From month to month or even week to week, more organizations are developing with containers. The concept of containers isn’t all that new, but the dramatic rise in adoption of container technologies and the support from major tech vendors and platforms has helped containers become mainstream quickly. As with most emerging technologies, now that containers are hot there is a greater focus on some of the security issues of containers. So DevOps.com worked with leading vendors to address that issue.

A new report from DevOps.com, sponsored by Aqua Security and Microsoft, examines the weaknesses of containers and that the security concerns introduced by using containers, and provides a look at some of the approaches to addressing those issues. “Containers: Security Challenges and How to Address Them” contains insights from DevOps and containers experts to help you understand the challenges and how to solve them.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

The report explains, “There is a general lack of awareness of existing container security concerns and best practices. Organizations need to understand the security issues that arise due to the differences in how VMs and containers function. Enterprises need to prepare for the glut of additional files that need protection with containers and the unwieldy nature of third-party libraries that containers use. Businesses also must consider configuration mistakes including those that grant root status to containers or simply make containers overly complex. Most importantly, organizations that adopt containers need to accept responsibility for security them, and should expect to keep tabs on new container vulnerabilities as the industry discovers them.”

“Containers add a layer of obscurity that reduces visibility,” warns Amir Jerbi, CTO of Aqua Security. “You have an operating system running a container engine, which in turn runs containers. The OS is not aware what containers are running—it only sees the container engine. The container engine knows what containers are running, but has no clue what the containers are actually doing. So, if you’re running a host-based security tool to monitor the OS, you will not see what containers are running and what they’re doing.”

Thankfully, there are solutions and best practices you can employ. The report describes how to use a combination of preventive measures, active detection and active response to protect container environments. It also covers some of the approaches to creating a more secure container in the first place using concepts such as isolating the containers with virtualization, as Microsoft does with Hyper-V Containers.

“What’s really important about Hyper-V Containers is that rather than trying to close existing holes, now we can implement a solution that is secure by default and already meets compliance requirements,” explains Taylor Brown, principal lead program manager at Microsoft.

You can download the free report from DevOps.com by clicking here: “Containers: Security Challenges and How to Address Them.”

— Tony Bradley