3 best practices for a well-secured container

Posted by: Tamara Dutina July 09, 2020

Category: Topic: Containerization

The importance of properly secured infrastructure seems to rise on a daily basis. Whether due to new business demands or the sophistication level of the potential menace, yet it seems cloud security may be the hot word of the year. 

And global influencers tend to confirm this. 

“Cloud security is a top enterprise IT priority as organizations modernize their critical business systems both in-place and in the cloud,” says Sunil Potti, VP of Google Cloud security. 

There is no cloud security expert who would argue with the above stated; it is for a fact that the fast pacing movement of the industry demands an adequate response. One of the questions imposing is, which direction do the biggest threats come from? 

The security risk for containers rises with the usage 

According to the Cloud Security Alliance, one of the places to look are the containers. Well, the increasing usage of them, to be precise. According to the CSA research, the boost in the usage of containers and orchestration tools such as Kubernetes poses a new threat to the safety of the application deployment process.  

“We have seen increased usage of containers in the last few years, and I don’t think 2020 will be any different. But I share concerns about container security,” says Mustafa Toroman, Azure Solutions Architect, Azure MVP and CyberSecurity aficionado

“It’s often the case with popular technology that security features aren’t developed as fast as the rest of the platform. We’ve seen the same thing with many IT trends. For example, look at DevOps. Many organizations accepted DevOps as a way to do business, but security is often overlooked, and only some organizations are introducing security as part of their process. The exact same thing is with containers. Managing containers is hard and we have multiple orchestrators available. But the focus of each orchestrator was scalability and simplicity, security was not in focus until now.” 

Put the safety in focus with container security best practices

Managing containers is complex, as Mustafa warned. As far as safety goes, the container security best practice checklist starts with the very beginning of the Docker creation. 

1. Secure the container ecosystem while building it 

Detecting a potential threat early in build pipeline will go a long way. This means designing the workflow in a manner that puts safety as a priority. Think about access control and whether everyone who has access to the kernel actually needs it. Think about running containers with a minimal set of permissions that is enough for the required tasks to be executed. 

Also, don’t forget about the app itself. Opt for RASP-oriented container tools which will protect the app and API in real-time by detecting potential issues in the code. When it comes to choosing these tools according to your needs and workload, you can always reach out to our DevOps engineers for a non-binding consultation. 

2. Bolster the host OS 

While sticking to the early stage of the container architecture, bear in mind that the right choices with OS design and segmentation help you rank higher in the security ladder. What do we mean? Well, a minimalistic, container-specific host operating system is created only for running containers. As opposed to the general-purpose one, container-specific OS is more resilient to threats as it helps reduce the potential attack surface. 

For additional in-depth protection, group the containers with the same purpose on the single host OS. This practice showed that it is easier to detect the threat and stop it from spreading to other groups. 

3. Scan the container content 

One of the most common container security challenges is the lowered visibility. As you are constantly adding images, often pulling from public resources, a potential threat may pass undetected. Another challenge is the fact that most development professionals – including experienced ones – lack a thorough understanding of the image content, which prevents them from spotting potentially incompliant or threatening ones. A right set of tools for auditing provides the ability to see inside the image layers and ensure that only compliant images are running.  

Still, feeling uncomfortable about your app and container security? Drop us an email for a free consultation with SuperAdmins experts.

Let's secure your containers

Our experts are at your disposal for a free consultation. Book today.

Start

Keep reading

Cloud Computing Trends to Keep an Eye on in 2021

15.12.2020

The year 2020 allowed for one of the most relevant milestones in the cloud computing industry. But this milestone wasn’t based on some big technological breakthrough. Instead, it was based on a paradigm shift within the public mindset.

read more

A developer’s handbook for security best practices

20.11.2020

One thing that you notice once you embark on the arcane ways of offensive InfoSec (a.k.a penetration testing/red team engagement) is that your success is the direct consequence of someone else’s error.

read more

The Benefits & Implementation of the DevSecOps (SecDevOps) Approach to SDLC

10.11.2020

The DevSecOps (SecDevOps) approach to software development is based on incorporating security in each and every stage of the cycle.

read more