Data Security in Multi-Tenant Clusters
Megha Aggarwal , Software Development Engineer, Amazon AWS Seattle, WA, USAAbstract
This article presents a comprehensive analysis of the set of threats that are characteristic of heterogeneous Kubernetes deployments. The work aims to systematize and examine these threats, as well as to develop an integrated security model suitable for practical implementation. The methodological foundation consisted of a rigorous literature review encompassing both academic papers and engineering reports from major cloud providers. Special attention was given to publications on container isolation, inter-pod network policy, secrets management, and data encryption protocols. Based on this analysis, a multi-layer threat map is presented, detailing the attack vectors at each layer. The proposed protective measures are integrated into a unified DevSecOps lifecycle framework and can be automated within CI/CD pipelines. The conclusions drawn and the model developed are intended for security engineers, DevOps teams, and cloud platform architects who need to design and maintain multi-tenant Kubernetes clusters with a guaranteed level of data protection.
Keywords
Kubernetes, data security, multi-tenancy, isolation, threat model, encryption, access control
References
Cloud Native Computing Foundation. (2024). CNCF annual survey 2023: The state of cloud native development. Retrieved from https://www.cncf.io/reports/cncf-annual-survey-2023/ (date accessed: 17.05.2025).
Palo Alto Networks. (2024). 2024 state of cloud native security report [Report]. Retrieved from https://www.paloaltonetworks.com/resources/research/state-of-cloud-native-security-2024 (date accessed: 20.05.2025).
Haq, M. S., et al. (2024). SoK: A comprehensive analysis and evaluation of Docker container attack and defense mechanisms. In 2024 IEEE Symposium on Security and Privacy (SP) (pp. 4573–4590). IEEE. https://doi.org/10.1109/SP54263.2024.00268
Berenberg, A., & Calder, B. (2022). Deployment archetypes for cloud applications. ACM Computing Surveys, 55(3), 1–48. https://doi.org/10.1145/3498336
Superbo, G. (2022). Hard multi-tenancy Kubernetes approaches in a local 5G deployment: Testing and evaluation of the available solutions, 43 – 60.
Morić, Z., Dakić, V., & Čavala, T. (2025). Security hardening and compliance assessment of Kubernetes control plane and workloads. Journal of Cybersecurity and Privacy, 5(2). https://doi.org/10.3390/jcp5020030
Dos Santos, R. F. (2025). Applying zero trust to Kubernetes clusters. ARIS2 – Advanced Research on Information Systems Security, 5(1), 57–71. https://doi.org/10.56394/aris2.v5i1.58
Nutalapati, P. (2021). Service mesh in Kubernetes: Implementing Istio for enhanced observability and security. Journal of Scientific and Engineering Research, 8(11), 200–206.
Shethiya, A. S. (2024). Ensuring optimal performance in secure multi-tenant cloud deployments. Spectrum of Research, 4(2), 1–7.
Kosińska, J., & Tobiasz, M. (2022). Detection of cluster anomalies with ML techniques. IEEE Access, 10, 110742–110753. https://doi.org/10.1109/ACCESS.2022.3216080.
Article Statistics
Copyright License
Copyright (c) 2025 Megha Aggarwal

This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain the copyright of their manuscripts, and all Open Access articles are disseminated under the terms of the Creative Commons Attribution License 4.0 (CC-BY), which licenses unrestricted use, distribution, and reproduction in any medium, provided that the original work is appropriately cited. The use of general descriptive names, trade names, trademarks, and so forth in this publication, even if not specifically identified, does not imply that these names are not protected by the relevant laws and regulations.