Realising the impact of unsecured container deployments: A guide

A recently published report by StackRox on the state of containers and Kubernetes security has revealed the statistics related to security concerns in data centres with containerised workloads. 94% of respondents out of 540 IT and security professionals who participated in the survey had experienced security incidents in the last 12 months. Misconfigurations and human errors were the primary issues which came out of the survey.

As a result, enterprises who have already deployed, or are in the process to deploy containers, are impacted by lacking security in hosting applications with containers. This has a subtle impact on the overall process of adoption of containers into the data centre modernisation strategy of many enterprises.

Impact on deployments

A recent CNCF survey found that security is already one of the top roadblocks in using/deploying containers.

Further, in the StackRox survey is it seen that 44% of respondents have slowed down application deployment into production due to the container or Kubernetes concerns. This data shows container adoption and deployments have been already impacted and further new security issues will halt the progress.

Investment in security strategies

Security incidents and vulnerabilities found in Kubernetes have made enterprises think about re-strategising their container deployment process. Earlier, while adopting and implementing containers, enterprises had less emphasis on security aspects and that leads to lower CAPEX. Now, with the insights which came out of the StackRox and CNCF surveys, the importance of security integration has been realised.

Due to a wide range of use cases of containers to boost digital innovation, enterprises will take actionable steps to harden containerised workloads. One will be to go for containers or Kubernetes security platforms or use managed solutions or services for containers. It will help them to automate management of containers and Kubernetes clusters to stay secure and updated.

Security skills

Kubernetes and containers are open source and comparatively new technologies that are evolving with time. But the huge acceptance of containers has resulted in realisations in terms of security glitches that have occurred due to lack of knowledge and skills to follow security practices.

The main highlight of the StackRox report is that most security glitches only happen due to misconfiguration. To tackle this, enterprises will look to hire highly-skilled engineers, train their existing resources and mandate them to follow best practices for container security. Kubernetes is a leading orchestration platform and it is considered that containers will be managed with it only. Resources having Kubernetes expertise with secure cluster deployments and management will also be on top of the list for hiring.

DevSecOps

Puppet’s recent 2019 State of DevOps Report threw light on the importance of integrating security in the software delivery lifecycle. It is suggested in the report that organisations adopting DevOps should prioritise security in a delivery cycle of software services. It is also found that the container environment will be less impacted if security practices are followed while developing and deploying applications and tools are integrated to handle testing and security incidents.

As more automation will involve in configuration and management of containers, there will be fewer changes for misconfigurations and human errors. Enterprises will look to amalgamate DevOps methodologies with security teams and developers to make sure containers will not suffer from security breaches.

Zero Trust in container networks

The authorisation of access by different levels of users is key to secure any data centre environment. For containers, orchestration platforms like Kubernetes offer modules like Role-Based Access Control (RBAC), PodSecurityPolicy and authentication mechanisms to strengthen cluster and pod access. Moving further from this, Zero Trust network overlays will begin to implement within Kubernetes clusters that are hosting a vast number of microservices.

The use of service mesh technologies like Istio and LinkedD is one of the movements to use the Zero Trust network overlay. Usage service meshes will be increased to get better visibility, control on networking and encryption of data between microservices.

Conclusion

The adoption of containers and Kubernetes has resulted in bringing agility in digital transformation progress. Security concerns are a proven roadblock; however, various containers and Kubernetes security measures can be implemented with existing mechanisms, best practices and managed solutions.

Editor’s note: Find out more about container security and Kubernetes security best practice here.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.