As more organizations shift data and workloads to the cloud, many are relying on containers—units of software that package code and its dependencies so that applications run reliably when moving from one computing environment to another. Containerization is heralded as a robust technology for deploying applications and services in a secure manner, says Cole McKnight, cloud architect in the Genetics and Biochemistry Department at Clemson University.
Container engines such as Docker and Singularity provide a way to implement and distribute the best-practice security policies for a given application, in lieu of relying on individual users to configure a secure installation, McKnight says. “Container orchestration platforms such as Kubernetes, Mesos or Docker Swarm have integrated security mechanisms that are specific to deploying and executing containers,” McKnight says. “The result is an easily configurable ecosystem for developing and deploying containers.”
While these technologies abstract a lot of the complexity traditionally involved in delivering secure applications and services, some development teams interpret this possibility of security as a guarantee, McKnight says. The problem is, container implementation is not foolproof, and the mistakes teams make when using them can create rather than address security issues.
1. Focusing too much on the containers themselves
“The most common mistake when implementing secure containers is to focus solely on the container itself,” McKnight says. Maintaining best practices for the security of an image is important, he says, but developers commonly focus heavily on the security of an image without considering the execution environment.
