Cloud containers are lightweight, self-contained packages of software containing elements such as binaries, application code, configuration files and libraries.
They allow applications to be abstracted from the environments in which they run, enabling the software they contain to run on any operating system. Platforms such as Docker and Kubernetes have brought this flexible tool to organisations across the world.
Containers have been successful for several very good reasons:
They can run almost anywhere, across multiple operating systems, in the cloud or on physical premises, offering flexibility.
They offer clear separation for developers, enabling them to focus on the applications side while operations teams run deployment and management.
They are easily scalable and can be managed en masse by orchestration engines (such as Kubernetes).
By virtualizing processing, memory and resources at operating system level, they allow developers to isolate the operating system from other applications.
As a result, containers can transform the way infrastructure is deployed, software developed and applications updated, and are particularly well suited to today’s world of remote work.
Containers are quietly taking over the world
Cloud adoption in general is skyrocketing: in Australia, the market is expected to rise 12.5% and be worth $14.1 billion by 2025. Gartner predicts that this year 70% of organisations will use containerized apps. Kubernetes had 5.6 million users last year, with 10% of the respondents to its last survey hailing from Australia or Oceania.
But where processes go, cyberattackers follow, and the increased use of containers has been mirrored by growing cybersecurity concerns. Today, containers are one of the cloud’s biggest security risks. Research suggests that 94% of container-using organisations have had to deal with a security incident related to containers in the last year, with misconfigurations the biggest worry, followed by attacks and vulnerabilities.
The worst-case scenario for most organisations is a security breach that exposes personal data. The compromise of a single container can offer criminals a route into your network that conventional security tools will struggle to close off, and the financial impact of downtime, response, regulatory penalties and reputational damage can be existential. But smaller issues have an impact too, with deployment slowed for remediation, troubleshooting and further tests.
How criminals exploit cloud containers
Containers are a risk partly because of their growing ubiquity, but also because they face several distinct threats:
Criminals can manipulate the interactions between components, inject malware into code or images and even undertake crypto-mining.
Many container API servers allow access to the public internet, opening the orchestration engine up to attack.
Attacks can spread between different containers, especially if containers’ privileges are not limited.
Weak authentication can allow attackers access to the API server and change configurations. Careless application access settings can also open containers up to attack.
Containers are built using images and can be at risk from malware. This is a particular risk if images are reused rather than built as new – over 1600 malicious images were found last year on Docker Hub.
Containers are not built to store data, and sensitive information stored within them may be at risk. While most organisations are now savvier about this danger, in 2016 Twitter’s old video hub, Vine, had its entire source code stolen from a container image.
Mitigate cloud container threats by managing access
When it comes to cloud containers, CISOs must ensure that stakeholders understand the risks, and implement security accordingly.
Controlling access to containers is a critical firm step. Multi-factor and risk-based authentication offer robust controls, and the principle of least privilege can limit the damage individual users can do, and the risk of sensitive data being exposed. Controls should also manage access to registry images and API servers’ should use strict credential management. Default configurations are always worth reviewing: they rarely offer the protection of customised settings.
Scan, audit and test to mitigate risk
Your container registry of code, files, libraries, binaries and images should be audited and scanned to detect malware, with the entire image checked by a container scanner that can assess the contents and flag any insecure components. A further way to minimise the risks surrounding images is to check the source: unofficial registries can be problematic and, as noted, numerous images from the popular Docker Hub have been found to contain vulnerabilities or malware.
Friendly humans can cause damage too, and AI-based configuration management can limit the damage. A containerized-next-generation-firewall, which can stop malware spreading across your network or exfiltrating data. Other measures include ensuring run-time software is fully updated and patched, using third-party tools to detect security issues in your container orchestrator and ensuring nodes (the virtual machines in which containers sit) are secured.
Container security is a significant security risk
Cloud containers are getting impossible to ignore – and businesses should not neglect their security. If APIs and access controls are not properly managed, and code and images are not consistently scanned, this cloud innovation could see your data pour into the hands of cybercriminals. Organisations must continually work to assess and mitigate these issues if they are to get the benefits of containers without letting cyberattackers profit.