Are your developers leaving you vulnerable?
Containers offer undisputed benefits to application developers and have become a major component in the dev toolbox over the last few years – especially in cloud computing.
Given the portability benefits they offer, enabling the movement of applications from cloud to cloud, the use of container platforms such as Docker has grown exponentially. In fact, 451 Research recently predicted that the market will hit $2.7bn by 2020. But despite this growth, some experts fear we don’t fully understand the security implications.
So how secure are they? “The challenge from a security perspective is that because we’ve now got a single operating system supporting a bunch of containers, we end up with a single point of failure.” says Simon Leech, Chief Technologist, Security of Hybrid IT at Hewlett Packard Enterprise.
Trust in Containers
Docker has addressed some of the security fears by introducing Docker Notary, a tool that allows developers to digitally sign their containers so any users of the Docker image can verify the origin and integrity of the content. However, some aren’t convinced this is a solution to possible breaches. “All we’re doing with Notary is checking the origin on the container itself” continues Leech. “There’s always still the possibility that a container image is not secure if the person or group of people hasn’t thought about the security of the container, or patched any security vulnerabilities”
So what can enterprises and developers do to offset the risk from containers? Keeping the host OS up to date with patches and thinking about container vulnerability management are two things to consider, but so is the approach to network security.
“Traditional approaches to network security aren’t necessarily going to carry over into a container environment” Simon Leech concludes “multiple containers could potentially be talking to one another within a single host operating system, so we need to look at ways of providing network control within a container host OS.”
Listen to the full podcast below