Hello. Good day. My name is Victor. And today I'll be taking you on a topic called encrypting your way to safety, data security in kubernetes. So kubernetes is a popular open source platform that is being used to deploy, scale and manage containerized because of its wild use, because of its good use, because of how flexible it is, and self healing, features it has. Cubanet is widely used across organizations. So in this particular presentation, we're looking at ways you can actually perform encryptions when your data is at rest, when your data is in transit and other security measures you can take to ensure that there is adequate data security in your cubanet environment. Okay, so Why is data security even important in in Kubernetes environments? Because Kubernetes being a platform that has, containerized applications, it actually has unique challenges. And for different organizations, from financial organizations to manufacturing organizations who use Kubernetes for their day to day activities when there's a data breach, this could lead to financial loss, but potentially not damage. And also legal consequences, different continents across the world have different data privacy laws. And if an organization doesn't take out time and take adequate technical measures, in place to secure data within the environment, especially customer data or personnel data or personnel identifiable data and information, then they could be liable to get, find and all that. So it's very important to take data security seriously when you're using a Kubernetes environment. So we're talking about that. And we're also talking about, we've also spoken about Compliance requirements. And also the fact that sensitive information, some people might be storing sensitive information within the Kubernetes environment. So you probably want to know why it isn't. This is also, these are some of the reasons why it's actually important for you to actually take your data security seriously from data breaches, which can also lead to a downtime to violating customer trust. to compliance requirements. So it's very important. Just a couple of slides and we'll be looking at the different aspects of, encrypting your data in kubernetes. In terms of encryption techniques around kubernetes, the common ones we have are symmetric encryption for symmetric encryption. For instance, you have, you use the same key for encrypting the resource. and also decrypting it. This makes the process a bit faster than what we have when than the asymmetric encryption with because with symmetric encryption, you use the same key to encrypt and you also use the same key to decrypt is faster and it provides some level of security. Then we also have another type of encryption called the asymmetric encryption where there's a different key for encryption and there's also a different key for decrypting the system, the resource You are trying to keep secure. It is more secure, but it has slower performance due to the fact that it takes like a longer time. Then we also have another type of encryption called the homomorphic encryption. Yeah. You can actually perform some computations on some, on the resource that is encrypted, even though without decrypting it. So that's another level of encryption. We have, this can help you to enhance your privacy and security. So for you to have access to a particular sensitive resource, you might actually perform some, you can perform some activities on that particular resource, but you wouldn't decrypt it before performing that particular process on it. So that is for homomorphic encryption. But in the next slides, we'll be looking at how to keep our data safe when in the kubernetes environment, when, sorry, when your data is unrest and when it is in transit in the next slides. So there's something called secure. There are different secure storage solutions for kubernetes. that are offered by different providers like AWS, Microsoft Azure, Google Cloud, Box, Dropbox and the likes. We have different secret management solutions in that can help you keep sensitive things like your API keys and your database credentials safe. You don't really want your database credentials to, you don't really want your database credentials to be open. And for everybody to access it, anyone who wants to access it, you want them to be safe. So there's a secrets management tool around that. There's also encrypted volumes where you can also have an encrypted storage to store sensitive data. We'll talk about this. This is around when your data is at rest, then there's also secure cloud providers. Okay. We have secure cloud providers. Like I mentioned, Google cloud storage, AWS, Microsoft Azure. They also provide secure storage solutions for different organizations. So how do you protect your data when your data is at rest? So one of the ways to, these are some ways, this are not, this is not all the way. The three we've listed here is not all the ways you can actually protect them. Protect your data when it has rest. This is just the high level view of how you can protect your data when it has rest. So we have the Dixie encryption. So when fiscal security is a concern when I talk about fiscal security, I'm talking about the environment where your cloud system is set up, when fiscal security is, compromised and somebody has access to your disk, you want to make sure that your disk is encrypted so that they don't, they will not have access to the files in your disk. The next level will be the file system encryption. So even though, if even though somebody is able to have access to your disk, The files in the disk are supposed to be encrypted, that's the file level, the file system encryption, then also have something called the data encryption within the storage layer. So this one talks about encrypting things around your database, encrypting things around your API keys, your system storage. Will be encrypted. So this your data that is as ready. This is data actually means that data, the type of data that are available when you are not, these are the data that is available when you are not actually, making like a transaction and all that, you have a static data, then. You have to also try to secure data when your data is in transit. Okay. That is when your data is moving from point A to point B. And there are a couple of ways to actually do this. One of the ways to actually secure data in transit between Kubernetes components, like your pods and your services, the pods in Kubernetes is the most basic unit of the Kubernetes system. And we also have services that define, how you can actually access The pods or a container, of pods, then, and the issue is that resources like pots and services are actually vulnerable to attacks like if dropping money in the middle attacks and interceptions and things like that. So one of the ways to actually secure your data would be to use what we'll call the transport layer security. The transport layer security protocol is a cryptographic protocol that provides. An encrypt that provides an encrypted communications between the pods and the services and it will provide some level of protection from malicious actors getting unauthorized access to your device, to your communications or to your data. Then taking it a step further, we have something called a mutual TLS, which is a mutual transport layer security. This deals Zero trust for the most for the mutual TLS. We have things that are authentication in this particular one. Like I said, it has to do with zero trust the sender, the client and the server, but then have to authenticate themselves through means such as maybe sending certificates, sign certificates and things like that to ensure that It is a right sender and it is a right receiver that is actually having access to the data. We also have things around network segmentation. This is can be managed around your network policy by the network administrator in Kubernetes and you can design your Kubernetes system in such a way that you can design, you can divide it to the front end, the back end and the database. With that, you can design in such a way that only the front end can back end and only the back end can interact with the database when you segment your network. It actually means that when somebody attacks a section of the network, all parts of your network will not be down. Because you've segmented just maybe your front end might be down, but the back end needs to be up and it's easier for you to be like resilient and actually come up again, so very important to have network segmentation when you're trying to secure your data in transit, very important to isolate certain parts of your network. Then we have. There are also other in terms of data security as a whole, there are practices, general practices around cubanet data security. Like I mentioned, zero trust. So you have the multi level. We talked about the mutual transport layer security, where we have zero security, where We treat all traffic as untrusted and it requires strict authentication. Like I said, we'll have, we'll describe the client, how to send the certificates and verify the senders and all that. Okay. The verified is the sender and all that. Then security auditing, they should be in one of the cutting edge practices for Kubernetes data security would be for you to have adequate for you to have adequate. Security auditing, where you can regularly monitor and log network security events, and check who logged into. And when, that would actually help you. We also have we also have automated security tools like Claire, SYN, SYNDX like Claire, SYNDX Encore, we have different types of automated security tools that can be deployed in to help you, do continuous monitoring, in order to help you stay on top of your security game within Kubernetes. Then what are the ways to actually fortify your Kubernetes? Then what are the ways to actually fortify your Kubernetes cluster against data breaches? The way to actually do this would be. Different. There are different ways to actually do this, but I brought out, I just listed five. So there are other high level ways to actually do this. One of the ways would be for access control. Remember the privilege of list, the principle of list privilege access, right? So where You only assign access to a sensitive resource if need be. Okay. Individuals who have no need to actually access the system should not be accessing the system. You have to regularly audit who actually has access to a resource. There should be security best practices like ensuring that you use strong passwords, multi factor authentication, and you should also update your secure update your system so that if there's a security patch that needs to be done, if there's a vulnerability somewhere the security patch is going to help you fix that vulnerability. And of course you need to also regularly scan for patches for the releases. I mentioned about things like systems like stack rocks uncle and likes, this can help you regularly monitor your systems. Okay. And you should also make sure that you. Get software that can help you monitor your security events, analyze for suspicious activities and the likes. We mentioned a couple of software that can help you do that in the previous slide. Then security training cannot be overemphasized. So when you talk about security training in your system you need to actually educate your users. Around best practices, for instance, your users should not be posting sensitive information about your Cuban a system on social media. There are certain things, social engineering techniques. They shouldn't be disposing of sensitive documents. Without shredding the documents, you know when you're when your staffs are actually working remotely They should make sure that nobody's watching over their shoulder when they're on the trains when they're in the bus things around social engineering very important to actually nudge your employees to do the right things and with regular security training you can actually Have a cyber resilient workforce very important. Most organizations are guilty of Only having technical security measures, but ignoring the human security factor of actually training their employees around human security. So in conclusion embracing data security is something that is going to like data security in kubernetes is not something that you actually just do once and just leave. It's something you continually do. Is it ongoing process and requires adaptation and you keep on implementing robust data practices in order to protect your sensitive data in your kubernetes environment so that you can have the trust and the confidence of your customers, and of your partners, so that they know that their data is actually safe with you. You don't want a situation whereby the sensitive data you have in your kubernetes system leaks, or you are, You become a victim to ransomware attack or something and you have downtime and it affects your brand reputation and you might also be a subject of, legal issues and all that. So I hope that with what I've shared today, you understand the importance of data security within a Kubernetes environment and also understand why encryption is important in your system. Thank you for listening. My name remains Victor. I hope you have an amazing day. Thank you.