A Brief Guide to Container Security

by | Feb 22, 2019 | Data Center security

Containers are a convenient way of deploying IT applications locally or in the cloud. A container is a self-contained environment that includes everything an application needs to run in one package. This makes it easy to transfer applications between environments and makes them completely self-sufficient. Despite their self-sufficiency, it’s still important to have robust security around containers — let’s explore what that means.

Security when You’re Building Containers

Containers rely on the concept of image files, called “Container Images.” These images provide the necessary application, configuration, and other information necessary for a container to run properly. Developers build on original, “base” container images to provide customized container applications.

Create Base Container Images from a Trusted Source

Because they will be used for forming your original container image and any derivatives, it’s vital to acquire your base container image file from a trusted source. Make sure that the application and environment you use for your base container image is digitally signed, scanned, and checked to ensure it is authentic and free of anything that could compromise security.

Keep All Container Images up to Date and Patch as Needed

If you identify potential vulnerabilities or flaws in container images, make sure you go back and patch those flaws before creating new images. Keep container image files updated with maintenance patches and fixes from vendors for both the applications themselves and their runtime environments.

Track and Verify Changes to Container Images

Once you have a known, good container image, get robust version control and security protocols in place to manage the creation, deployment, and use of original and derived container images. Establish role-based controls for the users and teams that have the authority to create, deploy, amend, and manage container files.

Add Metadata to Containers for Identification Purposes

You can attach metadata to container images to provide an audit trail and history of changes made to specific containers. This can include details like configuration, version control, patches, vulnerability assessments, creators, users, and more. You can store this metadata, together with containers and their variables within a private registry for easier tracking and control.

Manage Containers in the Live Environment

When you spin up containers into a cloud or local environment you should use the same security policies and protocols as for any other sensitive application or data. You can implement vulnerability scanning, penetration testing, and monitoring to identify potential flaws or alert you to intruders or other bad actors. Use the self-contained nature of these assets to isolate them from the rest of your operating system, and enhance security through the whole environment.
If you need advice on containers and how to secure them, just get in touch. We’re experts at helping you deploy applications across the cloud environment and securing you against external attacks.