What is KSPM?
Kubernetes Security Posture Management (KSPM) is the practice of monitoring, assessing, and ensuring the security and compliance of Kubernetes environments.
Nicolas Ehrman
Nicolas is product marketing manager and focuses mainly on the security of containerized environments and cloud-native applications. For over 20 years in IT, he has specialized in cloud infrastructure, automation and security, and has worked for companies such as EMC, Red Hat and HashiCorp. Outside of work, he loves traveling, discovering new cultures, and especially the foods of all over the world.
Articles Nicolas Ehrman
Container Runtime Security
Container runtime security is the combination of measures and technology implemented to protect containerized applications at the runtime stage.
Kubernetes as a service
Kubernetes as a service (KaaS) is a model in which hyperscalers like AWS, GCP, and Azure allow you to quickly and easily start a Kubernetes cluster and begin deploying workloads on it instantly.
Zoom sur les runtimes de conteneur
Un environnement d'exécution de conteneurs est le logiciel de base qui permet aux conteneurs de fonctionner au sein d'un système hôte.
Regarder la démo de 12 minutes
Regardez comment Wiz transforme la visibilité instantanée en une remédiation rapide.
Kubernetes Runtime Security: Foundation and Best Practices
Kubernetes runtime security refers to the measures and practices implemented to protect Kubernetes clusters and the applications running within them during their operational phase.
8 Container Security Best Practices
8 no-brainer container security best practices + the key components of container architecture to secure
Kubernetes Vulnerability Scanning
Kubernetes vulnerability scanning is the systematic process of inspecting a Kubernetes cluster (including its container images and configurations) to detect security misconfigurations or vulnerabilities that could compromise the security posture of the cluster.
Qu’est-ce que l’Open Policy Agent (OPA) ? Bonnes pratiques et cas d’utilisation
Open Policy Agent (OPA) est un moteur de politique open source et polyvalent qui facilite l'application unifiée et contextuelle des politiques dans divers environnements cloud.
Les 8 bonnes pratiques essentielles pour la sécurité Linux
La sécurité Linux garantit la confidentialité, l'intégrité et la disponibilité des systèmes basés sur Linux et les protège contre les pirates informatiques, les attaques par force brute et autres cybermenaces.
Signature des images de conteneur
La signature des images de conteneurs est un processus de sécurité essentiel pour établir la confiance. De même qu'une signature permet de vérifier l'authenticité d'un document, la signature d'images remplit la même fonction pour les images de conteneurs : ces packages qui contiennent votre code et tous les éléments nécessaires à son exécution, où que vous soyez.
Contexte de sécurité Kubernetes : configuration et bonnes pratiques
Apprenez à configurer les contextes de sécurité Kubernetes, à éviter les erreurs de configuration courantes et à appliquer les meilleures pratiques pour exécuter des clusters sécurisés en production.
Sécurité des API : protéger les interfaces critiques dans un monde hyperconnecté
La sécurité des API englobe les stratégies, les procédures et les solutions employées pour défendre les API contre les menaces, les vulnérabilités et les intrusions non autorisées.
Best Practices for Strengthening Your EKS Security in 2026
EKS security refers to the practices, strategies, and technologies that organizations use to protect Amazon Elastic Kubernetes Service (EKS) environments from threats.
Qu'est-ce que la sécurité des conteneurs ? [Securing Containers 101]
La sécurité des conteneurs est la combinaison des pratiques, des stratégies et des outils dédiés à la protection des applications conteneurisées contre les vulnérabilités, l’injection de logiciels malveillants et les déploiements non autorisés.
Attack surface management tools: 2026 comparison guide
Facing the attack surface head-on requires investing in top-tier solutions. Platforms that combine agentless discovery, context-based risk prioritization, and seamless developer workflow integration are your best bet.
Gestion des risques d’exposition en cybersécurité
La gestion de l’exposition permet aux entreprises d’identifier, d’évaluer et d’atténuer les risques posés par les ressources exposées, telles que les réseaux, les applications, les données et d’autres actifs.
Container Images Demystified: Structure, Security, and Best Practices
Learn how container images work, their role in deployment, security risks, and best practices to streamline and protect your cloud-native applications.
Terraform Security Best Practices for Multi-Cloud Teams
Common security risks associated with Terraform and the 6 essential best practices for terraform security.
Qu’est-ce que la gestion de la surface d’attaque externe (EASM) ?
La gestion de la surface d’attaque externe (EASM) fait référence au processus d’identification, d’analyse et de gestion de la surface d’attaque externe d’une organisation.
5 Best Container Scanning Tools for Cloud Security
Looking to make the most of containerization while minimizing risk? Container scanning solutions are a critical line of defense that help ensure the safe and secure deployment of applications.
Microservices Security Best Practices
Microservices security is the practice of protecting individual microservices and their communication channels from unauthorized access, data breaches, and other threats, ensuring a secure overall architecture despite its distributed nature.
7 Best Container Monitoring Tools (and How to Choose One)
Compare top container monitoring tools with our expert guide. Use best practices to choose the right solution to monitor & secure your multi-cloud environment.
Qu’est-ce que la sécurité IAM ? Composants, fonctionnalités, bonnes pratiques
La sécurité IAM (Identity and Access Management) est un ensemble de politiques et de technologies qui aident les organisations à contrôler les identités qui peuvent disposer d’autorisations d’accès aux ressources, aux données, aux systèmes et aux applications.
Les 11 meilleurs outils open source de sécurité Kubernetes
Il est judicieux d'envisager l'utilisation de plusieurs outils de sécurité Kubernetes. Les solutions open source peuvent considérablement améliorer la sécurité de vos clusters Kubernetes ; cette section présente donc les 11 meilleurs outils de sécurité open source pour Kubernetes, capables de protéger votre environnement.
The most common Kubernetes security issues and challenges
The open-source nature of Kubernetes means that it is continually being updated and improved, which introduces new features and functionalities—as well as new vulnerabilities. Understand the most pressing K8 security challenges.
What Is File Integrity Monitoring? The FIM Deployment Guide
File integrity monitoring (FIM) can protect your data through early detection. Learn how to use it, as well as how to enhance compliance and security.
Supply Chain Attacks: Examples & Strategies
Supply chain attacks are cyberattacks where threat actors compromise trusted third-party vendors or software components, using that trust to infiltrate the target organization’s systems and sensitive data.
Kubernetes Namespaces: Security Best Practices
Kubernetes namespaces divide a given cluster into virtual clusters, helping to separate and manage resources while still keeping them within the same physical cluster. By segregating workloads and applying policies per namespace, you can create boundaries that keep your multi-tenant environments safe and organized.
Container Registry 101: What You Need to Know
Learn about a container registry’s role in the software supply chain, compare top providers, and discover best practices for secure container image management.
Multi-cloud Kubernetes Security: Architecture, Hardening, and Tooling
In this post, we’ll unpack the technical realities of securing Kubernetes in multi-cloud environments. We’ll cover common architectural patterns, dive into key security challenges, and walk through best practices for building a more secure, scalable, and consistent posture across clouds
Multi-cloud Kubernetes Security: Strategic Risks and Best Practices
In this article we will walk through Kubernetes security best practices, explore key Kubernetes security tools, and show how safeguarding every aspect of container security is vital.
AKS Security: Core Concepts and Best Practices
Learn essential AKS security concepts and best practices to protect your Kubernetes environments, safeguard applications, and stay ahead of evolving threats.
Bonnes pratiques de sécurité des pipelines CI/CD 2026
Découvrez les bonnes pratiques de sécurité CI/CD pour protéger votre cycle de développement contre les vulnérabilités et les attaques, tout en maintenant la vélocité de vos équipes.
Kubernetes RBAC Best Practices—From Basic to Advanced
Get Kubernetes RBAC best practices all in one place. Plus, learn actionable tips for beginners and advanced cloud security teams (and tools to use to improve).
Kubernetes Monitoring Tools and Best Practices to Know
Discover essential Kubernetes monitoring tools and best practices to optimize performance, enhance security, and ensure seamless cluster management.
Containers as a Service: Use Cases and Security Considerations
Learn how containers as a service can streamline your deployments, boost scalability, and strengthen security while tackling key challenges and risks.
Container Orchestration Defined (Plus Pro Tips and Tools)
Learn how container orchestration can automate deployment and management for containerized workloads. Find out best practices for an efficient and secure cloud.
A Quick Refresher on Kubernetes Security Best Practices
Secure your Kubernetes workloads with best practices to prevent threats, protect your containers, and strengthen access controls for a safer cloud environment.
Contrôleurs d’admission Kubernetes : guide express
La fonction principale des contrôleurs d'admission est l'application de politiques personnalisées aux requêtes entrantes, garantissant ainsi que seules les requêtes API valides et conformes sont exécutées.
Docker Container Security Best Practices for Modern Applications
Docker containers leverage the Docker Engine (a platform built on top of Linux containers) to simplify the software development process.
What Are Kubernetes Secrets? Uses, Types, and How to Create
A Kubernetes secret is an object in the Kubernetes ecosystem that contains sensitive information (think keys, passwords, and tokens)
The role of Kubernetes in AI/ML development
In this blog post, you’ll discover how Kubernetes plays a crucial role in AI/ML development. We’ll explore containerization’s benefits, practical use cases, and day-to-day challenges, as well as how Kubernetes security can protect your data and models while mitigating potential risks.
Linux Container Security: Benefits, Risks, & Best Practices
Understanding the nuances of Linux containers is crucial for building robust, secure applications. This blog post provides insights into the practical implementation of containers, focusing on both their strengths and potential pitfalls.
AWS containers: Fundamentals and best practices
At their core, containers encapsulate the application code and runtime, system tools, dependencies, and settings that enable it to operate in the same way across multiple environments.
AI/ML in Kubernetes Best Practices: The Essentials
Our goal with this article is to share the best practices for running complex AI tasks on Kubernetes. We'll talk about scaling, scheduling, security, resource management, and other elements that matter to seasoned platform engineers and folks just stepping into machine learning in Kubernetes.
Containerization 101: Transforming Application Development and Deployment
Containerization encapsulates an application and its dependencies into a container image, facilitating consistent execution across any host operating system supporting a container engine.
What Is DevOps Security? Implementation, Challenges and Best Practices
20 essential security best practices every DevOps team should start with
Kubernetes Clusters: A Security Review
A Kubernetes cluster consists of a group of node machines designed to run applications within containers.
Helm Charts in Kubernetes: A security review
Helm Charts streamline the deployment of applications by providing a packaging format that includes all necessary Kubernetes resources.
What is a Container Engine?
A container engine is a software tool that automates the process of running applications in isolated, lightweight environments called containers.
7 GKE Security Best Practices
7 essential best practices that every organization should start with
Container Architecture: A Security Review
Container architecture is a way to package and deploy applications as standardized units called containers.
What is Cloud Encryption?
Cloud encryption is the process of transforming data into a secure format that's unreadable to anyone who doesn't have the key to decode it.
Posts Nicolas Ehrman
Build to Runtime, Covered: A New Standard for Container Image Visibility
Wiz’s reimagined container image page gives teams complete visibility, smarter prioritization, and faster remediation, from code to runtime.
From Cloud to Hybrid: 360° Runtime Protection, Anywhere You Run
Wiz Sensor Workload Scanner brings runtime visibility and context to hybrid environments—cloud, on-prem, and edge—all in a single platform.
The Role of Runtime Security in Cloud Environments
Discover how Wiz's innovative hybrid approach revolutionizes runtime security for the modern cloud era.
Wiz Expands Runtime Protection to Serverless Containers
Wiz extends its cloud-native runtime sensor to secure serverless containers, providing deep visibility, blocking, and hunting capabilities for AWS Fargate and Azure Container Apps.
Mastering cloud security with custom roles: one more step towards democratization
Discover how Wiz extends its existing RBAC with the Custom Roles feature, enabling you to tailor user permissions, maintain security, and stay aligned with business needs.
Stay safe with Wiz's winning hand for securing Kubernetes
Ensure that your Kubernetes environments are secure and follow OWASP's Kubernetes Top 10 framework. Generate reports quickly and easily and remediate any issues with actionable insights.
Finding the needle in the haystack: effortless SBOM search in your cloud with Wiz
Find out quickly where OS and open-source packages or libraries are deployed in your cloud environments and secure them before potential issues arise.
Sailing Securely Across the SDLC: Introducing Wiz's Image Trust and Kubernetes Audit Log Collector
Secure your applications across the SDLC by deploying only trusted images and monitoring your Kubernetes control plane in near-real time to detect potential threats.
Unveiling eBPF: Harnessing Its Power to Solve Real-World Issues
Dive in a Kubernetes attack and see how eBPF and other security best practices can prevent these attacks.
Ensuring Supply Chain Security: Verify container image integrity with the Wiz Admission Controller
The Wiz admission controller simplifies supply chain security by ensuring only trusted container images can be deployed in Kubernetes environments.
Unveiling eBPF: Revolutionizing Security and Observability
An Introduction to Extended BPF and Its Transformative Impact.
Wiz launches support for Amazon SageMaker, helping organizations innovate faster and more securely with AI
Wiz helps accelerate the machine learning journey for practitioners by protecting their generative AI applications
Docker and Kubernetes, we have got you covered: Wiz simplifies compliance and security posture management for Docker and Kubernetes environments.
Ensure that your Docker and Kubernetes environments are secure and compliant with CIS benchmarks. Generate reports quickly and easily and remediate any issues with actionable insights.
Wiz helps organizations innovate with AI securely and responsibly, launching support for Google Cloud Vertex AI
Wiz protects AI infrastructure against cloud attacks, allowing data scientists and engineers to focus on deploying more AI applications.
Streamline Software Bill of Materials (SBOM) Generation with Wiz's Agentless SBOM
Enhance software security and supply chain risk management with Wiz's agentless scanning technology for effortless SBOM creation
Wiz: First agentless cloud security vendor to attain CIS SecureSuite Vendor Certification for cloud-managed Kubernetes
Confidently ensure your Kubernetes environments are compliant with CIS Benchmarks for cloud-managed Kubernetes. Quickly generate compliance reports and remediate any issues without hassle.
Enhanced policy management with GitOps and Terraform
Wiz announces new GitOps workflows and Terraform provider, enabling customers to manage policies as code.
Streamlining OS and Application Hardening: Revealing Misconfigurations with Wiz’s Agentless Custom Host Configuration Rules
Shell commands that once had to be run manually now can be coded into a custom rule and run daily using Wiz agentless workload scanning.
Automatically discover and secure your APIs with Wiz Dynamic Scanner
Wiz enhances its Dynamic Scanner to detect publicly exposed, unauthenticated APIs
Wiz enhances dynamic scanner to analyze and validate external exposure
Wiz extends its cloud analysis with an external scanner, giving customers an attacker's view of their externally exposed resources to reduce noise.
KubeCon + CloudNativeCon North America 2022: Our top 10 sessions to attend
KubeCon 2022 will be full of great presentations and content. Here's our take on the conference sessions (apart from our own) that you shouldn't miss, whether you're onsite or attending virtually.
Meet Wiz at KubeCon North America
Wiz will be attending and sponsoring KubeCon for the first time and we have a lot to share regarding how enterprises can better secure their container and Kubernetes environments. Come say hi!