This post was originally published here by gregg rodriguez.
The role of containers in cloud computing will continue to grow as new cloud-specific apps are developed–primarily because they are a faster path to better applications. As containers become an essential component of modern IT infrastructure, the importance of container security also becomes more critical.
Containers comprised about 19% of hybrid cloud production workloads in 2018, although by 2020, containers will make up one-third of hybrid cloud production workloads, according to ESG research.
In a nutshell, containers break up apps into smaller, more easily managed, and self-contained packages of code–bundled with the prerequisite software apps need to operate independently of the host server. You can also think of them as lightweight virtual machines with much leaner system requirements.
What are the benefits of using containers?
Containers are appealing because they provide:
- Cloud portability: Programmers don’t have to rewrite code for each new operating system and cloud platform.
- Common platform for application distribution: Give you the ability to distribute and isolate portions of the application
- Standard process: A standard way to develop and deploy services and microservices
- Consistency: The ability to provide consistency of platforms, which leads to improved portability.
- Improved Delivery: Make building and shipping applications dramatically easier and faster–on average a 7X improvement in how frequently you are able to ship software.
What are some of the security challenges of containers?
While containers provide a significant gain in productivity, agility, and efficiency for DevOps team, they can represent a new attack surface if security tooling isn’t updated to measure risk and compliance at their speed and scale.
- Limited Image Assurance: The ability to trust the container image throughout the software development process is critical. Ensuring the images are signed and originate from a trusted registry is an essential security best practice.
- Limited Visibility: New images are created constantly and added to the container environment, and the containers themselves are spun up and down periodically, making it more difficult to maintain comprehensive visibility and manage the growing inventory.
- Limited Security: The shared kernel architecture of containers requires you to provide security beyond the host, by maintaining standard configurations and container profiles.
- Automation not utilized: Security best practices are often not part of operational processes but instead an afterthought. Containers provide an opportunity to change this by enabling an environment where automation is the norm and security can become just another automation feed.
Cloudpassage Container Secure can help you automate container security and compliance by delivering:
- Continuous image assurance
- Comprehensive visibility
- Runtime configuration assessment and
- Container host security.
Download our solution brief to learn more.