Access and Feeds

Containers and Security: Complexity Makes it Easy to Overlook Problems

By Dick Weisinger

Is container security a problem? Not really. But the nature of containers mean that container security needs to be done carefully and early in an implementation.

Container and non-container security issues that arise are actually not so different. For example, one of the biggest problems in both types of environments is simply ignoring security, like keeping default security permissions.

But the complexity of automated environments that use containers mean that if security of the underlying components aren’t properly configured, they can cause problem that are harder to find and much harder to correct later.

Amir Jerbi, co-founder and CTO of Aqua Security, told InformationWeek that “vulnerabilities in container images — running containers with too many privileges, not properly hardening hosts that run containers, not configuring Kubernetes in a secure way — any of these, if not addressed adequately, can put applications at risk.”

Richard Henderson, head of global threat intelligence for Lastline, said that “containers, while a boon to many developers and IT organizations, are just as susceptible to bugs and vulnerabilities as any other technology tool or platform. Keeping that in mind, it means we have to keep our eyes open for threats targeting the underlying products we’re using and make patching a critical imperative. Attackers waste no time exploiting issues that are disclosed.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*