Containers are moving from being exotic and experimental IT technologies and into production environments with mainstream use cases -- but how can corporations create secure applications for these ephemeral IT environments?
Virtual IT technologies call for new approaches to security. Startup Aqua Security, founded by veterans from Intel Security, CA Technologies and Imperva, says it has an integrated solution.
It has developed a platform that secures the entire process of building and running virtual container applications. It recently announced a $9m funding round led by Microsoft.
I recently spoke with Dror Davidoff, CEO of Aqua Security. Here are my main take-aways:
- Containers are still very new and we don't know all the security risks. It is especially challenging because IT workloads are temporary and you need to have great audit technologies.
- Aqua recently analyzed the impact on containers of a Linux vulnerability called "Dirty Cow."
- Davidoff says it's important to build security into the application as it is being developed. It leads to a much more secure application. The tools enable developers to maintain security through the development to delivery, and also maintain all regulatory compliance.
- Because the platform maintains the security, the developers are free to concentrate on the application and not worry about new security issues or compliance.
- The Aqua Container Security Platform works with Docker and Windows containers, on premises, or on Azure, AWS and Google cloud services.
- We are believers in the future of containers we see them being deployed in production environments. Containers are part of the DevOps process and our software works to automate security as part of that process, while maintaining tight governance at every phase of the application development and deployment.
- Aqua provides runtime container protection; continuous image assurance; CIS Benchmark enforcement; fine-grain access controls; granular level event logging and default security profiles.
- It uses behavioral analysis and machine learning to understand container behavior in runtime, whitelist legitimate activity and alert on or prevent any anomalous behavior.
-Aqua's security search teams additionally provide the latest defenses against specific attack vectors, that can be prevented with no false positives. Examples include fork bombs (a type of DoS attack on the host), port scanning, and connecting to suspicious IP addresses.
- Containers are spreading in use especially in financial services. The advantage is faster delivery of applications and cost effective, large scale deployments.
- Davidoff says that historically security has always been an afterthought of application delivery, but the rise of DevOps provides an opportunity to automating security into the development lifecycle and bake security into container-based applications from the very beginning, instead of bolting it on after the fact, as has been the case with many legacy apps.
Foremski's Take: Davidoff believes container use is poised to explode. But it will likely take some time for hacker gangs to target container-based apps since there are so many easy targets around.
With finance apps the largest users of containers, it won't be long before the criminals come to where the money is.
The costs of IT security are becoming a significant tax on business. Aqua is taking the right approach by focusing on security as the apps are developed. If this approach is accepted by the DevOps community, it could potentially reduce those high costs as new apps replace the vulnerable legacy apps.