lolloj - Fotolia
Overcoming container security issues is a challenge, but with the right strategies and tools, IT administrators can address vulnerabilities.
Organizations are adopting containers in growing numbers. Container revenue is expected to increase from $1.5 billion in 2018 to $2.7 billion by 2020, according to 451 Research. Containers are gaining traction in organizations because they provide developers with agility and flexibility.
Like any new technology, containers also present businesses with security concerns. Startup suppliers are trying to deal with vulnerabilities, but their work is in an embryonic stage. Until the market matures, organizations should implement best practices to protect sensitive information.
An inaccurate security picture
At first blush, containers seem secure. Like VMs, containers run above the OS, so they seem to be logically isolated from other pieces of code and, therefore, immune to the tricks that hackers typically use to compromise systems. Also, containers are very small pieces of code; their life spans are brief, so the window to inject malware is short.
But such assumptions are inaccurate. Containers are susceptible to traditional malware attacks, such as application exploits, network attacks and phishing scams. In fact, hackers have already found a few ways to attack containers.
The bad guys try to worm their way into the container to attempt to gain administrator privileges, according to Dan Blum, managing partner and principal consultant at Security Architects Partners. If they can get administrative access to one container, they can take control of the entire host and steal data or other assets, such as hardware resources, from other containers.
Such container security issues have already been found. In January 2017, Docker patched a privilege escalation vulnerability that could have led to container escapes, enabling a hacker to compromise a host from inside a container. This vulnerability, which earned a high-severity rating, stemmed from a bug found in the code used in several container engines.
An open source problem
Secondly, the software inside the container might be tainted.
"In many cases, businesses rely on open source code and, in some cases, it has flaws," said Neil MacDonald, vice president and distinguished analyst at Gartner.
Sometimes, the problems are only discovered long after the code has been implemented. For instance, a Linux kernel vulnerability dubbed Dirty Cow allowed access to Linux-based OSes and went undetected for nine years.
Many commercial platforms rely on open source, leaving themselves open to vulnerabilities. In January 2019, Cisco discovered a container vulnerability stemming from its use of open source software in its SD-WAN platform.
Help is on the way
A number of startups are building tools designed to address container security issues. Aqua Security, NeuVector StackRox, Tenable.io and Twistlock are among the vendors selling such platforms.
In addition, companies can follow best practices to protect their software. But first, they must take a close look at their container system hierarchy and get a clear picture of where potential vulnerabilities lie.
Organizations must also track changes more closely. As containers move through the development process, companies must scan the software to ensure that changes only come from authorized individuals.
Businesses can also include a thin OS -- a hardened system -- in their containers. This step limits the potential attack surface.
Organizations shouldn't include security information inside the container.
"Sometimes, programmers put encryption key information into a container," Blum said.
Finally, organizations must understand potential container security issues. Right now, container security is in a fledgling state.
"We experienced similar security issues when virtualization first took root years ago," McDonald said. "Initially, there were a lot of holes, but the industry eventually identified and patched them, so now firms feel confident that their virtualization systems are secure."