Containers have become a staple among large banks and financial services firms, which have used the technology in production. It has captured the attention of the broader market, that hopes to achieve the same technology benefits of improved application delivery and run-time efficiencies.
This modular plug-and-play architecture is more scalable and can deliver more power to the application in a specific area. Any technology requires a thorough security assessment to ensure associated risks are identified and weighed against an enterprise’s appetite for risk. When approaching the risk-tolerance threshold for containers, additional controls may be necessary to mitigate the risk to acceptable levels. There are essentially three broad categories of risk to consider when using containers.
1. Attack Surface
There are many different objects to track, and a noted lack of visibility into how those objects are manipulated. This means a focus on user authentication and authorization, container activity lockdown and image detection and prevention are required.
2. Shared Kernel
All applications generally share the same Linux kernel. This is one of the key benefits of containers from a DevOps perspective, since containers take seconds to run. Whereas, minutes are required to spin up and spin down a virtual machine. This places an emphasis on the integrity or assurance of the image.
3. Vulnerabilities
There is a risk that any vulnerabilities introduced during a development cycle may be exploited by attackers, including malicious insiders.
Register for the webinar, “Containers and data security: what you need to know.”
The big challenge for sy ..
Support the originator by clicking the read the rest link below.
