Kubernetes, with the right set of modules, will allow you to encrypt data and containers through at-rest encryption, which applies to data on a hard drive. However, HIPAA requires patient data to be "rendered unusable, unreadable, or indecipherable to unauthorized persons," (i.e., encrypted) both at rest and when in transit. By default, Kubernetes stores sensitive information ("secrets"), like usernames and passwords, as well as encryption keys in the form of readable data in an open-source distributed key-value store, namely, "etcd." This way the secrets are managed independently of the pods, but made available to them as needed.
Most of the time, PHI data is stored in a cloud storage service outside the Kubernetes infrastructure. It's important to ensure data en route to the cloud is protected from unauthorized and malicious access, loss, or exposure on the server. This means the cloud service provider must provide end-to-end encryption for all data that passes between the sender and receiver. In addition, the cloud backup service must be capable of retaining several versions of the same data files simultaneously, and, ideally, this should happen automatically on a continuous basis. So, in the unfortunate event of an accident or some malicious action, the data can be restored to any previous file version or its original state.
The Kubernetes platform protects data in transit between various platform components (e.g., nodes, etcd, API server) using the "https" encryption protocol. All communications with the control plane, responsible for managing nodes that run containerized applications and pods, are sent via the transport layer security (TLS) protocol, which helps establish the authenticity of a device, server, or user as well as data integrity and privacy. It is recommended that credentials, such as cluster root certificate authority (CA), private keys, and platform certificates, be rotated to enhance security for transit data. Kubernetes includes a wide variety of long-term storage plug-ins, such as remote cloud-based storage services and on-premise hardware attached to nodes, and these persist data even after the pods accessing them have shut down.
Here, it is important to bear in mind that stored PHI (data at rest) needs to be protected by encryption at all times, and this is an important mandate under HIPAA. Open-source "service meshes" enable secure sharing of data between microservices. In its data plane (user plane or data forwarding plane), the mesh provides a proxy instance ("sidecar"), which abstracts features, like inter-services network communication and security, away from the main microservice architecture. The sidecar works alongside the individual service to route requests to and from other proxies. Together, this bunch of proxies controls how microservices share data with one another. The control plane of the service mesh coordinates the behavior of these proxies and enforces policies that decide how data is forwarded by the data plane.
In order to exercise tighter control over secrets, these can be stored in vaults and various systems for managing identity-based secrets and encryptions. Secret management tools, like Hashicorp vault, will ensure secrets (e.g., usernames, passwords, database credentials, API tokens, TLS certificates) are encrypted while at rest inside the vault. Thereafter, secrets are accessible only to human users/servers whose identity and permission to use a Kubernetes resource has been established using RBAC or the secret value users are logged in with. Vaults also make sure sensitive data is encrypted during transit between the vault and any client.
Besides, vaults maintain a detailed log of all API requests and responses to the vault, and this ensures access to the secrets is not just tightly controlled but also auditable. These encryption management systems are also flexible enough to generate secrets that work for a limited period of time. They also revoke access to a secret for exiting employees and rotate access to a new employee. In respect of every secret, the system creates a lease, a metadata containing information on how long a data should exist on a computer or a computer network before being discarded. This allows for automatic expiry of database records, thus curbing their indefinite circulation. As soon as the lease ends, the vault automatically revokes a secret, invalidating the associated access keys.
Hashicorp vault centralizes the storage and management of secrets, and, by so doing, eliminates the risk of critical data being exposed in plain text, including in source-code repositories like GitHub/GitLab! By integrating the service mesh, discussed earlier, with a Vault Certificate Authority (CA), certificates can be issued for authorized applications running in the mesh.
Furthermore, to make sure the Kubernetes environment stays on the right side of the HIPAA legislation, it is important to ensure communication between pods is encrypted when transmission of sensitive data is involved. For the same reason, incoming traffic to a pod from outside a Kubernetes cluster and outgoing traffic from the pod should also be encrypted where confidential information is transmitted.