Container Security

As containers continue their march into the IT mainstream, one of the big fear factors that skeptics may cite is a familiar one: Security. The biggest misunderstanding is that containers are inherently insecure. Indeed, it’s a major misconception, one we saw with the advent of cloud computing. Is cloud security important? Absolutely. Does that mean cloud environments are inherently insecure? Of course not. A similar principle is in play as containerization grows inside enterprise IT shops.

Containers have broad appeal because they allow users to easily package an application, and all its dependencies, into a single image that can be promoted from development, to test, and to production—without change. Containers make it easy to ensure consistency across environments and multiple deployment targets like physical servers, virtual machines (VMs), and private or public clouds. This helps teams more easily develop and manage the applications that deliver business value.

In relation to container security there are five points that need to be kept in mind. These are:
1. Container security is multi-level – Organisations need to think of container security as having ten layers which all starts with your container host. Just as a set of virtual machines is only as secure as the hypervisor those VMs are running on, your containers will be only as secure as their host. The container host needs to be properly secured using a combination of least access privilege, patching of vulnerabilities, and hardening of the system. An insecure host makes all the containers running on the host vulnerable to attack from the outside and from each other.
2. Limit dependencies to limit risk – As with most new technologies, you’ll want to understand your risks. Containers come with myriad benefits, but that doesn’t mean there are zero costs. By reusing services and loosely coupling them, your team may accelerate the delivery of a functioning product and it must also account for the attendant increase in complexity of interactions between components, critical contributors and maintainers of code and decreased visibility into the practices, pipelines, and parties delivering the services upon which your product depends.
3.Reassess existing security practices and tools – Pay particular attention to how process impacts the underlying technologies. The shift toward reusable, compartmentalized services and microservices necessitates a re-evaluation of one’s secure design practices. That’s because you’re effectively increasing the size of your surface area. Again, though, this shouldn’t be a fear factor; it just means you need to reevaluate your older security practices and tools. This reevaluation is one of the security advantages of moving to containers. Containers can actually be a forcing function to become more secure.
Your security reevaluation should include host, images, and processes, paying particular attention to how process impacts the underlying technologies.
4. Automation plays a security role – Make automation a key part of your container strategy to further strengthen security. Make sure that configuration is encoded in a declarative deployment and not reliant on manual processes. You really want automation, orchestration to help manage which containers should be deployed to which hosts; monitoring host capacity; container discovery – knowing which containers need to access each other; managing shared resources, and monitoring container health.
5. Containers help you react to emerging issues – Container adoption can actually be a catalyst for improved security overall, simply by forcing you to reevaluate your processes and tools. But there are other built-in upsides, too. Containerization can better protect against some existing threats and help you react quickly to emerging security issues. Most containers are stateless and replaceable, which makes it easy to roll out a newer version of the image across a deployment and improve your security posture quickly. They should also be immutable, in that they are replaced rather than changed.

Our container security presentation outlines what containers are, how they benefit an organisation and the steps you need to take to secure them.

To discuss how our specialist security experts can help your organisation with container security please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.

Contact Us