Container security fundamentals: 5 things to know

Container security fundamentals: 5 things to know

Can you articulate the core facts about container security – even to skeptics inside your organization? Here are 5 key points

up
473 readers like this, including you
CIO Containers Ecosystem

4. Automation plays a security role

Make automation a key part of your container strategy to further strengthen security: “Make sure that configuration is encoded in a declarative deployment and not reliant on manual processes,” Bellavance advises.

Orchestration tools like Kubernetes not only help you manage container deployments at scale, but they also manage related security tasks. As Red Hat's Newcomer shared in a related podcast, “You really want automation, orchestration to help manage which containers should be deployed to which hosts; monitoring host capacity; container discovery – knowing which containers need to access each other; managing shared resources, and monitoring container health.”

Shaun Lamb, security architect at SAS, notes that some new tools may be necessary as part of your container security strategy. 

“Make sure all operations and actions are logged and auditable.”

“We have found that the transition to containerized architectures warranted a reevaluation of our application security testing strategy and close inspection of current security tools to see if they were able to sufficiently analyze running containers,” Lamb says, adding that practices and tools such as static analysis and interactive application security testing (IAST) may be particularly useful in environments running containerized microservices.

Finally, Bellavance reminds other IT leaders not to overlook logging and auditing:

“Make sure all operations and actions are logged and auditable,” he says. “When something invariably goes wrong, your InfoSec team will appreciate that they can trace back what happened to determine a root cause, and provide appropriate mitigation.”

5. Containers help you react to emerging issues

As SumoLogic’s Gerchow noted, container adoption can actually be a catalyst for improved security overall, simply by forcing you to reevaluate your processes and tools. But there are other built-in upsides, too. Containerization can better protect against some existing threats and help you react quickly to emerging security issues.

“The good news is that most containers are stateless and replaceable, which makes it easy to roll out a newer version of the image across a deployment and improve your security posture quickly,” Bellavance says. They should also be immutable, in that they are replaced rather than changed.

Gerchow cites “the beauty of immutable images being deployed rapidly when new vulnerabilities hit the wire” as an upside for security in containerized environments, something other experts point to as well.

As with any significant change or innovation, there’s work involved in realizing these benefits – but they’re worth it for an increasing number of organizations.

“Properly automated to ensure documentation in-line with configuration, properly audited to ensure integrity of the software pipeline, and properly designed to ensure defense in depth... containerization represents a powerful and efficient design paradigm,” Emerson says.

[ Kubernetes terminology, demystified: Get our Kubernetes glossary cheat sheet for IT and business leaders. ]

Pages

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Kevin Casey
May 27, 2020

What do successful Kubernetes migration projects have in common? A clear strategy, a strong culture, and the proper resources to execute the plan. Check out this expert advice

Submitted By Rick Huff
May 27, 2020

Rick Huff started as CIO at Paycor on March 9, 2020 – just in time to get a front row seat to a pandemic. Here's what he learned about handling a crisis in real time.

Submitted By Jaeson Paul
May 27, 2020

Leaders don't get the insight they need by simply asking for it: In fact, you may be derailing discussions before they start. Here's how to encourage honest feedback – and how to respond.

x

Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.