Strengthening Container security Initiatives

While the new world of IT offers a radically new way for businesses to innovate, it brings a new set of vulnerabilities due to lack of visibility, proper controls and security. And, with the vast amount of security breaches taking place today due to vulnerabilities in open source components, such as example Heartbleed, Shellshock, and Poodle, organisations are increasingly focusing on making the software they build more secure.

Addressing the constantly changing landscape of open source security threats can seem a never-ending process. As organisations increasingly turn to containers to improve application and agility, vendors have been plugging security holes while attempting to expand flexibility for container deployments.

[easy-tweet tweet=”Vendors have been plugging security holes while attempting to expand flexibility for container deployments” via=”no” usehashtags=”no”]

How container security currently works

Container providers’ main focus today is to use encryption to secure the code and software version running in Docker users’ software infrastructure to protect users from malicious backdoors in shared application images and other potential security threats. However, this method covers only one aspect of container security, excluding whether software stacks and application portfolios are free from unknown, exploitable versions of open source code.

Docker Content Trust only ensures Docker images contain the exact same bits that the developer originally put there, but does alert users of any vulnerabilities already present in the open source components. In fact, a current study by BanyanOps found that more than 30 percent of images in Docker Hub are highly susceptible to a variety of security attacks including Heatbleed and Shellshock.

Security Risk 1 – The new threats to old versions

Knowing that the container is free of vulnerabilities at the time of initial build and deployment is a necessary but insufficient requirement. New vulnerabilities that can easily impact older versions of open source components are being constantly discovered. An informed open source technology that provides selection and vigilance to users is essential to avoid this.

Security Risk 2 – Data sensitivity and container location

The security risk posed by a container also depends on the sensitivity of the data that’s being accessed by it, as well as the location in which the container is deployed.

The security risk posed by a container also depends on the sensitivity of the data that’s being accessed by it

Whether the container is deployed on the internal network behind a firewall or whether it’s internet facing will affect the level of security risk. Containers deployed on an internal network behind a firewall, for example, won’t be exposed to a publicly available attack. 

For this reason it is critical to be aware of where your open source software is located, whether the code exhibits security vulnerabilities and whether a sharp open source profile exists. In other words, having visibility of the code inside containers is critical to container security.

Will this slower down container adoption?

Analysts hold diverse opinions as to whether concerns over security will slow down container adoption.

Business necessity is likely to prevent container adoption from slowing down, as containers have proven to provide many benefits to businesses. These include improved scalability, fewer errors, faster time to market and simplified application management.

Dave Bartoletti, principal analyst at Forrester Research, believes security concerns won’t significantly slow container adoption: “With virtualisation, people deployed anyway, even when security and compliance hadn’t caught up yet, and I think we’ll see a lot of the same with Docker,”

Meanwhile, Adrian Sanabria, senior security analyst at 451 Research, believes enterprises will give containers a wide berth until security standards are identified and established. “The reality is that security is still a barrier today, and some companies won’t go near containers until there are certain standards in place”, he explains.

[easy-tweet tweet=”The presence of vulnerabilities in all types of software is inevitable says @bill_ledingham” user=”comparethecloud” usehashtags=”no”]

Whatever the case, what is clear is that security remains a concern as application container deployment ramps up. The presence of vulnerabilities in all types of software is inevitable, and open source is no exception. As security and other gaps in the container ecosystem are filled, organisations are best served to take advantage of the automated tools available to gain control over all their software infrastructure elements, including containers. Taking the lead in setting up a strong application security strategy is imperative to all business and one that they should proactively be seeking to deploy. 

+ posts


Related articles

Don’t lose sight of SAP on Cloud operational excellence

Digital transformation projects can often become complex with twists and turns, which can lead organisations to focus solely on the migration itself.

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

Here is how to stage a public cloud migration

As the relationships between CSPs and cloud providers are deepening, CSPs need to develop a clear strategy on how they add value to customer relationships.

The future of work is collaborative

As hybrid work models continue to gain traction, businesses will need to start implementing collaborative tools and processes to meet the needs and expectations of the upcoming workforce, seamlessly integrating them into existing workflows to enhance productivity and performance. Innovations in technology, including AI and machine learning, mean that organisations are in a better position than ever to shape the collaborative future of work – and with the right support in place, they can ensure that these digital tools continue to bring out the best in their workforce for years to come.


Please enter your comment!
Please enter your name here

Subscribe to our Newsletter