Scribd Logo
Upload

Welcome to Scribd!

  • 13 views

    Ubunutu 2

    Uploaded by

    algoareportar
    The document discusses security challenges with edge computing and IoT devices, and how MicroK8s with strict confinement on Ubuntu Core can help address these issues. Edge devices now receive regular updates but each update is a potential vulnerability, and managing security across millions of devices is challenging. MicroK8s aims to eliminate these concerns by providing complete isolation between containerized applications to prevent vulnerabilities from spreading.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Ubunutu 2

    Uploaded by

    algoareportar
    13 views3 pages
    The document discusses security challenges with edge computing and IoT devices, and how MicroK8s with strict confinement on Ubuntu Core can help address these issues. Edge devices now receive regular updates but each update is a potential vulnerability, and managing security across millions of devices is challenging. MicroK8s aims to eliminate these concerns by providing complete isolation between containerized applications to prevent vulnerabilities from spreading.

    Original Description:

    ubuntu secure part 2

    Original Title

    ubunutu2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses security challenges with edge computing and IoT devices, and how MicroK8s with strict confinement on Ubuntu Core can help address these issues. Edge devices now receive regular updates but each update is a potential vulnerability, and managing security across millions of devices is challenging. MicroK8s aims to eliminate these concerns by providing complete isolation between containerized applications to prevent vulnerabilities from spreading.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    13 views3 pages

    Ubunutu 2

    Uploaded by

    algoareportar
    The document discusses security challenges with edge computing and IoT devices, and how MicroK8s with strict confinement on Ubuntu Core can help address these issues. Edge devices now receive regular updates but each update is a potential vulnerability, and managing security across millions of devices is challenging. MicroK8s aims to eliminate these concerns by providing complete isolation between containerized applications to prevent vulnerabilities from spreading.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 3

    Kubernetes at the edge:

    How strict con�nement enables


    a secure IoT landscape

    October 2022

    Executive Summary
    Edge computing has become a critical component of the modern technology
    landscape. From the factory oor to smart homes, signage, robotics, and
    autonomous driving, Internet of Things (IoT) devices bring compute power
    closer to where data is generated, enabling unprecedented levels of e ciency
    and automation.

    But as IoT use cases and capabilities evolve, so do the risks.

    In the past, there were far fewer devices deployed in the eld, and they typically
    remained in a xed state throughout their entire lifecycle. Today, organisations
    often rely on Kubernetes to manage millions of devices, all of which receive a
    regular stream of updates and communicate with external data sources. Each of
    these interactions represents a window of vulnerability that can potentially be
    exploited by bad actors to gain access to the device.

    Given that even a single security breach at the edge can be highly costly and deal
    immense damage to an organisation’s brand reputation, protecting IoT devices
    is paramount.

    MicroK8s is a lightweight Kubernetes distribution designed for the edge that aims
    to eliminate these security concerns. Complementing a wide array of existing
    MicroK8s security features, a strict con nement capability introduced in 2022
    provides complete isolation for containerised applications. This ensures that any
    breaches or vulnerabilities that occur on one container cannot spread to the rest
    of the system, drastically improving the overall security of the host IoT device.

    Additionally, strict con nement enables users to run MicroK8s on Ubuntu Core, a
    Linux operating system purpose-built for secure edge computing.

    This whitepaper will take a closer look at the security challenges that organisations
    face at the edge, and examine how those risks can be mitigated using Ubuntu Core
    and MicroK8s with strict con nement.
    What is the IoT edge?
    The Edge computing market is growing fast. According to a recent report by
    Gartner, more than 15 billion IoT devices will connect to enterprise infrastructure
    by 2029.1 While traditional infrastructure remains relevant, the worldwide trend is
    to move resources closer to end users and IoT appliances.

    That being said, the “edge” is a nebulous term with various de nitions depending
    on the use case. The goal of all edges is largely common: providing compute,
    network, and storage resources closer to the source of the data. However, this
    de nition captures everything from embedded-type single-board computers
    and IoT devices all the way to large point-of-presence (PoP) clusters of data
    centre class equipment. These use cases have vastly di�erent requirements and
    constraints, making “edge” unhelpfully vague as a term.

    This can be simpli ed by grouping edge computing into two categories:

    • Micro clouds: small clusters of compute nodes with local storage and
    networking, where traditional data centre primitives are combined with
    high-availability clustering, low latency, over-the-air (OTA) updates, and
    enhanced security.

    • IoT edge: Single node devices with fewer resources, which function more
    like appliances.

    IoT edge devices are exponentially more prevalent, and this category is the
    primary subject of this whitepaper.

    Edge security challenges


    Keeping edge computing secure is a constant struggle because, in many ways, the
    same things that make modern IoT devices valuable also make them vulnerable.

    Historically, IoT devices deployed in the eld were immutable. After leaving the
    factory, the device rmware and operating system would never change, making
    security relatively straightforward. Modern IoT devices fall at the opposite end of
    the spectrum. Containerised applications are constantly updated, and advanced
    processes often interact with sensors and systems outside of the host device.

    The ability to keep devices updated after deployment and connect them to
    external data sources is one of the primary factors behind the successful evolution
    of edge computing. But at the same time, exposing IoT devices to the world in this
    way dramatically multiplies the risks. Every update and external interaction is a
    potential vulnerability, and edge networks are notoriously complex to secure.

    Maintaining security and delivering a consistent user experience in a dynamic edge


    environment is also a di cult balance to achieve. Developers might initially design
    a smart set of constraints for their IoT software, but those constraints can quickly
    become outdated as the landscape shifts and the device is patched.

    1 https://www.gartner.com/smarterwithgartner/gartner-predicts-the-future-of-cloud-and-edge-infrastructure

    2
    What’s more, delivering updates to a eet of devices is easier said than done.
    Automated OTA updates go a long way towards simplifying the process, but it is
    rarely possible to have full control over devices in the eld. For instance, a user
    might have their device turned o� for several weeks, preventing it from receiving
    updates. When that machine is turned back on, there may be a brief window in
    which it is operating without the latest security xes.

    These issues are further compounded with the introduction of Kubernetes.

    Kubernetes complexity increases at the edge


    Kubernetes is an open source container orchestration system. It is invaluable for
    distributing process management across numerous machines, enabling users to
    automate deployment, upgrades, and maintenance of containerised applications
    at scale.

    Within data centres and on clouds, Kubernetes has been the industry-standard
    container orchestration platform for several years. Indeed, the latest Canonical
    Cloud Native Operations survey found that 43.1% of respondents ran applications
    either partially or exclusively on Kubernetes, with a further 29.9% evaluating or
    planning Kubernetes deployment.2

    More recently, the quest to bring computing closer to users and data sources
    has seen Kubernetes come to the edge as well. According to the Cloud Native
    Computing Foundation’s 2021 survey, edge developers are the largest user
    segment for both containers and Kubernetes, with Kubernetes used by 63% of
    developers working on edge computing applications in the last 12 months.3

    Kubernetes is a natural t for IoT since it o�ers a way to simplify deployment and
    management across a vast eet of devices, empowering developers to focus on
    their applications rather than the underlying infrastructure. That being said, when
    Kubernetes was created, it was not designed to run at the edge. As a result, using
    Kubernetes on an IoT device poses signi cant risks.

    Kubernetes is a highly dynamic platform that supports many applications across


    a wide variety of use cases. Often, these applications interact with host machines
    in ways that are not fully secure when transposed to the edge. For instance,
    Kubernetes makes certain assumptions about what it can touch on the le system,
    and how it can interact with network interface and storage devices. While these
    assumptions would not ordinarily be an issue, they can compromise security in an
    IoT context.

    Combining these complications with device mutability and the sheer scope of
    what Kubernetes enables at the edge creates a large attack surface that is almost
    impossible to fully police.

    2 https://juju.is/cloud-native-kubernetes-usage-report-2022#container-and-kubernetes-usage
    3 https://www.cncf.io/wp-content/uploads/2021/12/Q1-2021-State-of-Cloud-Native-development-FINAL.pdf

    You might also like