Google Cloud: Center for Internet Security Benchmarks for Google Kubernetes Engine

How a leading public cloud provider lowered the barrier for securing managed Kubernetes clusters by publishing best practice benchmarks
Google Cloud: Center for Internet Security Benchmarks for Google Kubernetes Engine

About Google

Google, a global technology company, has established itself as a leader in innovation and digital services. With a mission to organize the world’s information and make it universally accessible and useful, Google has revolutionized the way we search, communicate, and interact with technology. Google Cloud Platform (GCP) is a prominent component of Google’s offerings. It is a cloud computing platform that provides a wide range of scalable and secure cloud services to help businesses leverage the power of the cloud.

CIS Benchmarks for GKE

Google Cloud Platform (GCP) sought to empower customers using Google Kubernetes Engine (GKE) by providing them with comprehensive CIS Benchmarks tailored specifically for GKE deployments. To achieve this, GCP enlisted the expertise of our cloud-native security consultancy. ControlPlane’s in-depth knowledge and experience in Kubernetes made them the ideal partner to deliver these benchmarks. The collaboration resulted in the creation of a set of recommended security controls and guidance, enabling customers to harden their GKE clusters for production environments.

Challenges

Google Cloud needed to provide customers with a comprehensive set of CIS-backed security controls specifically tailored for GKE deployments.

Customers who chose GKE encountered a potential security challenge. While the default settings of GKE offered ease of use, further guidance and security controls were necessary to ensure the clusters were adequately hardened for production. This created a gap in customer knowledge, resulting in potential security vulnerabilities and increased risk. Understanding the criticality of this issue, GCP sought to address the concerns by engaging a trusted partner with extensive expertise in Kubernetes.

Solutions

ControlPlane delivered a comprehensive list of recommended security controls specifically tailored for GKE clusters, enumerating configuration options available for GKE, providing guidance on auditing and remediating running clusters.

  • CIS Benchmarks for GKE published in collaboration with Google Cloud as guidance for auditing and remediating running clusters
  • Meticulous user-driven review of GKE for secure defaults
  • Iterative threat model driven security analysis of GKE constructed with GKE security leads

These solutions provided multiple benefits to the client, including:

  • Empowerment of GKE users to run the CIS Benchmark against their clusters, determining the presence of critical security controls and identifying any gaps that required remediation
  • Fewer platform security incidents as customers have a set of security controls to follow, enabling them to harden their GKE clusters against detailed attack vectors
  • Enhanced customer trust of the GKE platform through independent validation

Business Outcomes

The CIS Benchmarks for GKE delivered a robust framework for Google Cloud customers to ensure the security and integrity of their GKE deployments, customers could strengthen their clusters to mitigate potential security risks, and the platform offering gained enhanced trust and confidence as GCP solidified its commitment to providing a secure and reliable managed Kubernetes solution.

ControlPlane’s expertise in Kubernetes and their collaborative efforts with GCP demonstrated their dedication to driving innovation and delivering secure solutions in the cloud-native ecosystem.

Similar case studies