Three-pronged Approach to Securing Containers

Container Security Best Practices

With more enterprises looking to make the switch from experimenting with containers to deploying them in production, container security looks set to become the next big talking point in the container landscape over the next few years.

2017 Cloud Foundry survey revealed that 25 percent of enterprises currently use containers in production, but as enterprises become more familiar with the technology, this figure will almost certainly rise over the coming months and years.

The appeal of containers is how they provide a way to quickly package applications with everything they need to run, providing consistency between development, testing, and production. Containers reduce conflict between developers, testers, and sysadmins, leading to agile software development.

Container Security

As with any running process, it’s important to secure containers throughout their life cycle. Container platforms typically come with ingrained security features that isolate containers, such as control groups and namespaces that limit the resources an application can access and what containers can see.  

However, when deploying containers in production, security takes on increased relevance, and merely relying on the default security features of popular container platforms is not enough. There is a need for a container security strategy that incorporates prudent best practices.

Container Security Best Practices

Some best practices for container security include:

Trusted Images

Images help build containerized applications, and developers have the option to download images from public and private registries, or build their own images. This makes building containers extremely flexible. It’s imperative, however, to always use trusted and verified images from official repositories because an enterprise can verify the legitimacy of such images. Digital signatures provide another layer of authenticity.

Vulnerability Assessment

Using trusted images doesn’t guarantee watertight security—images and containers pulled from official repositories can have vulnerabilities too. Therefore, enterprises must implement some type of container vulnerability assessment tool or platform as part of their IT risk mitigation strategy.

Run Containers On a Lightweight Host OS

Good container security involves taking steps to minimize security threats to the entire infrastructure, including the systems on which you host containerized apps. It’s good practice to use a lightweight host OS optimized for running containers.

The idea is that because containers interact with the host OS kernel, a lightweight OS minimizes the possible attack surface for compromised containers.

Integrate Automated Security Testing

It’s important to integrate automated security testing into the build/continuous integration process for containers, using tools such as static application security testing and real-time vulnerability scans.

For more container security best practices and resources, see container technology wiki.

Container Security and Threat Detection

Regardless of the efficacy of any vulnerability scanning tools and assessment strategies your company employs when building containers, there is still the risk of unforeseen bugs and vulnerabilities manifesting in the runtime. Real-time threat detection and appropriate responses become particularly important in production.

Existing tools such as SELinux are only useful at the individual service level, meaning they don’t scale very well because development teams need to create tailored security solutions with each new microservice. There’s a need for a scalable layer of defence that empowers the adoption of container technology in production while proactively dealing with threats.

How OpsGenie Can Help

Threat detection is only one side of the coin—incident response is just as important for dealing with container security threats in a timely manner, ensuring mission-critical apps continue to function, and important data remains safe.

Most monitoring tools notify administrators about application threats using emails. However, email is not enough for time-sensitive threats posed by compromised containers that need dealing with immediately. OpsGenie’s incident response orchestration platform integrates with threat detection tools and provides multi-channel communication to ensure the right people are notified about container threats so they can deal with these threats promptly.

Furthermore, OpsGenie provides alert escalations, meaning you can create rules that notify users in order until an alert is acknowledged. The ability to route alerts depending on the context further improves incident response by ensuring that alerts are sent to the right people, depending on the threat detected by container vulnerability scanning tools.

OpsGenie also classifies container incident alerts based on the threat level, helping to differentiate urgent alerts that pose severe threats to IT infrastructures from minor ones, all without having to carefully examine logs.

Sensitive information and data received while interacting with container security tools are carefully recorded and made available for further investigation, auditing, and compliance purposes. OpsGenie gives teams more visibility into their performance by providing key metrics like MTTR with its top-notch reporting features.

Lastly, OpsGenie apps can send rich alerts that give recipients more information and flexibility than typical incident response platforms, including enriched alert details, alert activity logs, and custom actions. Teams can use the OpsGenie apps to initiate appropriate threat responses directly from their mobile devices as well as chat applications like Slack and Stride.

Closing Thoughts

It’s vital for any organization that plans to use containers in production to implement a strategy that incorporates container security best practices. However, best practices are not enough. When the containers are live, container security should also utilize threat detection and incident response to quickly find and deal with unforeseen vulnerabilities and security threats that manifest in runtime.

This three-pronged approach that involves adhering to accepted best practices for securing containers, having a threat detection tool, and using a full-featured incident response orchestration platform helps to maximize container security.

If you are interested in discovering how OpsGenie can help you solve security incidents faster, we invite you to sign up for a free trial, or contact our technical teams using the chat bubble at the bottom right of our website.