The most popular and comprehensive Open Source ECM platform
Is container security a problem? Not really. But the nature of containers mean that container security needs to be done carefully and early in an implementation.
Container and non-container security issues that arise are actually not so different. For example, one of the biggest problems in both types of environments is simply ignoring security, like keeping default security permissions.
But the complexity of automated environments that use containers mean that if security of the underlying components aren’t properly configured, they can cause problem that are harder to find and much harder to correct later.
Amir Jerbi, co-founder and CTO of Aqua Security, told InformationWeek that “vulnerabilities in container images — running containers with too many privileges, not properly hardening hosts that run containers, not configuring Kubernetes in a secure way — any of these, if not addressed adequately, can put applications at risk.”
Richard Henderson, head of global threat intelligence for Lastline, said that “containers, while a boon to many developers and IT organizations, are just as susceptible to bugs and vulnerabilities as any other technology tool or platform. Keeping that in mind, it means we have to keep our eyes open for threats targeting the underlying products we’re using and make patching a critical imperative. Attackers waste no time exploiting issues that are disclosed.”