Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

Getting Started with Kubernetes Security: A Practical Guide for New Teams

Published 04/25/2025

Home
Industry Insights
Getting Started with Kubernetes Security: A Practical Guide for New Teams

Writtn by Ethan Chen, Expel.

 

Kubernetes continues to change how organizations build and scale applications. Originally born out of Google’s experience running distributed systems, Kubernetes—or K8s—has become the go-to tool for orchestrating containers across environments.

But like many powerful tools, Kubernetes brings a fair amount of complexity with it—especially when it comes to security.

I recently chatted with a fellow Expletive (that’s what we call ourselves here at Expel) about this very topic. In our conversation, I walked through what makes Kubernetes security so challenging, and more importantly, how security teams can get started in a way that sets them up for long-term success.

Video: Very important questions: How do I secure Kubernetes (K8s)?

Whether you’re standing up your first cluster or are tightening up your existing environment (or are, frankly, trying to educate a colleague on why your job is so stressful), hopefully this guide will prove valuable.

 

Why Kubernetes is hard to secure

Before we dig into some practical ways to harden your Kubernetes environment, let’s quickly cover off on some basics. Why is Kubernetes so difficult to secure?

Well, most traditional infrastructure is relatively stable—you’ve got fixed servers, static IP ranges, and predictable workloads. Kubernetes flips that model on its head.

The cloud is already ephemeral by nature, but Kubernetes dials that up significantly. Instead of a handful of VMs or services, you're now managing clusters (which include nodes), nodes (which include pods), pods (which include containers), and containers—all dynamically spinning up and down, sometimes within seconds, and any of which can include security vulnerabilities.

In the interview, Ben (the Expletive I was talking with) called it a “Russian doll nightmare”—and honestly, that’s not far off.

Here are a few reasons Kubernetes security is particularly tough:

  • Huge attack surface: Every node, pod, and API endpoint is a potential entry point.
  • Constant noise: With workloads in constant flux, it’s easy to miss real signals buried in routine activity.
  • Limited attribution: Containers come and go quickly, which makes it hard to tie events back to specific entities.

All of that means visibility and context are critical—but not easy to get right.

 

A simple framework for getting started

If you’re new to Kubernetes security, it can feel overwhelming. My advice? Start small and scale up. Trying to secure everything all at once usually leads to frustration—or worse, missed gaps.

Here’s the four-stage framework I like to use when helping teams begin their journey:

 

1. Start with a test case

Don’t try to move every app into Kubernetes on day one. Pick one workload—something lower-risk—and use that as your sandbox. It gives you space to experiment, learn, and get your feet under you before making bigger decisions that impact your whole environment.

You’ll also get a much better sense of what your security (and operational) strategy needs to look like before going wider.

 

2. Prioritize visibility

You can’t secure what you can’t see. Before enforcing controls, you need to build observability into your environment.

That means more than just turning on logs. You want real-time visibility into what’s running, what’s changing, and how services are communicating. That context makes it possible to detect misconfigurations, spot suspicious behavior, and understand the full story behind any alert.

Think of it as your foundation—without it, the rest of your security program is on shaky ground.

 

3. Tighten up your configurations

Once you’ve got visibility, the next step is addressing misconfigurations. Kubernetes is incredibly flexible, which is both a blessing and a curse. It’s easy to make small mistakes that create big vulnerabilities.

Start by defining templates (or blueprints) for how you want clusters to be configured. From there, use tooling to catch common risks—like containers running with elevated privileges, overly permissive network policies, or outdated images.

The earlier you set guardrails, the easier it becomes to scale securely.

 

4. Lock down access with least privilege

Last but not least, focus on who (and what) has access to what. Kubernetes offers a lot of control mechanisms here—you just have to use them.

Start with RBAC to make sure users and service accounts only have the permissions they need. Then go deeper: look at how your workloads are configured, what privileges they request, and whether they’re operating inside tight runtime profiles.

At this stage, it’s also worth exploring tools like security contexts, seccomp profiles, and admission controllers to help enforce policies and catch problems before they hit production.

Take your time here. Test changes in your sandboxed workload before applying them across the board.

 

Kubernetes is powerful—for you and your adversaries

Kubernetes is an incredibly powerful platform. That’s what makes it so valuable to developers—and so appealing to attackers.

A well-configured cluster can help your team move faster, ship safer, and adapt to change. But if you leave doors open, bad actors can exploit those same features to run cryptojacking campaigns, exfiltrate data, or move laterally inside your environment. (Remember the Tesla breach from a few years back? That happened in a Kubernetes cluster.)

That’s why a thoughtful, layered defense matters. The more you understand how Kubernetes components work together, the easier it becomes to define your attack surface—and design the right monitoring and response strategies to protect it.

 

Final thoughts

Kubernetes adoption isn’t slowing down anytime soon. If anything, it’s becoming a core part of how modern organizations build and run software.

Security teams don’t need to be Kubernetes experts overnight—but they do need a plan.

Start small. Invest in visibility. Lock down misconfigurations and access. And most importantly, give yourself room to experiment and learn before you scale.

Looking for more Kubernetes resources?

  • For beginners: I recommend checking out a long-form, two-part guide our team recently produced. 
  • For active K8s defenders: I recommend this Kubernetes Mind Map that connects Kubernetes to MITRE ATT&CK tactics.

Bottom line, you don’t have to solve the whole “Russian doll nightmare” in one go. But with the right mindset, you can turn complexity into a competitive advantage.

 

About the Author

author headshotEthan Chen is an expert in cloud security, particularly within the context of emerging AI/ML threats. He leads cloud strategy at Expel, an enterprise threat detection & response service used by clients like Visa, Delta, and Uber. Previously, Ethan shaped security practices at Fortune 500 companies as a cybersecurity consultant at PwC, safeguarding services used by millions worldwide. Ethan prioritizes community building, digital privacy, and impact at scale, values he suffuses in all of his work.

DevSecOpsTacticalTop ThreatsTransitioning to the cloudZero Trust

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Managed Business Continuity Cloud Solutions
Read the State of SaaS Security Report 2025
Register now to attend this free Summit, June 11–12!
Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates

Enhance your cloud security skills with CSA's online training options.
Related Articles:
Understanding Zero Trust Security Models - A Beginners Guide

Published: 04/24/2025

Forging Robust Cloud Defenses for Modern Businesses

Published: 04/23/2025

Virtual Patching: How to Protect VMware ESXi from Zero-Day Exploits

Published: 04/21/2025

The Five Keys to Choosing a Cloud Security Provider

Published: 04/21/2025