3 best practices for a well-secured container

Posted by: Tamara Dutina July 09, 2020

Category: Topic: Containerization

The importance of properly secured infrastructure seems to rise on a daily basis. Whether due to new business demands or the sophistication level of the potential menace, yet it seems cloud security may be the hot word of the year. 

And global influencers tend to confirm this. 

“Cloud security is a top enterprise IT priority as organizations modernize their critical business systems both in-place and in the cloud,” says Sunil Potti, VP of Google Cloud security. 

There is no cloud security expert who would argue with the above stated; it is for a fact that the fast pacing movement of the industry demands an adequate response. One of the questions imposing is, which direction do the biggest threats come from? 

The security risk for containers rises with the usage 

According to the Cloud Security Alliance, one of the places to look are the containers. Well, the increasing usage of them, to be precise. According to the CSA research, the boost in the usage of containers and orchestration tools such as Kubernetes poses a new threat to the safety of the application deployment process.  

“We have seen increased usage of containers in the last few years, and I don’t think 2020 will be any different. But I share concerns about container security,” says Mustafa Toroman, Azure Solutions Architect, Azure MVP and CyberSecurity aficionado

“It’s often the case with popular technology that security features aren’t developed as fast as the rest of the platform. We’ve seen the same thing with many IT trends. For example, look at DevOps. Many organizations accepted DevOps as a way to do business, but security is often overlooked, and only some organizations are introducing security as part of their process. The exact same thing is with containers. Managing containers is hard and we have multiple orchestrators available. But the focus of each orchestrator was scalability and simplicity, security was not in focus until now.” 

Put the safety in focus with container security best practices

Managing containers is complex, as Mustafa warned. As far as safety goes, the container security best practice checklist starts with the very beginning of the Docker creation. 

1. Secure the container ecosystem while building it 

Detecting a potential threat early in build pipeline will go a long way. This means designing the workflow in a manner that puts safety as a priority. Think about access control and whether everyone who has access to the kernel actually needs it. Think about running containers with a minimal set of permissions that is enough for the required tasks to be executed. 

Also, don’t forget about the app itself. Opt for RASP-oriented container tools which will protect the app and API in real-time by detecting potential issues in the code. When it comes to choosing these tools according to your needs and workload, you can always reach out to our DevOps engineers for a non-binding consultation. 

2. Bolster the host OS 

While sticking to the early stage of the container architecture, bear in mind that the right choices with OS design and segmentation help you rank higher in the security ladder. What do we mean? Well, a minimalistic, container-specific host operating system is created only for running containers. As opposed to the general-purpose one, container-specific OS is more resilient to threats as it helps reduce the potential attack surface. 

For additional in-depth protection, group the containers with the same purpose on the single host OS. This practice showed that it is easier to detect the threat and stop it from spreading to other groups. 

3. Scan the container content 

One of the most common container security challenges is the lowered visibility. As you are constantly adding images, often pulling from public resources, a potential threat may pass undetected. Another challenge is the fact that most development professionals – including experienced ones – lack a thorough understanding of the image content, which prevents them from spotting potentially incompliant or threatening ones. A right set of tools for auditing provides the ability to see inside the image layers and ensure that only compliant images are running.  

Still, feeling uncomfortable about your app and container security? Drop us an email for a free consultation with SuperAdmins experts.

Let's secure your containers

Our experts are at your disposal for a free consultation. Book today.

Start

Keep reading

see all posts

How to Migrate Your Application from Monolith to Microservices

23.09.2021

According to a 2020 O’Reilly report on microservices adoption, 77% of businesses have already adopted microservices, while 92% of them state they are experiencing success after migrating monolith to microservices. The trend to en-masse start using microservices application architecture comes as no surprise considering the multiple benefits that the microservices architecture provides, including: Improved resilience […]

read more

What is Cloud Bursting and Does Your Business Need it?

09.09.2021

Back in 2014, NASA launched a satellite called OCO-2 (Orbiting Carbon Observatory 2) to gain more insight into the Earth’s carbon uptake. Two years later, they had petabytes of gathered data that needed to be processed which would have taken over 3 months and cost about $200,000 if they had used on-premise data centers for […]

read more

How Managed Cloud & Open Source Solutions Fuel Business Growth

29.07.2021

With the modern business landscape becoming more and more saturated and competitive in recent years, companies worldwide face an ongoing challenge of emerging through the noise and initiating growth. The resources are often suboptimal, which can make the process of developing a cost-effective and sustainable business strategy an insurmountable problem for many companies.  Luckily, with […]

read more