Next-Generation Cybersecurity: Containers and Orchestrators
Published on: May 14, 2019
Author: Johna Till Johnson, Founder & CEO
Developers are increasingly moving towards a coding paradigm based on DevOps and Agile methodologies and relying on public and private cloud infrastructure. This DevOps/cloud paradigm in turn is based on the software constructs of containers (self-contained application environments like Docker) and orchestrators (the container-management and administration engines like Kubernetes).
Containers with associated orchestrators offer many benefits, including streamlining application build, deployment, and shipping processes; enabling faster and more effective testing; reducing infrastructure costs by enabling greater application density; improving portability; and writing code that more closely aligns with business requirements.
However, containers and orchestrators also introduce new potential cybersecurity vulnerabilities. Many of these vulnerabilities—such as privileged-account compromises, unauthorized access, and man-in-the-middle attacks—are familiar to most cybersecurity professionals. These fundamental vulnerabilities have simply been transposed to a containers/orchestrators environment. As with the majority of vulnerabilities, remediation is a matter of implementing the appropriate technology and configuration safeguards.
The challenge to cybersecurity professionals is that for many, software development is unfamiliar terrain. Even if they have solid coding chops (and most cybersecurity professionals don’t), software development hasn’t been a primary area of focus for the
cybersecurity team. Moreover, when containers were first introduced, the general perception was that they were “secure by nature,” and therefore would require very little cybersecurity overhead.
Making matters worse, most senior managers thought until recently that container/orchestrator security was a solved problem, even as their teams were aware it wasn’t. The recent spate of Kubernetes vulnerabilities has showcased the need for a cybersecurity initiative focused on containers and orchestrators.
This report brings cybersecurity professionals quickly up to speed in the fundamental concepts underlying containers and orchestrators, highlights some of the key vulnerabilities, and provides an overview of recommended fixes, including the tried-and-true trio of people, process, and technology.
Table of Contents
The Container Revolution
What is A Container?
Containers and the SDLC
Container Orchestration: Kubernetes
Management and configuration components
Container and Orchestrator Benefits
So What’s the Problem? Container and Orchestrator Risks
Container Cybersecurity Risks
Container image vulnerabilities
Container registry vulnerabilities
Orchestrator Cybersecurity Risks
Unbounded administrative access
Inter-container network traffic opacity
Orchestrator node trust
Solutions: Technology Providers
Solutions: Best Practices
You are currently viewing a preview of this content. Nemertes Clients, please log in for full access to all research content. If you are not a client, please click below to purchase access to this research report. We also invite you to become a client.