Container technology promises greater agility and efficiency when it comes to building and deploying applications—a critical ability in this age of zero tolerance for downtime and great expectations for capabilities on demand. Indeed, containers can provide a technological edge that translates into significant business advantage, but some companies have been leery about adopting the technology because of (very valid) security fears stemming from the way in which containers interact with the OS: Containers share system resources for access to compute, networking and storage, but, unlike virtual machines, all containers on the same host share the same OS kernel. If the kernel is compromised, containers will be compromised--and vice versa.
The risk that comes with containers is real, but so are the rewards. In this session, we will explain the security vulnerabilities of containers, and recommend how companies can mitigate that risk using a combination of people (training), processes and products, including:
- Know what’s inside: Download and deploy containers only from trusted sources.
- Understand that containers don’t contain: Containers only improve the isolation of applications; privileged processes inside a container must be treated the same way they would be outside of them.
Use a hardened operating system: OSes like SELinux can provide a security framework to help isolate Linux containers and support higher levels of security.