Containers and Kubernetes are table stakes for multi-cloud app development, and they're also among the least protected of any areas of software supply chains.
Kubernetes commands 92% of the container orchestration platform market, despite DevOps teams seeing it as a less secure container platform to use.
Many DevOps organizations overlook setting readOnlyRootFilesystem to true, which leaves their containers vulnerable to attack and unauthorized executables being written.
Containers are the fastest growing - and weakest link - in software supply chains.
In five years, 35% of all enterprise applications will run in containers, and more than 80% of commercial off-the-shelf vendors will offer their software in container format, up from less than 30% last year.
Containers are among the weakest links in software supply chains, however.
From misconfigured cloud, container, and network configurations to confusion over who owns container security over the lifecycle of a project, organizations are struggling to get container security under control.
Attackers are capitalizing on the disconnects by exploiting growing vulnerabilities in container images, runtimes, API interfaces and container registries.
Unsecured containers with light identity security, if any at all, are a goldmine for insider attackers, too.
From image vulnerabilities to insecure container runtime configurations and vulnerabilities in runtime software, containers often fail due to weak or inconsistent configuration.
There is no single solution on the market that solves all these challenges; it takes change management in DevOps, DevSecOps and software engineering to help improve container security.
A good place to start is with NIST's Application Container Security Guide.
It provides an in-depth assessment of the potential risks related to containers and provides practical recommendations for reducing their risks.
Define an affordable, workable roadmap of security tools purpose-built to protect containers if one is not already in place.
Any workflow aimed at securing containers needs to include periodic vulnerability scans of container images and registries.
The goal of these scans is to identify security risks and prevent the deployment of vulnerable containers.
Getting secrets management right is a core area of keeping containers safe.
Isolate containers based on how sensitive and confidential the data is.
Go all in on securing workloads through segmentation that can adapt and flex to how quickly changing container and Kubernetes workflows can be.
Identifying where network integration points could fail or be compromised by attackers is why taking the additional steps to secure containers is needed.
This Cyber News was published on venturebeat.com. Publication date: Mon, 29 Jan 2024 22:43:04 +0000