Tenable Cloud Research has revealed that 78% of organizations globally and in the Asia Pacific region have publicly accessible Kubernetes API servers, increasing the risk of attacks. The 2024 Tenable Cloud Risk Report highlights that 78% of organizations have publicly accessible Kubernetes API servers, making them more vulnerable to attacks. Additionally, 41% of organizations allow inbound internet access to their Kubernetes clusters, making them more vulnerable to external threats. Furthermore, 44% of organizations run containers in privileged mode, granting them full access to the host system’s resources. Finally, 58% of organizations have cluster-admin role bindings, allowing attackers to gain full control over the cluster, manipulate or destroy workloads, or exfiltrate sensitive data.

“Kubernetes is the backbone of many cloud-native applications, but organizations in APAC are struggling to secure these environments
properly,” said Ari Eitan, Research Director at Tenable. “Publicly exposed Kubernetes API servers and overprivileged containers are serious risks that leave businesses vulnerable to attacks. Without the right security measures in place, these misconfigurations can lead to catastrophic breaches.”

To address these security challenges, Tenable recommends the following best practices for APAC organizations to safeguard their Kubernetes environments:

  • Limit Kubernetes API Exposure: Ensure that Kubernetes API servers are not exposed to the public Internet. Apply firewall or security group rules to restrict inbound access to Kubernetes clusters and enforce network segmentation to isolate sensitive workloads.
  • Reduce Privileged Containers: Avoid running containers in privileged mode unless necessary. Adhere to security best practices such as those outlined in the CIS Kubernetes Benchmark and NIST guidelines to limit container access to host resources.
  • Harden Role-Based Access Control (RBAC): Regularly audit and restrict the use of cluster-admin roles. Replace overly permissive role bindings with granular permissions that adhere to the principle of least privilege, ensuring that users and service accounts only have access to the resources they need.
  • Regularly Audit Kubernetes Configurations: Conduct frequent security audits of Kubernetes configurations to detect and address any misconfigurations or unnecessary exposures. Disable anonymous access to the Kubelet API and ensure that all communications within the cluster are encrypted.

The growing adoption of Kubernetes is a double-edged sword. While it offers great agility for cloud operations, it also introduces a new
layer of complexity and security risks. APAC businesses must prioritize Kubernetes security, particularly by closing exposure gaps and enforcing strict access controls. Proactive measures today will protect organizations from becoming tomorrow’s headline breaches,” added Eitan.