Container security still not where it should be in late 2018
An interesting article by George Leopold over at Enterprise Tech discusses how improper configurations or misconfigurations of Kubernetes. Many companies deploying software on top of popular Cloud infrastructure providers (such as Amazon Web Services, Google Cloud and Microsoft Azure Cloud) do not have a solid container security policy. Furthermore, these companies are trying to "bolt-on" security too late into the application development process, making it more difficult to achieve a proper security posture before the needs of the business force the application into the open. To my surprise (not really) it turns out that many (most?) of the hacked Kubernetes deployments didn't even have basic password protection enabled for Kubernetes itself.