With so much interest in DevOps and continuous integration and delivery, containers are a natural fit. However, security is a sticking point. Security professionals are expressing concern about the security of technology containers, beloved for their flexibility and agility, now being implemented en masse across enterprises.
That's the takeaway from a recent survey of 311 IT security professionals published by Tripwire. "As DevOps continues to drive increased use of containers, security teams are struggling to secure these new assets and processes," the report's authors state. As many as 94 percent are concerned about container security, and 60 percent report they have had container security incidents in the past year. Another 47 percent have vulnerable containers in production. Another 46 percent simply don't know if they do.
Looking forward, 71 percent expect they will see container-related security incidents at their enterprises over the coming year. At least 42 percent say they even have attempted to put the kibosh on container projects over the past year in an effort to reduce security exposures.
Here are steps and solutions security pros want to see for locking down containers:
Incident detection and response for containers and infrastructure 52%
Isolate containers that behave abnormally 49%
More security-focused monitoring of container infrastructure 48%
Greater visibility into container risk 48%
Monitor containers for drift or behavior changes 45%
Attack-blocking technologies for containers 45%
Artificial intelligence security analytics for containers 40%
We don't want anything special for container security 2%
So, why are containers such much more vulnerable than standard applications or services of the past? For more perspective on this, we turned to the folks at Synopsys, who recently published a guidebook devoted to the topic. The book's authors see three main areas of risk: These include container isolation, considered less secure than virtual machines as "they share elements of the host operating system"; runtime complexities; and a need for more vulnerability management, as "each layer in a container image is an attack surface that can harbor software vulnerabilities."
The Synopsys authors provide four considerations in better securing containers:
Conduct manual reviews: At the outset, as enterprises begin to experiment with containers, manual audits via spreadsheets and manual testing is okay, the Synopsys guide suggests. As things scale, however, security processes and solutions should scale as well.
Run containers on virtual machines. "Some organizations run containerized applications on VMs to isolate their containers using hypervisors," the Synopsys authors state. "They do so to prevent attackers from moving laterally within the application stack to access data belonging to other applications. While this strategy can limit the severity of an attack, it will not prevent the attack from happening in the first place."
Employ container runtime security. "By monitoring network calls to the host and attempts to log into containers, these solutions build behavioral models of every application in an environment," the authors state. "Whenever runtime security solutions detect that a container has been asked to perform an unexpected function, they can block the action and notify IT teams. Runtime security is an important element of a container security strategy, acting as a last line of defense against malicious actors. However, this approach is reactive rather than proactive."
Enact vulnerability management. "In contrast to runtime security, vulnerability management is a proactive stance to container security-empowering teams to remove vulnerabilities and prevent attacks before they happen, rather than responding to them. To secure their containers, organizations must know what they contain. After all, it's not possible to patch something if you don't know it exists."