Containerisation: Why Traditional Security will End in Tears

Manoj Taskar

Containerisation, which was once considered to be the ‘geek’s’ topic’, has now become a major focal point for the IT enterprise security team. It has also emerged as a preferred foundation of DevOps and an answer to many deep-rooted operational issues.

Though very similar to virtualisation, containerisation platforms can offer improvements of 10x to 100x in application density per physical server, which is an unprecedented benefit as compared to virtualisation.

Containers are smaller and more efficient avatars of virtual machines (VMs) and can run on almost any computer, infrastructure or cloud. In fact, hundreds of containers can run on one server, leading to significant savings on data-center resources and cost.

Containerisation in the Production Environment

Until a year ago, the adoption of this nascent technology had been slow; however, because of its growing relevance in the market and quick maturation process, containerised platforms like Docker have already been widely accepted in production environments.

Recent statistics from Datadog, a monitoring and analytics platform company, indicate that the number of containers running in production have gone up five times in nine months after initial deployment. Their research was based on a sample of 10,000 companies and tracked real usage, not just anecdotally-reported usage.

Another research study from DevOps.com and ClusterHQ says that 79 per cent of responding organisations run Container technologies, with 76 per cent of them in production environments. This represents a significant advance from last year where only 38 per cent of respondents had deployed Containers in production.

Adoption of containerisation technologies is clearly exploding as organisations look to accelerate innovation cycles and reduce time-to-market windows.

Are they Secure Enough?

No, not yet. Although containerisation delivers numerous benefits, it also introduces new security risks, which are impossible to identify and quantify using traditional security tools. The rapid development and deployment of Containers, combined with their relatively short life cycles, make it difficult for security teams to effectively monitor and detect container-based vulnerabilities.

According to the Tenable Network Security2017 Global CyberSecurity Assurance Report Card, only 52 per cent of responding security professionals felt that their organisation had a handle on how best to assess risks within container environments.

One of the biggest and unique issues associated with Containers is that they exist for short periods of time. They can start up or shut down quickly, running for just a few days or even a few hours. They can be deleted and replaced quickly, too.

Worse still, containers are usually not scanned for vulnerabilities before or after being deployed to production. Practitioners thus feel that Containers are less secure as compared to VMs.

Why Traditional Security Dawdles

Organisations have struggled to continuously assess Docker containers or similar platforms simply because the traditional security solutions fall short in assessing vulnerabilities in such a hyperdynamic environment. Traditional network-based security simply won’t suffice in the new app-centric enterprise.

The only way to ensure security in production is to rule out possible container-based vulnerabilities during the development lifecycle and prior to production. Besides, security teams will need real-time, on-the-fly security auditing in the development pipeline itself.

Organisations need to have continuous monitoring early in the DevOps lifecycle, much before the application is actually launched. Unfortunately, only 57 per cent of Infosec professionals have an ability to assess security tools used during the DevOps process in their organisations, according to Tenable research.

It’s going to be even more challenging for security teams when more enterprises migrate their existing apps and customer-facing apps into container environments. Traditional security controls, designed for physical servers and then for VMs, will need to evolve and adapt to the emerging container environments. With the DevOps teams having a larger say in networking and infrastructure security tools, security teams will need new skills and a different approach in the future.

(Manoj Taskar is Country Manager (India & SAARC), Tenable Network Security. Views expressed here are of the author and CyberMedia does not necessarily endorse them.)