Published on

Learn Cloud Native Newsletter

NSA/CISA Kubernetes hardening guidance and a critical review from NCC Group

In August, NSA & CISA released a Kubernetes hardening guidance that explains how to harden your Kubernetes clusters.
A day ago, the NCC Group (an information assurance company from the UK) released a critical review of the guidance. They separated the guidance into "Good", "Bad", and "Complex" sections. It's an interesting read, especially the bad and the complex sections that go into some aspects of Kubernetes security that were either overlooked or are already out of date (the joys of working in tech).

2021 State of DevOps report

For the past ten years, Puppet has been releasing the yearly State of DevOps report. This year anniversary edition talks about multiple pillars. For example, it says that DevOps is not just automation, but automating repetitive tasks is necessary (90% of respondents with highly evolved DevOps practices automate most repetitive tasks) to allow the team to step back and think about broader strategy.
Here are a couple of other tidbits from the executive summary:
  • Even though 65% of mid-evolution companies are using the public cloud, only 20% are using it to its full potential
  • The major obstacle that prevents enterprises from evolving to the highest levels is organizational structure and dynamics
  • Clear understanding of responsibilities to other teams is reported by 91% of highly evolved teams vs. 46% of low-evolution teams
  • In mid-evolution teams, 21% report their culture discourages risk, and 20% mention unclear responsibilities


Previous newsletters