KUBERNETES RISK MANAGEMENT: A FRAMEWORK TO ASSESS KUBERNETES SECURITY RISK IN BANK XYZ

Abstract

This thesis introduces Kube-RMF, a risk assessment framework designed to address the unique security challenges of Kubernetes in cloud environments. Kubernetes, as a cornerstone of modern containerized application deployments, introduces complex security risks, particularly for small banks navigating digital transformation. The Kube-RMF framework integrates and extends established methodologies, such as OCTAVE Allegro and NIST SP 800-30, while focusing on Kubernetes-specific security concerns. It operates through four iterative phases: Preparation, Asset Identification, Risk Identification & Quantification, and Mitigation Planning. The framework’s practical application is validated through a case study at Bank XYZ, an Indonesian financial institution utilizing Amazon Elastic Kubernetes Service (EKS). Results demonstrate Kube-RMF’s capability to identify critical risks, prioritize vulnerabilities, and recommend actionable mitigation strategies, adhering to CIS Kubernetes Security Guidelines. This research bridges gaps in traditional risk frameworks, offering a tailored, iterative approach to Kubernetes-based cloud systems, especially for small and mid-sized financial institutions.