Kubernetes Podcast from Google

Container Security, with Michele Chubrika

Oct 15, 2024

Michele Chubrika, a Cloud Security Developer Advocate at Google, joins Anton Chuvakin for a deep dive into container security. They debunk myths about isolation and discuss the intricacies between virtual machines and containers, emphasizing trust boundaries within Kubernetes. The conversation highlights the importance of proactive security practices and the potential of WebAssembly to reduce attack surfaces. They also tackle developer challenges in containerized environments, sharing insights on dependency management and the evolving landscape of cloud-native security.

55:49

Creator website

Episode guests

Anton Chuvakin

Michele Chubrika

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Security in containers and VMs relies on organizational architecture and collaboration between security and platform engineering teams rather than the technology itself.

Properly understanding isolation versus segregation in containers is crucial for implementing effective security measures within Kubernetes clusters.

Enhancing cloud-native security involves shifting from IP-based to application-based identity, emphasizing mutual TLS and the importance of strong governance.

Deep dives

VMs vs. Containers: A Complex Security Debate

The discussion begins with the common debate of whether virtual machines (VMs) or containers are more secure, which is framed as a misguided question. Security expert Michelle Shubirka emphasizes that the security of either technology heavily depends on the organization’s architecture and collaboration between security and platform engineering teams. She points out that containers operate under a shared kernel, which lacks true isolation, and thus security practices must adjust accordingly. The interplay of cultural factors within teams and their willingness to innovate further influences whether containers or VMs achieve higher security levels.

Intro

2min

Kubernetes and Container Security Insights

3min

Navigating Security in Containers and Virtual Machines

29min

Enhancing Kubernetes Security with WebAssembly

13min

Enhancing Developer Experience in Containerized Environments

3min

Optimizing Development Tools and Managing Misconfiguration

2min

WebAssembly: Navigating Current Perceptions and Future Prospects

4min

This episode is special. We collaborated with the folks behind the Cloud Security Podcast from Google, Anton Chuvakin(LinkedIn)and Tim Peacock, to bring you a joint episode. We had the pleasure to jointly interview Michelle Chubirka, a Cloud Security Developer Advocate. We talked about VM and Container security, debunked some myths about isolation, attack surfaces, immutability of containers, and more.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

News of the week

Links from the interview

Links from the post-interview chat

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Kubernetes Podcast from Google

Container Security, with Michele Chubrika

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

VMs vs. Containers: A Complex Security Debate

Understanding Isolation in Security Contexts

The Role of Identity and Security Policies

Navigating Attack Surfaces in Containers

The Emerging Role of WebAssembly (Wasm)

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Kubernetes Podcast from Google

Container Security, with Michele Chubrika

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

VMs vs. Containers: A Complex Security Debate

Understanding Isolation in Security Contexts

The Role of Identity and Security Policies

Navigating Attack Surfaces in Containers

The Emerging Role of WebAssembly (Wasm)

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights