Secure Data Services on Container Platforms: Protecting Distributed Query Engines, Messaging Platforms, and Search Systems
DOI:
https://doi.org/10.22399/ijcesen.5208Keywords:
Container Security, Kubernetes Security, Distributed Query Engines, Kafka, ElasticsearchAbstract
As organizations rapidly migrate their data services and other workloads to containers, the responsibility for securing them cannot fall into the hands of the application teams alone. Distributed query engines, messaging systems, search engines, and data stores amass huge troves of organizational data and provide rich query interfaces, making them a target for external and insider adversaries alike. The article describes a reference architecture that serves as an implementation guide for securing data services in cloud-native environments. Based on documentation from the most popular open-source projects in the cloud-native ecosystem and guidelines from the National Institute of Standards and Technology‚ the reference architecture consists of recommendations across four security domains: control plane identity and access management‚ data plane cryptography and network segmentation‚ secrets and key lifecycle management‚ and operational auditability․ We present an anonymized enterprise implementation pattern that assembles such controls into a defensible and auditable posture across portfolios of heterogeneous services.
References
[1] Murugiah Souppaya, et al., "Application Container Security Guide," Special Publication 800-190, 2017. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-190.pdf
[2] Trino Documentation, "TLS and HTTPS," Trino Security Configuration. [Online]. Available: https://trino.io/docs/current/security/tls.html
[3] Trino Documentation, "Authentication Types," Trino Security Configuration. [Online]. Available: https://trino.io/docs/current/security/authentication-types.html
[4] Apache Kafka Documentation, "Encryption and Authentication Using SSL," Apache Kafka 4.1 Documentation, 2025. [Online]. Available: https://kafka.apache.org/41/security/encryption-and-authentication-using-ssl/
[5] Elastic Documentation, "Security Overview and Setup," Elastic Cloud and Self-Managed Documentation. [Online]. Available: https://www.elastic.co/docs/deploy-manage/security
[6] Kubernetes Documentation, "Network Policies," Kubernetes Concepts: Services, Load Balancing, and Networking, 2024. [Online]. Available: https://kubernetes.io/docs/concepts/services-networking/network-policies/
[7] Cloud Native Computing Foundation, "CNCF Cloud Native Security Whitepaper," v2, 2022. [Online]. Available: https://www.cncf.io/wp-content/uploads/2022/06/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf
[8] Kubernetes Documentation, "Using RBAC Authorization," Kubernetes Reference Documentation, 2024. [Online]. Available: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
[9] Kubernetes Documentation, "Managing Service Accounts," Kubernetes Tasks, 2024. [Online]. Available: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/
[10] HashiCorp, "Vault Documentation: Secrets Engines," HashiCorp Developer. [Online]. Available: https://developer.hashicorp.com/vault/docs/secrets
[11] cert-manager Documentation, "Introduction to cert-manager," cert-manager Project Documentation. [Online]. Available: https://cert-manager.io/docs/
[12] Istio Documentation, "Security: Mutual TLS Migration," Istio Concepts. [Online]. Available: https://istio.io/latest/docs/tasks/security/authentication/mtls-migration/
[13] Kubernetes Documentation, "Auditing," Kubernetes Tasks: Cluster Administration, 2024. [Online]. Available: https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/
[14] SPIFFE Project, "SPIFFE: Secure Production Identity Framework for Everyone," SPIFFE Documentation. [Online]. Available: https://spiffe.io/docs/latest/spiffe-about/overview/
[15] Adrian Mouat, Docker Security: Using Containers Safely in Production. O'Reilly Media, 2016. Available: https://theswissbay.ch/pdf/Books/Computer%20science/O'Reilly/docker-security.pdf
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 International Journal of Computational and Experimental Science and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
