Mitigating Insider Threats in Amazon Elastic Kubernetes Service (EKS): A Zero Trust Perspective

Mitigating Insider Threats continues to be an ongoing challenge faced by organizations of all sizes and it is further exacerbated given the rising security complexity in the cloud. DevOps practices lead to a shorter time to market through the adoption of various container and orchestration technologies. One of the key drivers was the adoption of Kubernetes (K8), an open-source container orchestration framework originally designed by Google. Popular Cloud Service Providers (CSPs) such as Amazon Web Services (AWS) offered their adoption of Kubernetes offerings to meet the industry's demand for scalable and resilient container orchestration platforms. However, the choice of technology does not reduce the risks of Insider Threat incidents. As highlighted by Tan (2023), there is a general lack of academic research performed within the intersection of Insider Threats, Cloud, and Zero Trust. This research will leverage the previous work by Tan (2023) and expand on the investigation of Zero Trust Architecture(s) through a simulated workload within Amazon Elastic Kubernetes Service (EKS) that is deployed into the AWS environment adopted from previous work. Insider Threat Scenarios were duly designed, developed, and emulated within the environment. Observations of how various native AWS security services controls behaved when these activities were emulated, were captured, and evaluated. Recommendations, in alignment with Zero Trust, are then put forth to improve defense capabilities against Insider Threats.