What do successful Kubernetes migration projects have in common? A clear strategy, a strong culture, and the proper resources to execute the plan. Check out this expert advice
Container security fundamentals: 5 things to know
Can you articulate the core facts about container security – even to skeptics inside your organization? Here are 5 key points
4. Automation plays a security role
Make automation a key part of your container strategy to further strengthen security: “Make sure that configuration is encoded in a declarative deployment and not reliant on manual processes,” Bellavance advises.
Orchestration tools like Kubernetes not only help you manage container deployments at scale, but they also manage related security tasks. As Red Hat's Newcomer shared in a related podcast, “You really want automation, orchestration to help manage which containers should be deployed to which hosts; monitoring host capacity; container discovery – knowing which containers need to access each other; managing shared resources, and monitoring container health.”
Shaun Lamb, security architect at SAS, notes that some new tools may be necessary as part of your container security strategy.
“We have found that the transition to containerized architectures warranted a reevaluation of our application security testing strategy and close inspection of current security tools to see if they were able to sufficiently analyze running containers,” Lamb says, adding that practices and tools such as static analysis and interactive application security testing (IAST) may be particularly useful in environments running containerized microservices.
Finally, Bellavance reminds other IT leaders not to overlook logging and auditing:
“Make sure all operations and actions are logged and auditable,” he says. “When something invariably goes wrong, your InfoSec team will appreciate that they can trace back what happened to determine a root cause, and provide appropriate mitigation.”
5. Containers help you react to emerging issues
As SumoLogic’s Gerchow noted, container adoption can actually be a catalyst for improved security overall, simply by forcing you to reevaluate your processes and tools. But there are other built-in upsides, too. Containerization can better protect against some existing threats and help you react quickly to emerging security issues.
“The good news is that most containers are stateless and replaceable, which makes it easy to roll out a newer version of the image across a deployment and improve your security posture quickly,” Bellavance says. They should also be immutable, in that they are replaced rather than changed.
Gerchow cites “the beauty of immutable images being deployed rapidly when new vulnerabilities hit the wire” as an upside for security in containerized environments, something other experts point to as well.
As with any significant change or innovation, there’s work involved in realizing these benefits – but they’re worth it for an increasing number of organizations.
“Properly automated to ensure documentation in-line with configuration, properly audited to ensure integrity of the software pipeline, and properly designed to ensure defense in depth... containerization represents a powerful and efficient design paradigm,” Emerson says.
[ Kubernetes terminology, demystified: Get our Kubernetes glossary cheat sheet for IT and business leaders. ]