Virtualization Technology News and Information
Lacework 2019 Predictions: New (and Much Needed) Emphasis on Container Security in 2019

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Dan Hubbard, Chief Product Officer at Lacework

New (and Much Needed) Emphasis on Container Security in 2019

Application developers and IT architects might look back on 2018 as the year of the container. Evidence indicates that containers enjoyed widespread adoption and a generated a rabid following among IT teams over this past year, which is great news for development teams. Like any technology that blazes a fast and furious path towards adoption, however, container usage has grown without adequate attention to security concerns. To enable containers as a critical aspect of enterprise applications and workloads, container security is going to be among the most important technology priorities in 2019.

The popularity of containers will undoubtedly accelerate. A recent study of 600+ IT decision-makers done by ClearPath Strategies has indicates that, "containers have crossed the chasm." The report found that container adoption is exceeding adoption of DevOps for organizations that want to develop new applications or repurpose legacy ones. To note, 25% of those respondents plan to adopt or evaluate containers in the coming months, while only 17% are planning to adopt or evaluate DevOps processes.

There are a number of reasons for this rapid shift to container adoption. Among the most prevalent is the massive cost savings that enterprises can realize, as containers can displace virtual machines which are typically tied to high licensing fees and contractual obligations. Containers also facilitate the speed with which development teams want to operate. They're relatively easy to set up and use within an environment, and because containers are open source, users aren't beholden to contractual obligations, nor expensive licensing fees.

But we've seen this all too frequently; speed is good for business, but bad for security. Development teams are deploying new code regularly which keeps products innovative and current. Yet, security isn't given the attention it needs and containers can easily fall victim to loose security management.

We're even seeing a rise of attacks through unsecured container administrative consoles. Open source packages used to deploy and manage large numbers of cloud-based applications and resources operate far too often with loose accessibility and without even the most basic security controls.

The big question for container users, then, is how they are going to address threats and risk while they continue to employ fast, agile container-based strategies. We are going to see smart enterprises build containers into their overall security posture and ensure they are using the right processes and tools for rapid development while adhering to rigorous security principles. That last part will be key - "...while adhering to rigorous security principles." In 2019, we can expect that to become gospel for companies who really "get it" in terms of effective container strategies. They will realize that there's no such thing as fast development without security.

We can expect to see security and development teams get serious about how they apply a new security discipline. These organizations will, among other things, take these steps to improve their security posture with regard to containers:

  1. Restrict infrastructure network access as much as possible.
  2. Minimize attack surfaces on hosts by only deploying core functionality needed for your applications (e.g. CoreOS).
  3. Enable host security features when viable such as access control, system call restriction, resource restrictions, and mounting read-only devices.
  4. Develop a strong orchestrator security policy (e.g. not running privileged containers).
  5. Use role based access controls for containers.
  6. Reduce attack surface in application code by only using code that is needed.
  7. Pull images only from trusted resources.
  8. Drive towards least privileges for access to resources.


About the Author


Dan Hubbard is Chief Product Officer at Lacework responsible for driving the company's product and security strategy for public and private clouds and security research. A pioneering force in Internet security, Dan's expertise spans from reputation and advanced classification systems to large-scale security data mining, and cloud security. Prior to Lacework, Dan was CTO at OpenDNS, helped deliver the world's largest cloud security network that led to the $600M acquisition by Cisco. Prior to OpenDNS, Dan was CTO at Websense, led R&D, launched the Websense Security Labs, and was instrumental in the company's success from early days through successful IPO. Dan owns several patents in the areas of data classification and cloud security and is a frequent speaker at security conferences globally.

Published Wednesday, December 19, 2018 7:19 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2018>