This is the final post in our four-part series on security in the cloud. In part one, we discussed the AWS shared responsibility model; in part two, we discussed detecting, prioritizing, and remediating vulnerabilities in the cloud; and in part three, we explained how to handle misconfigurations in the cloud. In our final post, we’ll explain how to secure containers, applications, and serverless environments.
Securing containers in the cloud
Containers are not exclusively cloud-centric, but because they are often found in cloud environments, we decided it made sense to cover them as part of our series on cloud security. Since containers came onto the market, they have fundamentally changed the way organizations build, test, and deploy their applications. While they’re great for helping DevOps teams build and deliver applications in a fraction of the time, security and IT professionals are often not involved in decisions about if and how to use containers. And when they do stumble across them, security professionals inevitably wonder what level of risk they introduce and how the team can get better visibility. If the security team has no way to monitor and scan containers, how can they guarantee a certain level of security?
The good news is that you can get visibility with minimal impact on factors like speed of deployment that make containers so appealing to developers. To do this, you need the ability to identify containers in your environment, as well as assess container images for vulnerabilities during the build process (before they’re deployed).
You can co ..
Support the originator by clicking the read the rest link below.
