Mon, Jul 25, 2022
Companies are introducing new apps and services to enable remote work, improve supply chains and handle disruptions caused by the pandemic. Our digital-first world thrives on speed and efficiency, and containers play a huge part in getting applications up and running quickly.
Though containers offer many advantages over traditional virtualization, they also introduce significant security risks. Without a container security strategy to mitigate risk, companies can experience the exact problems they are trying to avoid. A breach from a cyberattack will interfere with operations, impact revenue and hurt the bottom line.
Following container security best practices enables chief information security officers (CISOs) and their security teams to get the greatest benefits out of containerization while minimizing the risks that come with it.
IT departments are embracing containers for several reasons. Containers are smaller, faster and more portable than virtual machines—requiring fewer system resources, taking up less physical space on the server and starting in just seconds rather than the minutes virtual machines (VMs) require to boot up. Containers with various applications can run on the same server without conflicts, again saving resources and reducing need for IT hardware.
Containers are by design “cloud-enabled,” and therefore easy to move on or off premises and run apps on private, public or multi-cloud platforms. These features result in increased agility and efficiency in developing and deploying apps, which enable companies to create and deliver new products and applications to their customers faster and at lower costs than ever before. Containerization has become a key to modern, cloud-based IT strategies that drive innovation and create a substantial competitive advantage.
What Are the Top Container Security Risks?
IT managers are worried about container security for good reason. In a 2022 survey of 300 DevOps, engineering and security professionals, 93% of respondents said they experienced at least one security incident in their Kubernetes environments in the last 12 months, with the incident sometimes leading to revenue or customer loss.
Their very agility and portability create container security vulnerabilities, specifically:
Misconfigurations are of the greatest concern to IT professionals. The report highlights that 46% of respondents worry the most about exposures due to misconfigurations in their container and Kubernetes environments—nearly three times the level of concern over attacks.
In one example, criminals breached improperly configured Docker containers. IT had failed to password-protect their management API ports. The hackers installed crypto-mining software and stole Amazon Web Services server credentials. This instance illustrates not only the problem of misconfiguration, but also the failure to effectively isolate containers. Although platforms like Kubernetes offer network segmentation features, IT does not always use them. The result? The entire IT infrastructure of a business is put at risk.
In addition, established enterprises in the midst of digital transformations may try to containerize decades-old legacy applications, many of which were designed before the cloud existed and some of which still run on mainframes. These can be mission-critical, revenue-producing systems, so transitioning them to containers carries an especially high security risk. There may be architectural patterns that are not cloud-friendly. There could also be a lack of institutional knowledge about how the applications work because they were designed so long ago.
A sound container security strategy should cover the entire container life cycle, including development, operations, testing and security in a fast, iterative and continuous integration and development pipeline.
Given how fast containers and the cloud operate, DevOps and security teams must come together to introduce security as early as possible. Container security should ensure sourcing known trusted images, managing access, integrating regular security and penetration testing and continuously protecting the underlying infrastructure.
10 Key Features of an Effective Container Security Strategy
While instituting an effective containerization security strategy is crucial, CISOs may need to “sell” security to the C-Suite. CISOs should emphasize to their CEOs and boards of directors the importance of IT security—including containerization security as the company speeds up its digital transformation. They should highlight the cost of a breach in money, time and reputational damage. IBM Security estimated the average cost of a security breach in 2021 at 4.24 million, the highest average total cost in the 17-year history of the report. Numbers like that will help CISOs get more attention to, and more budget for, containerization security.
If you’re interested in learning more about operating smoothly in the cloud or would like to speak to an advisor about your containerization strategy, you can learn more or schedule a meeting here.
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Proactively identify your highest-risk exposures and address key gaps in your security posture. As the No. 1 Incident Response provider, Kroll leverages frontline intelligence from 3000+ IR cases a year with adversary intel from deep and dark web sources to discover unknown exposures and validate defenses.