Containers are not simple applications that run on the fly. Containers are the matrix of the IT infrastructure. Most IT professionals still struggle to understand containers, and some security practitioners find it difficult to provide appropriate security controls for them. As a result, containers are becoming environments that are difficult to properly defend.
Containers, by their very nature, may be the most vulnerable thing in IT when it comes to security. There are numerous security arsenals, controls and requirements that need to be put in place to maintain a secure container infrastructure environment. From the security architecture perspective, it would be very useful to focus on the most critical and tricky questions to understand and assess the security of the containerised environment and applications. Below are 19 questions that need to be asked. And, it is assumed that you already know the correct answers to these questions when you perform your security assessment.
The Most Critical Questions For Containers
- How is network zoning of clusters, namespaces and deployments, and their traffic defined and managed across the container infrastructure?
- How is secrets management handled?
- How is PKI handled throughout the environment?
- How are all logs including instantaneous state of containers collected and managed?
- How is the role description of the entire cluster user management defined?
- How and at what levels is image security provided?
- How are container and user privileges controlled?
- How are interactive users and administrators are managed and authenticated?
- How are registries and repositories handled?
- How are containers and workloads with different sensitivity levels are maintained in cluster or in container environment instances?
- How is the network traffic secured?
- How are application-level attacks handled?
- How is vulnerability management handled for the entire environement and its underlying components?
- How is runtime security maintained?
- Is the containerised application in its own cluster or does it share a cluster?
- How are the containerised application components layered?
- Is the containerised application open to (inbound) internet traffic?
- Is the containerised application a part of a traditional application?
- How is the containerised application segmented or isolated from other applications in the cluster?
* For the container security controls and hardening tips, you can also check this post.