With cybercrime on the rise, companies need to take all possible steps to protect their data and company information. It is in your interest to follow data security best practices and not to forget the basics. Whether it is data encryption mobile apps, security testing, or container security in enterprise application development, many solutions are available to keep your sensitive information safe and secure. However, container security may be an unfamiliar term.
Container security – a brief definition
A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. The protection of the integrity of containers is known as container security, and it includes everything from the infrastructure they rely on to the applications they hold. Container security should be integrated and continuous.
According to Red Hat, continuous container security for an enterprise-level business does the following:
- Secures the container pipeline as well as the application.
- Secures the container deployment environment and infrastructure.
- Integrates with enterprise security tools that help in meeting or improving the existing security infrastructure and policies.
Says Red Hat: “Containers are popular because they make it easy to build, package, and promote an application or service, and all its dependencies, throughout its entire lifecycle and across different environments and deployment targets.”
Containerization is a process of operating system virtualization that lets you run an application and its dependencies in resource isolated processes. Containers help you to conveniently package an application’s code, configurations and other dependencies into easy-to-use building blocks that deliver operational efficiency, environmental consistency, version control and developer productivity.
Containers allow the applications to deploy reliably, quickly and consistently irrespective of the deployment environment – which helps improve security and speed. Containers also provide granular control over resources – which boosts your security infrastructure and increases your efficiency.
How does container security work?
An ever-increasing number of organizations are adopting cloud-native software technologies. Native cloud is a method that packages software within containers, arranges these units into microservices to form applications, and makes sure that running applications are automated for more speed, greater agility and higher scalability.
Since this technology fundamentally changes the way software is built, deployed and run, it also changes how the software needs to be protected. For security professionals, cloud-native applications and infrastructure poses several challenges, and they need to develop security programs that support their organization’s use of cloud container technologies.
So, let us learn how containers and microservices change security and the best practices that security teams should adopt. Writing for InfoWorld, Wei Lien Dang – vice president of container lifecycle security platform StackRox – shares his insights on some of the challenges:
- Traditional security infrastructure does not have container visibility.
- Attack surfaces change constantly and rapidly.
- Continuous monitoring is required of fast-moving data for indicators of an attack, compromise and unauthorized access.
- Detection, prevention and response should be automated for optimum protection.
The entire lifecycle of cloud-native applications can be divided into two parts – the build and deploy phase and the run-time phase.
Container security in the build and deploy phase
This phase primarily focuses on applying checks and balances to developer workflows and continuous integration and deployment pipelines to alleviate the risk of security issues that crop up after containers are launched.
According to Dang, following guidelines and best practices can be incorporated in this phase:
- Keep images as small as possible.
- Scan images for known issues.
- Digitally sign images.
- Harden and restrict access to the host OS.
- Specify application-level segmentation policies.
- Protect secrets to be used by containers.
Most of the container platforms and tools offer some or all of these capabilities. The best way to get robust security during the build and deploy phase is to opt for any one of the container platform company.
What can we expect of container security in the future?
To look at the state of container security and what to expect in the future, let us look at what Kris Raney from Ixia Solutions Group, Keysight Technologies, has to say in his interview with Doug Atkinson of Solutions Review. Regarding emerging threats, Rainey said:
“One thing I expect to see is published, compromised container images. Effectively a trojan horse. This could be a deliberate act or just an honest mistake. But it’ll definitely happen from time to time.
“The second thing I expect is techniques to weaponize innocent containers. An example of the concept is a DNS-based DDoS. You spoof a very small request to a bunch of DNS servers, and each one responds with a very large response to the victim address you spoofed as. The DNS server becomes an unwitting party in the attack. The same concept applies to microservices. ‘If I make this request to the service, it causes it to spam the database.’
“It’s a specific case of a general class of threat I call ‘illegitimate uses of legitimate channels.’ Superficially, the request comes in looking like any other, so you can’t block it at a firewall or based on some generic rule. But hidden within it is a malicious intent, and that’s only revealed by behavior. Quite possibly, it’s only apparent by looking at behavior holistically across many services. The DNS-based DDoS case is an example of this, one spoofed request to one DNS server isn’t noticeable and really isn’t a concern. Thousands of the same request distributed across thousands of servers makes a DDoS.”
Ultimately, says Raney, “The content of the container and the behavior of the container are two vital attributes of the container related to security that falls squarely in the responsibility of the user.”