GKE functionality for streamlined security management

Source

At Google Cloud, we’re driven by a vision of invisible security, where advanced security capabilities are engineered into our platforms, operations are simplified, and stronger security outcomes can be achieved. As we pursue this ideal, we want to help make security easier to use and manage. Our new …

Introducing Custom Organization Policy for GKE to harden security

Source

Compliance officers and platform engineering teams often find it challenging to ensure security, manage consistency, and oversee governance across multiple products, environments, and teams. Google Cloud's Organization Policy Service can help tackle this challenge with a policy-based approach that simplifies policy administration across Google Cloud resources and projects. We …

Connect Gateway and ArgoCD: Deploy to Distributed Kubernetes

Source

Integrating your ArgoCD deployment with Connect Gateway and Workload Identity provides a seamless path to deploy to Kubernetes on many platforms. ArgoCD can easily be configured to centrally manage various cluster platforms including GKE clusters, Anthos clusters, and many more. This promotes consistency across your fleet, saves time in …

What GKE users need to know about Kubernetes' new service account tokens

Source

When you deploy an application on Kubernetes, it runs as a service account — a system user understood by the Kubernetes control plane. The service account is the basic tool for configuring what an application is allowed to do, analogous to the concept of an operating system user on a …

Announcing general availability of Confidential GKE Nodes

Source

Today, we’re excited to announce the general availability of Confidential GKE Nodes. Many organizations have made Google Kubernetes Engine (GKE) the foundation of their modern application architectures. While the benefits of containers and Kubernetes can outweigh that of traditional architectures, moving to and running those apps in the …

Updates coming for Authorized Networks and Cloud Run/Functions on GKE

Source

We recently received helpful information through the Vulnerability Rewards Program for Authorized Networks and Cloud Run/Functions on Google Kubernetes Engine (GKE). Based on that information, we updated our product documentation and prioritized a plan to make engineering changes to GKE to restrict access to only GKE-related services. Those …

Zero trust workload security with GKE, Traffic Director, and CA Service

Source

At the core of a zero trust approach to security is the idea that trust needs to be established via multiple mechanisms and continuously verified. Internally, Google has applied this thinking to the end-to-end process of running production systems and protecting workloads on cloud-native infrastructure, an approach we call …