Compliance assessment of Google Cloud Kubernetes clusters using Kubernetes Compliance Evaluation Matrix

Thumbnail Image

Files

master_Bin_Khalid_Talha_2025.pdf (4.92 MB)

URL

Journal Title

Journal ISSN

Volume Title

School of Electrical Engineering | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2025-04-27

Department

Major/Subject

Control, Robotics and Autonomous Systems

Mcode

Degree programme

Master's Programme in Automation and Electrical Engineering

Language

en

Pages

88

Series

Abstract

The goal of the thesis was to assess different Cloud Security Posture Management (CSPM) tools that help with the compliance of Google Kubernetes Engine (GKE) clusters over CIS GKE benchmarks. CIS benchmarks are industry standard security benchmarks that help with keeping the underlying assets secure in an ever evolving security landscape. The research was commissioned by Nordcloud - an IBM company to help assess which tools should be used internally for its various clients. The scope of this research was to study only three tools - Google Kubernetes Engine (GKE) Enterprise edition, Microsoft Defender for Cloud and Kube Bench. The initial chapters of this thesis briefly explain the concepts of Cloud, Containers, Kubernetes and CSPM tools in general. The thesis then goes into the details of GKE Enterprise, MS Defender for Cloud and Kube Bench. By following the details provided in this thesis, the reader can successfully replicate the implementation and use of these tools. A Kubernetes Compliance Evaluation Matrix (KCEM) was developed and used to compare the aforementioned tools amongst each other. This KCEM consists of 7 different criteria, and it can be used as a standard decision matrix to assess any CSPM tool over CIS compliance benchmarks for any type of Kubernetes installation. The goal of the thesis was fulfilled, and the results can be found in the conclusion section.

Description

Supervisor

Pajarinen, Joni

Thesis advisor

Haque, Muzahedul

Keywords

GKE, CIS, GCP, defender for cloud, kube bench, azure, Google Cloud

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202505193854

Collections

[dipl] Sähkötekniikan korkeakoulu / ELEC