TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
Open Source Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
OpenJS Foundation’s Leader Details the Threats to Open Source
Aug 29th 2024 6:00am, by Heather Joslyn
Valkey Is a Different Kind of Fork
Aug 26th 2024 9:30am, by Steven J. Vaughan-Nichols
A Developer's Guide to ActivityPub and the Fediverse
Aug 25th 2024 7:00am, by Martin SFP Bryant
Building an IDP With Help From the Open Source CNOE Framework
Aug 23rd 2024 9:00am, by Heather Joslyn
Beyond the Walled Garden of Open Source
Aug 22nd 2024 10:00am, by Jonathan Marsh
Manage Multiple Jupyter Instances in the Same Cluster Safely
Sep 2nd 2024 5:00am, by Manas Chowdhury
How Supabase Is Building Its Platform Engineering Strategy
Aug 29th 2024 6:42am, by Todd R. Weiss
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
Docker Joins Movement To Dump Passwords for Security
Aug 21st 2024 1:36pm, by Steven J. Vaughan-Nichols
Chainguard Launches CPU/GPU Containers for AI Frameworks
Aug 19th 2024 12:52pm, by B. Cameron Gain
Runc-Related Leaky Vessels Threaten Container Security
Jul 23rd 2024 10:27am, by Manas Chowdhury
3 Ways To Improve Your Container Build Process
Jul 22nd 2024 10:00am, by Sylvain Kalache
Exploring MicroOS, OpenSUSE's Immutable Container OS
Jul 5th 2024 6:00am, by Jack Wallen
Golang Pub/Sub: Why It’s Better When Combined With GoFr
Aug 28th 2024 6:00am, by Robert Kimani
With eLxr, Wind River Brings Debian Linux to the Edge
Aug 12th 2024 1:30pm, by Joab Jackson
How To Get Started Running Small Language Models at the Edge
Jul 24th 2024 6:00am, by Janakiram MSV
How to Apply Microservice Architecture to Embedded Systems
Jul 16th 2024 10:48am, by Bob Reselman
Why We Chose WebAssembly (Wasm) for Our Edge Runtime
May 28th 2024 6:50am, by Bogdan Kurnosov
Shift Left on a Budget: Cost-Savvy Testing for Microservices
Aug 27th 2024 12:03pm, by Nočnica Mellifera
Remocal Development: The Future of Efficient Kubernetes Workflows
Aug 25th 2024 10:00am, by Anita Ihuman
Why Staging Doesn't Scale for Microservice Testing
Aug 16th 2024 10:13am, by Arjun Iyer
A Developers Guide to NIM, Nvidia’s AI Application Platform
Aug 13th 2024 8:02am, by Janakiram MSV
Setting Microservices Up for Success: Real-World Advice
Aug 1st 2024 6:03am, by Charles Humble
VMware Private Cloud Now Has a Catalog of Advanced Services
Aug 27th 2024 6:01am, by Joab Jackson
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Linux: Display and Manage IP Address Settings
Aug 18th 2024 12:00pm, by Damon M. Garn
Linux: Mount Remote Directories With SSHFS
Aug 3rd 2024 6:00am, by Jack Wallen
Client-Side Monitoring Is a Must for Mobile Apps
Jul 19th 2024 11:26am, by Fredric Newberg
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by Lily Ma and David Justo
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
WebAssembly and Kubernetes Go Better Together: Matt Butcher
May 22nd 2024 2:00pm, by Raghavan "Rags" Srinivas
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Multicloud: Why It's the Best Choice for Data
Aug 23rd 2024 11:57am, by Megan Grant
Onehouse Automates Vector Embedding for Its Data Lakehouse
Aug 22nd 2024 10:30am, by Jelani Harper
Linux: Low-level Data Copying with dd
Aug 17th 2024 6:00am, by Jack Wallen
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
Unfreeze Apache Iceberg to Thaw Your Data Lakehouse
Jul 22nd 2024 7:28am, by Dave Eyler
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
AI Demands More Than Just Technical Skills From Developers
Sep 1st 2024 10:00am, by
Microsoft Builds AutoGen Studio for AI Agent Prototyping
Sep 1st 2024 6:00am, by
The Future of LLMs Is in Your Pocket
Aug 31st 2024 10:00am, by
Introduction To Plotly Dash, the Most Popular AI Data Tool
Aug 31st 2024 6:00am, by
Is React Now a Full Stack Framework? And Other Dev News
Aug 31st 2024 5:00am, by
Microsoft Builds AutoGen Studio for AI Agent Prototyping
Sep 1st 2024 6:00am, by
Build a RAG App With Nvidia NIM and Milvus Running Locally
Aug 26th 2024 7:21am, by
5 Ways AI Improves Knowledge Management
Aug 23rd 2024 12:00pm, by
Google Serves Up Cloud GPUs With a Side of Open Source LLMs
Aug 21st 2024 8:00am, by
AI Coding Assistants: 12 Do’s and Don’ts
Aug 21st 2024 7:00am, by
Is React Now a Full Stack Framework? And Other Dev News
Aug 31st 2024 5:00am, by
3 Lessons in Accessible Development From an Expert Tester
Aug 29th 2024 12:00pm, by
Developers Rail Against JavaScript ‘Merchants of Complexity’
Aug 28th 2024 12:00pm, by
Red Hat Tool Lets Developers Explore AI Applications Locally
Aug 27th 2024 11:09am, by
AI Dev Tools Ranked and Astro Adds Support for Large Sites
Aug 24th 2024 7:00am, by
Microsoft Builds AutoGen Studio for AI Agent Prototyping
Sep 1st 2024 6:00am, by
The Future of LLMs Is in Your Pocket
Aug 31st 2024 10:00am, by
3 Lessons in Accessible Development From an Expert Tester
Aug 29th 2024 12:00pm, by
How Supabase Is Building Its Platform Engineering Strategy
Aug 29th 2024 6:42am, by
Broadcom’s VMware Tanzu Platform 10 Becomes a PaaS
Aug 28th 2024 12:34pm, by
Beyond Monitoring: The Urgent Need for Strategic API Consumption Management
Aug 26th 2024 10:15am, by
API Governance and Developer Experience in a Developer Portal
Aug 22nd 2024 1:00pm, by
The Struggle To Test Microservices Before Merging
Aug 21st 2024 12:48pm, by
Unexpected Benefits of Full-Stack API Development
Aug 20th 2024 3:55am, by
Master API Connections in Azure with Bicep
Aug 14th 2024 10:00am, by
Mastering the Fundamentals of Computer Vision With Python
Aug 23rd 2024 8:10am, by
How To Use Inheritance in Python
Aug 13th 2024 5:00pm, by
What Is the Python join() Function and When Should You Use It?
Aug 12th 2024 5:00pm, by
What Is Python's sum() Function and How Do You Use It?
Aug 11th 2024 6:00am, by
What Is the Python Match Case Statement and Why Use It?
Aug 8th 2024 5:00pm, by
Is React Now a Full Stack Framework? And Other Dev News
Aug 31st 2024 5:00am, by
OpenJS Foundation’s Leader Details the Threats to Open Source
Aug 29th 2024 6:00am, by
Developers Rail Against JavaScript ‘Merchants of Complexity’
Aug 28th 2024 12:00pm, by
AI Dev Tools Ranked and Astro Adds Support for Large Sites
Aug 24th 2024 7:00am, by
Inside ECMAScript: JavaScript Standard Gets an Extra Stage
Aug 21st 2024 6:00am, by
Is React Now a Full Stack Framework? And Other Dev News
Aug 31st 2024 5:00am, by
Implementing IAM in NestJS: The Essential Guide
Aug 30th 2024 6:26am, by
TypeScript 5.5: Faster, Smarter and More Powerful
Jun 25th 2024 6:41am, by
UIX: A Full Stack Web Dev Framework Leveraging Deno
Jun 11th 2024 11:30am, by
TanStack Introduces New Meta-Framework Based on Its Router
Jun 5th 2024 11:38am, by
Golang for WebAssembly Can Now Work Like IT Should
Aug 9th 2024 9:00am, by
How To Run WebAssembly on Kubernetes
Jul 28th 2024 10:00am, by
Chicory: Write to WebAssembly, Overcome JVM Shortcomings 
Jul 19th 2024 12:33pm, by
What’s Next for Flutter After Layoffs Hit Google Team
Jul 17th 2024 9:01am, by
Demos: Deploying LLMs With WasmEdge 
Jul 16th 2024 8:28am, by
Broadcom’s VMware Tanzu Platform 10 Becomes a PaaS
Aug 28th 2024 12:34pm, by
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by
Why Cloud Security Fails: The Posture vs. Runtime Gap
Aug 21st 2024 10:00am, by
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by and
Google Cloud Adds GenAI, Core Enhancements Across Data Platform
Aug 1st 2024 8:30am, by
Manage Multiple Jupyter Instances in the Same Cluster Safely
Sep 2nd 2024 5:00am, by
Reimagining Observability: The Case for a Disaggregated Stack
Aug 29th 2024 10:00am, by
Rockset Users Stranded by OpenAI Acquisition: Now What?
Aug 28th 2024 10:00am, by
How To Nail Your GenAI Product Data Strategy
Aug 28th 2024 8:52am, by
Multicloud: Why It's the Best Choice for Data
Aug 23rd 2024 11:57am, by
Manage Multiple Jupyter Instances in the Same Cluster Safely
Sep 2nd 2024 5:00am, by
Linux: SSH and Key-Based Authentication
Sep 1st 2024 12:00pm, by
Implementing IAM in NestJS: The Essential Guide
Aug 30th 2024 6:26am, by
Orca Security Launches First K8s Testing/Staging Environment
Aug 29th 2024 9:00am, by
eBPF Security Power and Shortfalls
Aug 28th 2024 8:12am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
How Supabase Is Building Its Platform Engineering Strategy
Aug 29th 2024 6:42am, by Todd R. Weiss
How To Implement InnerSource With an Internal Developer Portal
Aug 28th 2024 11:00am, by Aidan O'Connor
How Platform Engineering Enables the 10,000-Dev Workforce
Aug 27th 2024 7:50am, by Jennifer Riggins
Broadcom Debuts VMware Tanzu Platform 10 at Explore 2024
Aug 27th 2024 6:00am, by Joab Jackson
Building an IDP With Help From the Open Source CNOE Framework
Aug 23rd 2024 9:00am, by Heather Joslyn
Linux: SSH and Key-Based Authentication
Sep 1st 2024 12:00pm, by Damon M. Garn
Deploy on Friday? Moratorium Doesn’t Achieve Admirable Goal
Aug 29th 2024 11:00am, by Steve Fenton
How To Implement InnerSource With an Internal Developer Portal
Aug 28th 2024 11:00am, by Aidan O'Connor
Why CI and CD Need to Go Their Separate Ways
Aug 27th 2024 10:30am, by Christian Hernandez
Clouds, Codes, and Navigating Top CIO Challenges in 2024
Aug 27th 2024 10:00am, by Fernando Castanheira
How To Implement InnerSource With an Internal Developer Portal
Aug 28th 2024 11:00am, by Aidan O'Connor
Let’s Bring H-A-R-M-O-N-Y Back Into Our Tech Tools
Aug 28th 2024 7:15am, by Steve Rodda
Why CI and CD Need to Go Their Separate Ways
Aug 27th 2024 10:30am, by Christian Hernandez
Level Up Your Software Quality With Static Code Analysis
Aug 26th 2024 6:33am, by Robert Curlee
Need To Know Git? Start Here
Aug 24th 2024 6:00am, by Jack Wallen
AI Demands More Than Just Technical Skills From Developers
Sep 1st 2024 10:00am, by Rob Whiteley
The Future of LLMs Is in Your Pocket
Aug 31st 2024 10:00am, by Javier Redondo
CTO to CTPO: Navigating the Dual Role in Tech Leadership
Aug 30th 2024 10:00am, by Vicky Wills
The Developer Crisis: Mental Health, Burnout, and Retention
Aug 22nd 2024 11:00am, by Craig Smith
What AI Developer Skills Do You Need in 2024?
Aug 22nd 2024 7:00am, by Demola Malomo
AI Demands More Than Just Technical Skills From Developers
Sep 1st 2024 10:00am, by Rob Whiteley
CTO to CTPO: Navigating the Dual Role in Tech Leadership
Aug 30th 2024 10:00am, by Vicky Wills
50 Years Later: Remembering How the Future Looked in 1974
Aug 24th 2024 6:00am, by David Cassel
The Developer Crisis: Mental Health, Burnout, and Retention
Aug 22nd 2024 11:00am, by Craig Smith
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by Phil Andrews
CTO to CTPO: Navigating the Dual Role in Tech Leadership
Aug 30th 2024 10:00am, by Vicky Wills
Deploy on Friday? Moratorium Doesn’t Achieve Admirable Goal
Aug 29th 2024 11:00am, by Steve Fenton
Reimagining Observability: The Case for a Disaggregated Stack
Aug 29th 2024 10:00am, by Neha Pawar
Balancing AI Innovation and Tech Debt in the Cloud
Aug 29th 2024 8:00am, by Ido Neeman
Let’s Bring H-A-R-M-O-N-Y Back Into Our Tech Tools
Aug 28th 2024 7:15am, by Steve Rodda
Orca Security Launches First K8s Testing/Staging Environment
Aug 29th 2024 9:00am, by Chris J. Preimesberger
eBPF Security Power and Shortfalls
Aug 28th 2024 8:12am, by B. Cameron Gain
Broadcom Debuts VMware Tanzu Platform 10 at Explore 2024
Aug 27th 2024 6:00am, by Joab Jackson
Remocal Development: The Future of Efficient Kubernetes Workflows
Aug 25th 2024 10:00am, by Anita Ihuman
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Reimagining Observability: The Case for a Disaggregated Stack
Aug 29th 2024 10:00am, by Neha Pawar
The Hidden Costs of Chasing Five 9s
Aug 24th 2024 10:00am, by Ajinkya Mahadeo Ghadge
Spans: What Are They and Why Should Mobile Engineers Care?
Aug 22nd 2024 7:58am, by Fredric Newberg
ServiceOps: Balancing Speed and Risk in DevOps
Aug 21st 2024 5:02am, by Margaret Lee
Chatting With Data: LLMs Are Transforming AIOps
Aug 20th 2024 10:00am, by Avitan Gefen
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Can Cilium Be a Control Plane Beyond Kubernetes?
Jul 28th 2024 6:00am, by Alex Williams
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
Cloud Native Ecosystem / Data / Security

Manage Multiple Jupyter Instances in the Same Cluster Safely

Zero trust is the key to preventing data exfiltration, unauthorized access and other threats to the sensitive data in your Jupyter notebooks.
Sep 2nd, 2024 5:00am by
Featued image for: Manage Multiple Jupyter Instances in the Same Cluster Safely
Featured image by Unsplash+ in collaboration with Nigel Hoare.

Jupyter notebooks are interactive, efficient tools that allow data scientists to explore datasets and add models productively. Many organizations — 42% in a recent JetBrains study — leverage Jupyter notebooks to provide users with programmatic access to sensitive data assets.

Screenshots of Jupyter Notebook interface

Jupyter notebooks have become a staple in data science and research for reasons including:

  • Interactivity
  • Flexibility
  • Integration
  • Collaboration
  • Ease of use

However, have you ever wondered about the threats this model poses to data security? Attackers or unethical users can exploit it to gain unauthorized access to sensitive information.

In this article, I will walk you through common Jupyter notebook threats and explain how to use zero trust security to protect them.

Since Jupyter notebooks are widely used and popular, preventing security threats is not just beneficial but necessary.

Common Jupyter Notebook Threats and Exploits

Attackers can use Python to modify the operating system, which allows Jupyter notebooks to change system settings and files. This can pose major security risks and potentially mess with local assets.

Here are some of the most common security threats that Jupyter notebooks can face due to their design.

Common security threats that Jupyter Notebooks can face

Remote Command Injection

Remote command injection happens when an attacker exploits vulnerabilities in a Jupyter notebook environment to run arbitrary commands on the host server.

This can occur through poorly sanitized inputs or malicious notebooks. Once the attacker gains command execution, they can control the server, access sensitive data and even move to other systems within the network. This can cause extensive damage and data breaches.

Unauthorized Access to Remote Trusted Entities

By gaining unauthorized access to external services or systems trusted by the Jupyter notebook, attackers can exploit vulnerabilities or misconfigurations. They can use this access to impersonate legitimate users or services to access sensitive data or perform other unauthorized actions. This not only jeopardizes the security of the trusted entities but also undermines the integrity of the data and operations within the Jupyter environment.

Unauthorized Access to Another Jupyter User Pod in the Same Namespace

In environments where multiple users share a Jupyter deployment, such as Kubernetes namespaces, attackers exploit vulnerabilities to gain unauthorized access to another user’s pod. This allows them to execute arbitrary code, steal data or disrupt the operations of other users. Such breaches can lead to significant security incidents, especially in multitenant environments where data isolation is crucial.

Control and Beacon via a Remote C&C Server

Attackers can establish a command-and-control (C&C) server to remotely control compromised Jupyter notebook instances. By doing so, they can issue commands, exfiltrate data and perform other malicious activities without direct access to the environment. This type of attack can be particularly stealthy and persistent, as the C&C server can continuously direct the compromised notebook to perform harmful actions.

Unauthorized Access to Another Customer Pod via Namespace Escape

Namespace escape attacks occur when an attacker exploits vulnerabilities to break out of their isolated environment (namespace) and access other customers’ pods. This is particularly concerning in cloud environments where multiple customers share the same underlying infrastructure. Such an attack can lead to unauthorized data access and system manipulation, and potentially compromise the entire infrastructure’s security.

Data Exfiltration Through Malicious Resources

Data exfiltration involves the unauthorized transfer of data from the Jupyter notebook environment to an external location. Attackers use malicious notebooks or scripts to read sensitive data and send it out to a controlled server. This type of attack can result in significant data breaches, exposing confidential information and causing financial and reputational damage to the affected organization.

Supply Chain Attack

Attackers can compromise the software supply chain by injecting malicious code into trusted software components or libraries used within the Jupyter notebook environment. When these components are integrated, the malicious code executes, allowing the attacker to compromise the system. This type of attack can be particularly insidious, as it exploits the inherent trust in widely used software components.

MITM Attack for Connection to Remote External Trusted Entities

A man-in-the-middle (MITM) attack occurs when an attacker intercepts and potentially alters communications between the Jupyter notebook and remote trusted entities. This enables the attacker to eavesdrop on sensitive information, inject malicious data and disrupt the integrity of the communication. This type of attack can compromise the confidentiality and reliability of data exchanges, leading to significant security risks.

Safely Managing Multiple Jupyter Instances in the Same K8s Cluster

To demonstrate how these threats can affect data science environments, I will use a sample deployment scenario and share some best practices.

First, set up your Jupyter notebook instances in a Kubernetes (K8s) cluster for data science workloads.

K8s setup: The deployment uses a Kubernetes cluster with three nodes on Google Kubernetes Engine (GKE). The cluster is set up with the default configurations provided by the regular channel, and it uses a container-optimized operating system image for efficiency and performance.

Jupyter Notebook config

Jupyter notebook setup: Two namespaces are created within the Kubernetes cluster, each hosting its own Jupyter notebook instance. When a user logs in, the system dynamically spins up a user-specific pod named Jupiter-<username>. This ensures that each user has their own isolated environment in which to run their Jupyter notebooks, enhancing security and resource allocation.

User-specific pod

Follow these best practices for managing multiple Jupyter instances within the same cluster:

  • Running multiple instances: To run multiple Jupyter notebook instances in the same Kubernetes cluster, create separate Docker images for each instance. Then set up Kubernetes deployments and services for these instances.
  • Namespace isolation: Namespace isolation is used to ensure that each Jupyter notebook instance operates in its own isolated environment. This helps prevent potential security issues and resource conflicts between different users or projects.
  • Security measures: Implementing security measures involves configuring the Kubernetes cluster and Jupyter notebooks to minimize vulnerabilities. This might include setting up network policies, role-based access controls and monitoring for potential threats.
  • Resource allocation: Proper resource allocation ensures that each Jupyter notebook instance receives its necessary CPU, memory and storage resources without impacting others. This is critical for maintaining performance and reliability in a multiuser environment.
  • Threat mitigation strategies: Specific strategies are put in place to mitigate threats such as unauthorized access, data exfiltration and command injection. This might involve using secure configurations, regularly updating software and monitoring for suspicious activities.

Using Zero Trust Security for Jupyter Notebooks

The way we use digital technologies is changing fast, making old perimeter-based cybersecurity defenses ineffective. Perimeters can’t keep up with the dynamic nature of digital changes. Only zero trust security can handle these challenges by carefully checking and approving access requests at every part of a network.

The principle of least privilege ensures that no user or system has full access to the entire network. Each access request is constantly checked based on factors like who the user is, the health of their device and where they’re trying to access from. This reduces the chance of unauthorized access and protects important data and systems.

If there’s a security breach, microsegmentation is crucial. It divides the network into smaller parts, stopping any sideways movement within the network. This containment limits the damage a hacker can do.

Using zero trust not only boosts security but also meets today’s business needs for flexibility, growth and strong data protection. By using these strategies, companies can protect their digital assets from new threats while keeping their operations safe and efficient.

How Zero Trust Helps To Secure a Jupyter Notebook

A comprehensive zero trust cloud native application protection platform (CNAPP) solution delivers superior protection and control with features like:

  • Granular control: Achieve precise management of user actions to mitigate the risk of security incidents effectively.
  • Real-time protection: Monitor system activities continuously, and promptly address any unauthorized actions with proactive security measures.
  • User-friendly configuration: Security policies are straightforward to set up and adjust, ensuring accessibility for users with varying levels of expertise.

What To Look for in a Zero Trust Solution

If you have decided to secure your organization’s data with a zero trust security strategy, choosing the right service provider is crucial.

The most important factor to look for is whether the service provider offers inline security or post-attack mitigation.

Inline security vs. post-attack mitigation

While post-attack mitigation might seem to offer similar levels of security and might be affordable, it can cost your enterprise more in the long run.

Post-attack mitigation reacts post-exploitation; once a security mishap has occurred, it identifies and stops it. On the other hand, inline security or runtime security responds to potential attacks before they happen. It offers a more proactive and real-time threat mitigation approach than post-attack mitigation.

Here are a few other features to seek out:

  • User execution control: The ability to limit user execution of binaries to specific, predefined paths is crucial. This feature helps prevent unauthorized access to critical system binaries and enhances overall system security by controlling user actions.
  • Path restriction: Defining explicit paths, such as /usr/local/bin and /bin/, for execution is vital. Controlling the scope of binary execution minimizes the risk of potential vulnerabilities and restricts users to trusted paths, reducing the likelihood of malicious activities.
  • Prohibition of new binaries: Implementing rules to disallow the creation of new binaries within specified paths is an essential security measure. This mitigates the risk of introducing unknown executables and safeguards the system against potential threats by controlling binary additions.
  • Enforcement of execution rules: A robust security provider should identify and enforce rules for executing binaries from essential paths. Defining strict measures for binary execution from paths like /usr/local/bin and /bin/ significantly enhances the security of the system.
  • Prevention of write operations: Applying strict measures to prevent any write operations within critical paths ensures system integrity. This approach aligns with the principles of zero trust, which is fundamental for maintaining a secure environment.

Takeaways

  • Jupyter Notebook is the most used data science integrated development environment (IDE), but it carries significant security risks. Organizations must understand these vulnerabilities to mitigate threats effectively.
  • Zero trust security is one of the best ways to safeguard Jupyter notebook environments. By verifying every access request and assuming zero trust, organizations can prevent unauthorized access and data breaches.
  • If you decide to work with a zero trust service provider, go for solutions offering real-time threat mitigation and inline security measures.
TRENDING STORIES
Group Created with Sketch.
Manas Chowdhury is the vice president of marketing of AccuKnox. With over a decade in digital marketing for technology companies and innovative startups, Manas now writes blogs, white papers, e-books and articles to help people understand the value of AccuKnox....
Read more from Manas Chowdhury
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Control, Docker, Kubernetes, Real.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.